Security
Bases: grokcore.component.components.GlobalUtility
Bases: object
Check user credentials using PAM infrastructure
Bases: dict
Bases: object
Bases: martian.directive.Directive
Use this directive in a class in order to set it’s attribute’s permissions.
Bases: zope.securitypolicy.zopepolicy.ZopeSecurityPolicy
A Security Policy represents an interaction with a principal and performs the actual checks.
The default zope security system depends on keeping the current interaction in a thread local variable. OMS is based on the twisted async model and thus we avoid setting the current interaction within the current thread, as it could be used by different callbacks in the reactor.
We rely on a custom checker (see opennode.oms.security.checker) for embedding the interaction inside the security proxy itself; however in some cases we need to use security proxies which are created by other libraries (like secured adapters created for IPrincipalRoleManager) and in that cases we need to temporarily setup an interaction for the current thread, but we have to avoid that it leaks out to other coroutines.
For that end, we extend ZopeSecurityPolicy in such a way that it can be used as:
>>> with interaction:
... primrole = IPrincipalRoleManager(obj)
... primrole.getRolesForPrincipal(id)
... # ...
The with context guard will ensure that the function containing this construct is not a generator, because using it in a defer.inlineCallbacks method will result in leaking the interaction to other goroutines.
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: grokcore.security.components.Permission
Bases: zope.securitypolicy.role.Role
Oms roles act as permissions