{ "info": { "author": "Ross Patterson", "author_email": "me@rpatterson.net", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": ".. -*-doctest-*-\n\n==========================\ncollective.securitycleanup\n==========================\n\n.. contents::\n\nWARNING: Backup your ZODB before using this package!\n\nThe Zope 2 security framework is very powerful and one of it's greatest\nstrengths. A lot of it's power comes from it's flexibility. Exposing\nthat power to site adminsitrators often ends up giving them enough\nrope to hang themselves with. This is exactly what the \"Security\" tab\nin the ZMI does.\n\nIn many cases, a site admin or consultant is faced with the daunting\ntask of restoring all the security settings throughout the Zope\nobject heirarchy in order to bring sanity and predictability back to\nthe site. The collective.securitycleanup package provides\nGenericSetup handlers for restoring the role mappings and local roles\nback to their defaults. This handler can be used in combination\nwith existing handlers to set role mappings and to re-apply workflow\nsecurity settings to help start the process of security cleanup.\n\nThe clean up is performed on all ancestors including the Zope\napplication root and by walking down the heirarchy to all descendants.\nThis means all descendents of the context the handler is used on and\nall ancestors of the context including the root will be cleaned up.\nIt will not clean up siblings or anything else that is not a direct\nancestor to the context.\n\nThe clean up removes all permission settings stored on the instance\nwhich effectively restores them to code defaults. The clean up also\nremoves all local roles except the \"Owner\" role for the user returned\nby OFS.interfasces.IOwned.getOwnerTuple() if already assigned. If the\nobject is CMF content with the creators field, the creator is\nsynchronized with the owner. Finally, if the context is a CMF portal,\nthe workflow roles mappings will be updated for the whole portal.\n\nUse of this tool will likely only ever be a starting point. So be\nsure to test thoroughly before deploying to your production server and\nbackup your ZODB before using it.\n\nStart with Modified Security Settings\n=====================================\n\nStart with a Zope app some of whose role mappings have been changed\nfrom the code defaults. The app also has local roles.\n\n >>> app\n \n >>> app.permission_settings('Modify portal content')[0]['acquire']\n ''\n >>> app.rolesOfPermission('Modify portal content')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': 'SELECTED', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Owner'}]\n >>> app.get_local_roles()\n (('test_user_1_', ('Owner',)),)\n\nThe app contains a folder some of whose role mappings don't acquire\nand have roles assigned and likewise has local roles.\n\n >>> app.folder\n \n >>> app.folder.permission_settings(\n ... 'Add portal content')[0]['acquire']\n ''\n >>> app.folder.rolesOfPermission('Add portal content')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': 'SELECTED', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Owner'}]\n >>> app.folder.get_local_roles()\n (('test_user_1_', ('Manager',)),)\n \nThe folder also contains a CMF portal which is where the setup\nhandlers will be applied. The portal itself also has changed security\nsettings.\n\n >>> portal\n \n >>> portal.permission_settings(\n ... 'Review portal content')[0]['acquire']\n ''\n >>> portal.rolesOfPermission('Review portal content')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Member'},\n {'selected': 'SELECTED', 'name': 'Owner'},\n {'selected': '', 'name': 'Reviewer'}]\n >>> portal.get_local_roles()\n (('portal_owner', ('Owner',)),\n ('test_user_1_', ('Member',)))\n\nThe portal also contains a folder with a document in it both of which\nalso have modified security settings.\n\n >>> portal.folder\n \n >>> portal.folder.permission_settings(\n ... 'Add portal folders')[0]['acquire']\n ''\n >>> portal.folder.rolesOfPermission('Add portal folders')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Member'},\n {'selected': '', 'name': 'Owner'},\n {'selected': 'SELECTED', 'name': 'Reviewer'}]\n >>> portal.folder.get_local_roles()\n (('portal_owner', ('Owner',)),\n ('test_user_1_', ('Reviewer',)))\n\n >>> portal.folder.document\n \n >>> portal.folder.document.permission_settings(\n ... 'Copy or Move')[0]['acquire']\n ''\n >>> portal.folder.document.rolesOfPermission('Copy or Move')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': 'SELECTED', 'name': 'Member'},\n {'selected': '', 'name': 'Owner'},\n {'selected': '', 'name': 'Reviewer'}]\n >>> portal.folder.document.get_local_roles()\n (('portal_owner', ('Owner',)),\n ('test_user_1_', ('Owner',)))\n >>> portal.folder.document.listCreators()\n ('test_user_1_',)\n\nRun the Handler\n===============\n\nThe profile contains the collective.securitycleanup.txt file signaling\nthat the setup handler should run for that profile.\n\n >>> import os\n >>> from collective import securitycleanup\n >>> os.path.exists(os.path.join(\n ... os.path.dirname(securitycleanup.__file__),\n ... \"profiles\", \"default\", \"collective.securitycleanup.txt\"))\n True\n\nImport the profile.\n\n >>> portal.portal_setup.runAllImportStepsFromProfile(\n ... 'profile-collective.securitycleanup:default')\n {...collective.securitycleanup...\n\nSecurity Settings are Restored to Defaults\n==========================================\n\nNow all the security settings have been restored to the defaults while\npreserving the Owner local role as appropriate.\n\n >>> app.permission_settings('Modify portal content')[0]['acquire']\n ''\n >>> app.rolesOfPermission('Modify portal content')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Owner'}]\n >>> app.get_local_roles()\n ()\n\n >>> app.folder\n \n >>> app.folder.permission_settings(\n ... 'Add portal content')[0]['acquire']\n 'CHECKED'\n >>> app.folder.rolesOfPermission('Add portal content')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Owner'}]\n >>> app.folder.get_local_roles()\n () \n\n >>> portal\n \n >>> portal.permission_settings(\n ... 'Review portal content')[0]['acquire']\n 'CHECKED'\n >>> portal.rolesOfPermission('Review portal content')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Member'},\n {'selected': '', 'name': 'Owner'},\n {'selected': '', 'name': 'Reviewer'}]\n >>> portal.get_local_roles()\n (('portal_owner', ('Owner',)),)\n\n >>> portal.folder\n \n >>> portal.folder.permission_settings(\n ... 'Add portal folders')[0]['acquire']\n 'CHECKED'\n >>> portal.folder.rolesOfPermission('Add portal folders')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Member'},\n {'selected': '', 'name': 'Owner'},\n {'selected': '', 'name': 'Reviewer'}]\n >>> portal.folder.get_local_roles()\n (('portal_owner', ('Owner',)),)\n\n >>> portal.folder.document\n \n >>> portal.folder.document.permission_settings(\n ... 'Copy or Move')[0]['acquire']\n 'CHECKED'\n >>> portal.folder.document.rolesOfPermission('Copy or Move')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Member'},\n {'selected': '', 'name': 'Owner'},\n {'selected': '', 'name': 'Reviewer'}]\n >>> portal.folder.document.get_local_roles()\n (('portal_owner', ('Owner',)),)\n >>> portal.folder.document.listCreators()\n ('portal_owner',)\n >>> portal.folder.document.rolesOfPermission('View')\n [{'selected': '', 'name': 'Anonymous'},\n {'selected': '', 'name': 'Authenticated'},\n {'selected': 'SELECTED', 'name': 'Manager'},\n {'selected': '', 'name': 'Member'},\n {'selected': 'SELECTED', 'name': 'Owner'},\n {'selected': '', 'name': 'Reviewer'}]\n\nChangelog\n=========\n\n0.3 - 2009-01-29\n----------------\n\n* Synchronize CMF creators with Zope owner\n* Update CMF workflow mappings\n\n0.2 - 2008-12-01\n----------------\n\n* Documentation fixes\n\n0.1 - 2008-11-30\n----------------\n\n* Initial release", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://pypi.python.org/pypi/collective.securitycleanup", "keywords": "", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "collective.securitycleanup", "package_url": "https://pypi.org/project/collective.securitycleanup/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/collective.securitycleanup/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://pypi.python.org/pypi/collective.securitycleanup" }, "release_url": "https://pypi.org/project/collective.securitycleanup/0.3/", "requires_dist": null, "requires_python": null, "summary": "GenericSetup handlers to restore Zope security to defaults", "version": "0.3" }, "last_serial": 845328, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "2fe1fc360cb59dd9fe8973a593709277", "sha256": "4b9eff3b0359aaff4a29b4d92f65f928e8ef731e362962716792d91d7adce6c6" }, "downloads": -1, "filename": "collective.securitycleanup-0.1.tar.gz", "has_sig": false, "md5_digest": "2fe1fc360cb59dd9fe8973a593709277", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8419, "upload_time": "2008-11-30T09:16:07", "url": "https://files.pythonhosted.org/packages/37/ea/4a799969e6daf812fa808a27136bc02f1f90993439fd326c561c767fcaed/collective.securitycleanup-0.1.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "755e4ca3912c81e7e73c7d543814decc", "sha256": "d9e9df167b22faef6bd74ffc126f68eedd9b84e24d8c7ef97fd1e7f3c9341c08" }, "downloads": -1, "filename": "collective.securitycleanup-0.2.tar.gz", "has_sig": false, "md5_digest": "755e4ca3912c81e7e73c7d543814decc", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8506, "upload_time": "2008-12-01T18:23:33", "url": "https://files.pythonhosted.org/packages/b3/98/0693a810bce65eada9db9bb6da9ff3283b4d5d89b38e993b42ff67bf12ed/collective.securitycleanup-0.2.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "3e264a1cd349a9ec19c95f30f280834b", "sha256": "ed71b73ff6c201a7fa87a639395023814916ab99b43c6bb5b0a1185a36b2d311" }, "downloads": -1, "filename": "collective.securitycleanup-0.3.tar.gz", "has_sig": false, "md5_digest": "3e264a1cd349a9ec19c95f30f280834b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8837, "upload_time": "2009-01-30T03:00:42", "url": "https://files.pythonhosted.org/packages/71/6a/5f382d6e644ac8c09adf7a2bf31449d89ffb6540d5f6e0bfc8d53fc095c3/collective.securitycleanup-0.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "3e264a1cd349a9ec19c95f30f280834b", "sha256": "ed71b73ff6c201a7fa87a639395023814916ab99b43c6bb5b0a1185a36b2d311" }, "downloads": -1, "filename": "collective.securitycleanup-0.3.tar.gz", "has_sig": false, "md5_digest": "3e264a1cd349a9ec19c95f30f280834b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8837, "upload_time": "2009-01-30T03:00:42", "url": "https://files.pythonhosted.org/packages/71/6a/5f382d6e644ac8c09adf7a2bf31449d89ffb6540d5f6e0bfc8d53fc095c3/collective.securitycleanup-0.3.tar.gz" } ] }