{ "info": { "author": "Maurits van Rees", "author_email": "maurits@vanrees.org", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Framework :: Plone", "Framework :: Plone :: 4.3", "Framework :: Plone :: 5.0", "Framework :: Plone :: 5.1", "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7" ], "description": ".. This README is meant for consumption by humans and pypi. Pypi can render rst files so please do not use Sphinx features.\n If you want to learn more about writing documentation, please check out: http://docs.plone.org/about/documentation_styleguide.html\n This text does not appear on pypi or github. It is a comment.\n\n===================================\nExperimental Zope Publish Traverser\n===================================\n\nBe stricter about what gets published by Zope.\nPublishing here means: when a browser visits a url, you get a response back.\n\nSee discussions on a `dexterity pull request `_\nand a `CMFPlone issue `_.\n\nFeatures\n--------\n\nThis hooks into the default publish traverser of Zope.\nIt should work for repoze too, but that is not tested.\nIt works the same as the default publisher, but it is stricter in what it publishes.\n\nThe big difference is: an object will only be published if it has security assertions.\n\nIn other words: there must be a permission check.\nIf anyone can access the object without even checking if they have the ``View`` permission, then we refuse to show it.\n\n\nWhy use this?\n-------------\n\nSeveral security hotfixes for Plone have been released the past few years that have explicitly made objects unpublishable.\nAs anonymous user you could visit a url and get some information that you should not be able to see, and the hotfix fixed that.\n\nThis experimental package does **not** automatically fix all such issues.\nBut it provides a fix for **one** class of such issues: objects that are accessible for anyone without a security check.\n\nIt does **not** fix publishing objects that have a proper permission check but that should not be available for a browser after all.\nSeveral methods have proper permission checks so that only authorized users can use those functions from restricted code, like Python skin scripts or templates.\nBut when they also have a *docstring*, Zope by default allows them to be published, and not everyone realizes this.\nThis experimental package does not do anything about that: it has no way of knowing if publishing a properly protected method was intentional or not.\n\nNote that there are other ways to make objects publishable: browser views and namespace publishing are both explicit and good ways of making an object publishable, and they are not affected by this package.\n\n\nDoes it work?\n-------------\n\nTry adding ``/ZopeTime`` at the end of the url of your Plone Site.\nIt should fail to load.\n\n\nDetails\n-------\n\nGetting an object for publishing is done by the Zope ``BaseRequest`` class in its ``traverse`` method.\nIt has this code::\n\n adapter = queryMultiAdapter((object, self),\n IBrowserPublisher)\n if adapter is None:\n # Zope2 doesn't set up its own adapters in a lot\n # of cases so we will just use a default adapter.\n adapter = DefaultPublishTraverse(object, self)\n\nSo what we do is: register an adapter that gets picked up in this code.\nThe basis is this zcml registration::\n\n \n\nThis points to ``traverser.py`` where we have a ``StrictPublishTraverse`` class that inherits from one of these two classes::\n\n try:\n from repoze.zope2.publishtraverse import DefaultPublishTraverse\n except ImportError:\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n\nDue to inheritance, the ``StrictPublishTraverse`` class implements ``zope.publisher.interfaces.browser.IBrowserPublisher``, which is what we were after.\n\nThe class lets the original class do its work, returning an object and a path.\nBut then it does extra checks on the object:\n\n- Is its name in the list of ``KNOWN_NAMES``?\n Then we publish it.\n Currently this is only ``index_html``, which is a name that is used a lot, even when you don't see it in the url.\n\n- Is the object a method or function?\n Then we check if there are security assertions on it.\n So: do you need a role or permission to access this?\n If a role or permission is needed and the visitor does not have it, then this point will never be reached: an unauthorized error will already have been raised.\n If no role or permission is needed, then we do the change that is the only reason for the existence of this package: we refuse to publish this item.\n This will show as a '404 Not Found' error.\n\nIf you want to dive deeper into what happens internally when Zope publishes an object, see Martin Aspeli's excellent article on `Zope Secrets `_.\n\n\nOptions\n-------\n\nThe package looks for these environment variables:\n\n``EXPERIMENTAL_PUBLISH_TRAVERSE_ONLY_WARN``\n When this is set, instead of refusing to publish an object, a warning is logged.\n Default: false.\n\n``EXPERIMENTAL_PUBLISH_TRAVERSE_ACCEPT_KNOWN_NAMES``\n When this is set, the list of known names is taken into account:\n when an object with a name in the known names is published, we accept it without further checks.\n Default: true.\n\n``EXPERIMENTAL_PUBLISH_TRAVERSE_ACCEPT_IF_ONLY_FOR_ADMINS``\n When this is set, if the publishable object is not protected but its container is *only* accessible for admins, we accept it anyway.\n This can happen if its class has ``security.declareObjectProtected(ManagePortal)``,\n like happens when you use the permissions form of a workflow state in the ZMI.\n An admin in this case is someone with role Manager or Site Administrator.\n Default: true.\n\nAccepted True values are: ``true``, ``t``, ``1``, ``yes``, ``y``.\n\nThe defaults are intended to be reasonable for the latest official Plone versions, but the defaults may change.\n\n\nInstallation\n------------\n\nInstall experimental.publishtraverse by adding it to your buildout::\n\n [buildout]\n ...\n eggs =\n experimental.publishtraverse\n\nand then running ``bin/buildout``\n\nNo zcml is needed.\n\n\nCompatibility\n-------------\n\nFine on Plone 4.3, 5.0, 5.1.\n\n\nContribute\n----------\n\n- Issue Tracker: https://github.com/plone/experimental.publishtraverse/issues\n- Source Code: https://github.com/plone/experimental.publishtraverse\n\n\nLicense\n-------\n\nThe project is licensed under the GPLv2.\n\n\nContributors\n============\n\n- Maurits van Rees, maurits@vanrees.org\n\n\nChangelog\n=========\n\n\n1.1 (2016-11-17)\n----------------\n\nNew features:\n\n- Publish objects when their containers are only accessible for admins.\n You do that with ``security.declareObjectProtected(ManagePortal)``.\n This fixes setting permissions for a workflow state.\n You can turn this off by setting the new option\n ``EXPERIMENTAL_PUBLISH_TRAVERSE_ACCEPT_IF_ONLY_FOR_ADMINS``\n to false.\n [maurits]\n\nBug fixes:\n\n- Added ``test`` extra and improved code quality of package,\n with help of plone.app.codeanalysis.\n [maurits]\n\n\n1.0 (2016-09-28)\n----------------\n\n- Initial release.\n [maurits]", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://pypi.python.org/pypi/experimental.publishtraverse", "keywords": "Python Plone", "license": "GPL version 2", "maintainer": "", "maintainer_email": "", "name": "experimental.publishtraverse", "package_url": "https://pypi.org/project/experimental.publishtraverse/", "platform": "", "project_url": "https://pypi.org/project/experimental.publishtraverse/", "project_urls": { "Homepage": "https://pypi.python.org/pypi/experimental.publishtraverse" }, "release_url": "https://pypi.org/project/experimental.publishtraverse/1.1/", "requires_dist": null, "requires_python": "", "summary": "Experimental PublishTraverse implementation.", "version": "1.1" }, "last_serial": 2466898, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "9351746e93f3e2f2df4498cf02d37705", "sha256": "fbe033e4cb63050cc4791b4ec6ecefa8d63d86dbf4674876680efe32eb3bdc62" }, "downloads": -1, "filename": "experimental.publishtraverse-1.0.tar.gz", "has_sig": false, "md5_digest": "9351746e93f3e2f2df4498cf02d37705", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15042, "upload_time": "2016-09-28T00:51:07", "url": "https://files.pythonhosted.org/packages/93/e8/48e3eb5a862dfba3a53c9d399e4cc603a8917f4dfa27c51914713eb9725a/experimental.publishtraverse-1.0.tar.gz" } ], "1.1": [ { "comment_text": "", "digests": { "md5": "a7604ac9b7ed22b24ea67523212faf4a", "sha256": "66fa211cb0525b19dfad292e3e7af222ef7eeb8f57e5975a140ea7a312d4e408" }, "downloads": -1, "filename": "experimental.publishtraverse-1.1.tar.gz", "has_sig": false, "md5_digest": "a7604ac9b7ed22b24ea67523212faf4a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18539, "upload_time": "2016-11-17T18:15:28", "url": "https://files.pythonhosted.org/packages/f5/8a/7fd95c3450340e2a4ceb7c0fb1c517fbef36064e2bcebb1e04b9eb384075/experimental.publishtraverse-1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a7604ac9b7ed22b24ea67523212faf4a", "sha256": "66fa211cb0525b19dfad292e3e7af222ef7eeb8f57e5975a140ea7a312d4e408" }, "downloads": -1, "filename": "experimental.publishtraverse-1.1.tar.gz", "has_sig": false, "md5_digest": "a7604ac9b7ed22b24ea67523212faf4a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18539, "upload_time": "2016-11-17T18:15:28", "url": "https://files.pythonhosted.org/packages/f5/8a/7fd95c3450340e2a4ceb7c0fb1c517fbef36064e2bcebb1e04b9eb384075/experimental.publishtraverse-1.1.tar.gz" } ] }