13.2 Bastion -- Restricting access to objects

According to the dictionary, a bastion is ``a fortified area or position'', or ``something that is considered a stronghold.'' It's a suitable name for this module, which provides a way to forbid access to certain attributes of an object. It must always be used with the rexec module, in order to allow restricted-mode programs access to certain safe attributes of an object, while denying access to other, unsafe attributes.

Bastion (object[, filter[, name[, class]]])
Protect the object object, returning a bastion for the object. Any attempt to access one of the object's attributes will have to be approved by the filter function; if the access is denied an AttributeError exception will be raised.

If present, filter must be a function that accepts a string containing an attribute name, and returns true if access to that attribute will be permitted; if filter returns false, the access is denied. The default filter denies access to any function beginning with an underscore ("_"). The bastion's string representation will be "<Bastion for name>" if a value for name is provided; otherwise, "repr(object)" will be used.

class, if present, should be a subclass of BastionClass; see the code in bastion.py for the details. Overriding the default BastionClass will rarely be required.

BastionClass (getfunc, name)
Class which actually implements bastion objects. This is the default class used by Bastion(). The getfunc parameter is a function which returns the value of an attribute which should be exposed to the restricted execution environment when called with the name of the attribute as the only parameter. name is used to construct the repr() of the BastionClass instance.

Send comments on this document to python-docs@python.org.