Mercurial Repository: p/roundup/code: roundup/security.py comparison

comparison roundup/security.py @ 8472:224ccb8b49ca

refactor: change some classes to use __slots__ Speed up access to and reduce size of some low level classes. A few classes in security.py, rest.py are heavily used. But for all, it prevents adding random properties to lower level classes that people shouldn't be mucking with. While doing this I found some test cases accessing an invalid property name and this change caused the cases to crash. admin.py: Use new method Role.props_dict() and Permission.props_dict() where original code just referenced __dict__ when printing Role/Permission. mlink_expr.py: Add slots to multiple classes. Classes Binary and Unary set real properties/attributes. Classes that inherit from them (Equals, Empty, Not, Or, And) define empty slots tuple to eliminate need for __dict__. Class Expression also gets a slot. rate_limit.py: RateLimit and Gcra classes get slots. A couple of pep8 fixes: sort imports, remove trailing spaces on a line, remove unused noqa comment. rest.py: Add slots to class SimulateFieldStorageFromJson and FsValue classes. The memory savings from this could be useful as well as speedier access to the attributes. security.py: Add slots to Permission class. To prevent conflict between slot limit_perm_to_props_only and the class variable of the same name, rename the class variable to limit_perm_to_props_only_default. Also define method props_dict() to allow other code to get a dict to iterate over when checking permissions. Add slots to class Role along with props_dict() method. Add slots to class Security. Also have to add explicit __dict__ slot to support test override of the hasPermission() method. Add props_dict() method, currently unused, but added for symmetry. support.py: TruthDict and PrioList gets slots. test/test_cgi.py: Fix incorrect setting of permission property. Was setting permissions. So testing may not have been doing what we thought it was. Multiple places found with this typo. Remove setting of permissions in some places where it should have no effect on the test and looks like it was just copypasta. test/test_xmlrpc.py Remove setting of permissions in some places where it should have no effect on the test and looks like it was just copypasta.

author	John Rouillard <rouilj@ieee.org>
date	Mon, 03 Nov 2025 00:13:04 -0500
parents	43899d99fc4d
children	19152fd94fcf

comparison

equal deleted inserted replaced

-:8e72dc7b7f2f
+:224ccb8b49ca
 - description
 - klass (optional)
 - properties (optional)
 - check function (optional)
 - props_only (optional, internal field is limit_perm_to_props_only)
+default value taken from Permission.limit_perm_to_props_only_default.
 - filter function (optional) returns filter arguments for
 determining which records are visible by the user. The filter
 function comes into play when determining if a set of nodes
 found via a filter call of a class can be seen by the user --
 the normal way would be to call the permissions for each item
 db.security.set_props_only_default()
 with a True or False value.
 '''
-limit_perm_to_props_only = False
+__slots__ = (
+"_properties_dict",
+"check",
+"check_version",
+"description",
+"filter",
+"klass",
+"limit_perm_to_props_only",
+"name",
+"properties")
+limit_perm_to_props_only_default = False
 def __init__(self, name='', description='', klass=None,
 properties=None, check=None, props_only=None, filter=None):
 from roundup.anypy import findargspec
 self.name = name
 # b=Property(name="Edit", klass="issue", check=dummy,
 #     props_only=False)
 # a == b will be true.
 if props_only is None:
 self.limit_perm_to_props_only = \
-Permission.limit_perm_to_props_only
+Permission.limit_perm_to_props_only_default
 else:
 # see note on use of bool() in set_props_only_default()
 self.limit_perm_to_props_only = bool(props_only)
 else:
 self.limit_perm_to_props_only = None
 return True
 return False
 return check
+def props_dict(self):
+return {name: getattr(self, name) for name in self.__slots__}
 def test(self, db, permission, classname, property, userid, itemid):
 ''' Test permissions 5 args:
 permission - string like Edit, Register etc. Required, no wildcard.
 classname - string like issue, msg etc. Can be None to match any
 class.
 ''' Defines a Role with the attributes
 - name
 - description
 - permissions
 '''
+__slots__ = ("_permissions", "description", "name")
 def __init__(self, name='', description='', permissions=None):
 self.name = name.lower()
 self.description = description
 # This is a dict of permission names each containing a dict of
 # *class names*, with a special entry for non-class permissions
 for c in self._permissions[p]:
 for cond in (False, True):
 perm_list.extend(self._permissions[p][c][cond])
 perm_list.sort(key=lambda x: (x.klass or '', x.name))
 return perm_list
+def props_dict(self):
+return {name: getattr(self, name) for name in self.__slots__}
 def searchable(self, classname, propname):
 for perm_name in 'View', 'Search':
 # Only permissions without a check method
 if perm_name not in self._permissions:
 return True
 return False
 class Security:
+# __dict__ is needed to allow mocking of db.security.hasPermission
+# in test/test_templating.py. Define slots for properties used in
+# production to increase speed.
+__slots__ = ("__dict__", "db", "permission", "role")
 def __init__(self, db):
 ''' Initialise the permission and role classes, and add in the
 base roles (for admin user).
 '''
 self.db = weakref.proxy(db)       # use a weak ref to avoid circularity
 """
 for perm in self.filter_iter(permission, userid, classname):
 if not perm.filter:
 return False
 return True
+def props_dict(self):
+return {name: getattr(self, name) for name in self.__slots__}
 def roleHasSearchPermission(self, classname, property, *rolenames):
 """ For each of the given roles, check the permissions.
 Property can be a transitive property.
 """
 if props_only is not None:
 # NOTE: only valid values are True and False because these
 # will be compared as part of tuple == tuple and
 # (3,) == (True,) is False even though 3 is a True value
 # in a boolean context. So use bool() to coerce value.
-Permission.limit_perm_to_props_only = \
+Permission.limit_perm_to_props_only_default = \
 bool(props_only)
 def get_props_only_default(self):
-return Permission.limit_perm_to_props_only
+return Permission.limit_perm_to_props_only_default
 def addPermissionToRole(self, rolename, permission, classname=None,
 properties=None, check=None, props_only=None):
 ''' Add the permission to the role's permission list.

Mercurial > p > roundup > code

comparison roundup/security.py @ 8472:224ccb8b49ca