|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
1 |
Security Policy in Launchpad |
2 |
============================ |
|
3 |
||
4 |
Zope 3 is a security-aware framework that makes it possible to develop complex |
|
5 |
applications with security policies that closely resemble the reality that the |
|
6 |
system is trying to model. |
|
7 |
||
8 |
This document is about security policy in Launchpad. |
|
9 |
||
10 |
Defining Permissions in Launchpad |
|
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
11 |
--------------------------------- |
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
12 |
|
|
12314.2.7
by Jonathan Lange
Fix up "severe" warning. |
13 |
**NOTE: A new permission should only be defined if absolutely necessary, and |
14 |
it should be considered thoroughly in a code review.** |
|
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
15 |
|
16 |
Occassionally, you'll find yourself in a situation where the existing |
|
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
17 |
permissions in Launchpad aren't enough for what you want. For example, as I |
18 |
was writing this document I needed a permission I could attach to things to |
|
19 |
provide policy for who can view a thing. That is, I wanted a permission called |
|
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
20 |
launchpad.View. |
21 |
A new permission (see the NOTE above) is defined in Launchpad in the file |
|
22 |
lib/canonical/launchpad/permissions.zcml. So, to define the permission |
|
23 |
launchpad.View, we'd add a line like this to that file: |
|
24 |
||
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
25 |
<permission id="launchpad.View" title="Viewing something" |
26 |
access_level="read" /> |
|
27 |
||
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
28 |
|
29 |
Defining Authorization Policies for Permissions |
|
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
30 |
----------------------------------------------- |
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
31 |
|
32 |
Once you've defined a permission, you'll probably want to define some logic |
|
33 |
somewhere to express the authorization policy for that permission on a certain |
|
34 |
interface. |
|
35 |
||
36 |
In Launchpad, an authorization policy is expressed through a security adapter. |
|
37 |
To define a security adapter for a given permission on an interface: |
|
38 |
||
39 |
1. Define the adapter in lib/canonical/launchpad/security.py. Here's a simple |
|
40 |
example of an adapter that authorizes only an object owner for the |
|
|
12392.1.1
by Jonathan Lange
Fix restructured text errors. |
41 |
launchpad.Edit permission on objects that implement the IHasOwner interface:: |
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
42 |
|
43 |
class EditByOwner(AuthorizationBase): |
|
44 |
permission = 'launchpad.Edit' |
|
45 |
usedfor = IHasOwner |
|
46 |
||
|
7055.2.1
by Michael Hudson
well, that was wrong |
47 |
def checkAuthenticated(self, person): |
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
48 |
"""Authorize the object owner.""" |
49 |
if person.id == self.obj.owner.id: |
|
50 |
return True |
|
51 |
||
52 |
Read the IAuthorization interface to ensure that you've defined the adapter |
|
53 |
appropriately. |
|
54 |
||
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
55 |
2. Declare the permission on a given interface in a zcml file. So, for the |
56 |
above adapter, here's how it's hooked up to IProduct, where IProduct is |
|
|
12392.1.1
by Jonathan Lange
Fix restructured text errors. |
57 |
protected with the launchpad.Edit permission:: |
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
58 |
|
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
59 |
<class |
60 |
class="lp.registry.model.product.Product"> |
|
61 |
<allow |
|
62 |
interface="lp.registry.interfaces.product.IProductPublic"/> |
|
63 |
<require |
|
64 |
permission="launchpad.Edit" |
|
65 |
interface="lp.registry.interfaces.product.IProductEditRestricted"/> |
|
66 |
<require |
|
67 |
permission="launchpad.Edit" |
|
68 |
set_attributes="commercial_subscription description"/> |
|
69 |
</class> |
|
|
1289
by Canonical.com Patch Queue Manager
security documentation and the first chunk of work on bug privacy |
70 |
|
|
7055.2.1
by Michael Hudson
well, that was wrong |
71 |
In this example, the EditByOwner adapter's checkAuthenticated method will be |
|
12098.1.2
by Curtis Hovey
Updated the security doc to explain how security is defined and registered. |
72 |
called to determine if the currently authenticated user is authorized to |
73 |
access whatever is protected by launchpad.Edit on an IProduct. |