| Georg Brandl | 8ec7f65 | 2007-08-15 14:28:01 +0000 | [diff] [blame] | 1 | |
| 2 | :mod:`Bastion` --- Restricting access to objects |
| 3 | ================================================ |
| 4 | |
| 5 | .. module:: Bastion |
| 6 | :synopsis: Providing restricted access to objects. |
| 7 | .. moduleauthor:: Barry Warsaw <bwarsaw@python.org> |
| 8 | |
| 9 | |
| 10 | .. versionchanged:: 2.3 |
| 11 | Disabled module. |
| 12 | |
| 13 | .. warning:: |
| 14 | |
| 15 | The documentation has been left in place to help in reading old code that uses |
| 16 | the module. |
| 17 | |
| 18 | According to the dictionary, a bastion is "a fortified area or position", or |
| 19 | "something that is considered a stronghold." It's a suitable name for this |
| 20 | module, which provides a way to forbid access to certain attributes of an |
| 21 | object. It must always be used with the :mod:`rexec` module, in order to allow |
| 22 | restricted-mode programs access to certain safe attributes of an object, while |
| 23 | denying access to other, unsafe attributes. |
| 24 | |
| Georg Brandl | b19be57 | 2007-12-29 10:57:00 +0000 | [diff] [blame^] | 25 | .. I'm concerned that the word 'bastion' won't be understood by people |
| 26 | .. for whom English is a second language, making the module name |
| 27 | .. somewhat mysterious. Thus, the brief definition... --amk |
| Georg Brandl | 8ec7f65 | 2007-08-15 14:28:01 +0000 | [diff] [blame] | 28 | |
| Georg Brandl | b19be57 | 2007-12-29 10:57:00 +0000 | [diff] [blame^] | 29 | .. I've punted on the issue of documenting keyword arguments for now. |
| Georg Brandl | 8ec7f65 | 2007-08-15 14:28:01 +0000 | [diff] [blame] | 30 | |
| 31 | |
| 32 | .. function:: Bastion(object[, filter[, name[, class]]]) |
| 33 | |
| 34 | Protect the object *object*, returning a bastion for the object. Any attempt to |
| 35 | access one of the object's attributes will have to be approved by the *filter* |
| 36 | function; if the access is denied an :exc:`AttributeError` exception will be |
| 37 | raised. |
| 38 | |
| 39 | If present, *filter* must be a function that accepts a string containing an |
| 40 | attribute name, and returns true if access to that attribute will be permitted; |
| 41 | if *filter* returns false, the access is denied. The default filter denies |
| 42 | access to any function beginning with an underscore (``'_'``). The bastion's |
| 43 | string representation will be ``<Bastion for name>`` if a value for *name* is |
| 44 | provided; otherwise, ``repr(object)`` will be used. |
| 45 | |
| 46 | *class*, if present, should be a subclass of :class:`BastionClass`; see the |
| 47 | code in :file:`bastion.py` for the details. Overriding the default |
| 48 | :class:`BastionClass` will rarely be required. |
| 49 | |
| 50 | |
| 51 | .. class:: BastionClass(getfunc, name) |
| 52 | |
| 53 | Class which actually implements bastion objects. This is the default class used |
| 54 | by :func:`Bastion`. The *getfunc* parameter is a function which returns the |
| 55 | value of an attribute which should be exposed to the restricted execution |
| 56 | environment when called with the name of the attribute as the only parameter. |
| 57 | *name* is used to construct the :func:`repr` of the :class:`BastionClass` |
| 58 | instance. |
| 59 | |