From 0815b1630c10249dfdf9cc03b9d91c0e97ecfc1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Fran=E7ois=20Roche?= <jfroche@affinitic.be>
Date: Fri, 14 Nov 2008 15:37:11 +0000
Subject: [PATCH] add SOAPAccess permission

---
 buildout.cfg              |  1 +
 setup.py                  |  1 +
 z3c/soap/README.txt       |  3 ++-
 z3c/soap/__init__.py      |  1 +
 z3c/soap/configure.zcml   |  9 +++++++++
 z3c/soap/metaconfigure.py | 25 +------------------------
 z3c/soap/permissions.py   | 18 ++++++++++++++++++
 z3c/soap/tests/soap.zcml  |  2 +-
 8 files changed, 34 insertions(+), 26 deletions(-)
 create mode 100644 z3c/soap/configure.zcml
 create mode 100644 z3c/soap/permissions.py

diff --git a/buildout.cfg b/buildout.cfg
index 916f4db..903f232 100644
--- a/buildout.cfg
+++ b/buildout.cfg
@@ -31,6 +31,7 @@ eggs =
     z3c.soap
 
 zcml =
+    z3c.soap
     z3c.soap-meta
 
 [test]
diff --git a/setup.py b/setup.py
index ff2e065..e6c1b25 100644
--- a/setup.py
+++ b/setup.py
@@ -29,6 +29,7 @@
       zip_safe=False,
       install_requires=[
           'setuptools',
+          'Products.CMFCore==2.1.1',
           'Products.PluggableAuthService==1.5.3',
           'ZSI'],
       entry_points="""
diff --git a/z3c/soap/README.txt b/z3c/soap/README.txt
index fbb3854..0554206 100644
--- a/z3c/soap/README.txt
+++ b/z3c/soap/README.txt
@@ -80,6 +80,7 @@ view for folder objects and call it on the root folder:
   ...
   ...   <include package="z3c.soap" file="meta.zcml" />
   ...   <include package="Products.Five" file="meta.zcml" />
+  ...   <include package="z3c.soap"/>
   ...
   ...   <soap:view
   ...       for="OFS.interfaces.IFolder"
@@ -87,7 +88,7 @@ view for folder objects and call it on the root folder:
   ...                echoFloat echoFloatArray echoStruct echoVoid echoBase64
   ...                echoDate echoDecimal echoBoolean ValidateEmailRequest"
   ...       class="z3c.soap.README.EchoView"
-  ...       permission="cmf.ManageProperties"
+  ...       permission="zope2.SOAPAccess"
   ...       />
   ...
   ...   <utility
diff --git a/z3c/soap/__init__.py b/z3c/soap/__init__.py
index 61fe8bb..a9fd808 100644
--- a/z3c/soap/__init__.py
+++ b/z3c/soap/__init__.py
@@ -2,3 +2,4 @@
 # This is a Python package.
 import HTTPRequest
 from patch import *
+from permissions import *
diff --git a/z3c/soap/configure.zcml b/z3c/soap/configure.zcml
new file mode 100644
index 0000000..678e7a9
--- /dev/null
+++ b/z3c/soap/configure.zcml
@@ -0,0 +1,9 @@
+<configure xmlns="http://namespaces.zope.org/zope"
+           i18n_domain="z3c.soap">
+
+  <permission
+      id="zope2.SOAPAccess"
+      title="SOAP Access"/>
+
+</configure>
+
diff --git a/z3c/soap/metaconfigure.py b/z3c/soap/metaconfigure.py
index 8dfc887..52ef201 100644
--- a/z3c/soap/metaconfigure.py
+++ b/z3c/soap/metaconfigure.py
@@ -18,8 +18,7 @@
 """
 
 from zope.interface import Interface
-from zope.security.checker import CheckerPublic #, Checker
-#from zope.location import Location
+from zope.security.checker import CheckerPublic
 from zope.component.interface import provideInterface
 from Products.Five.security import protectClass, protectName
 from zope.app.publisher.browser.viewmeta import _handle_for
@@ -64,19 +63,6 @@ def view(_context, for_=None, interface=None, methods=None,
     cdict = getSecurityInfo(class_)
 
     if name:
-        # Register a single view
-#        if permission:
-#            checker = Checker(require)
-#
-#            def proxyView(context, request, class_=class_, checker=checker):
-#                view = class_(context, request)
-#                # We need this in case the resource gets unwrapped and
-#                # needs to be rewrapped
-#                view.__Security_checker__ = checker
-#                return view
-#
-#            class_ = proxyView
-        cdict = getSecurityInfo(class_)
         cdict['__name__'] = name
         new_class = makeClass(class_.__name__,
                               (class_, BrowserView), cdict)
@@ -115,22 +101,13 @@ def view(_context, for_=None, interface=None, methods=None,
                 args = (new_class, attr, CheckerPrivateId))
 
     else:
-#        if permission:
-#            checker = Checker({'__call__': permission})
-#        else:
         for name in require:
-            # create a new callable class with a security checker; mix
-            # in zope.app.location.Location so that the view inherits
-            # a security context
             cdict.update({'__page_attribute__': name,
                           '__name__': name})
             new_class = makeClass(class_.__name__,
                                   (class_, ViewMixinForAttributes),
                                   cdict)
 
-            # in case the attribute does not provide a docstring,
-            # ZPublisher refuses to publish it.  So, as a workaround,
-            # we provide a stub docstring
             func = getattr(new_class, name)
             if not func.__doc__:
                 # cannot test for MethodType/UnboundMethod here
diff --git a/z3c/soap/permissions.py b/z3c/soap/permissions.py
new file mode 100644
index 0000000..16c12b3
--- /dev/null
+++ b/z3c/soap/permissions.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+"""
+z3c.soap
+
+Licensed under the GPL license, see LICENCE.txt for more details.
+Copyright by Affinitic sprl
+
+$Id$
+"""
+from AccessControl import ModuleSecurityInfo
+from Products.CMFCore.permissions import setDefaultRoles
+
+
+security = ModuleSecurityInfo('z3c.soap.permissions')
+
+security.declarePublic('SOAP Access')
+SoapAccess = 'SOAP Access'
+setDefaultRoles(SoapAccess, ('Authenticated', ))
diff --git a/z3c/soap/tests/soap.zcml b/z3c/soap/tests/soap.zcml
index 51acea9..067f2bc 100644
--- a/z3c/soap/tests/soap.zcml
+++ b/z3c/soap/tests/soap.zcml
@@ -4,7 +4,7 @@
 
   <include package="z3c.soap" file="meta.zcml"/>
   <include package="zope.app.security" file="meta.zcml"/>
- 
+  <include package="z3c.soap" />
   <soap:view
       name="test"
       class="zope.app.component.tests.views.V1"