From e8f3c14310d2f547ecd601106096961f1ca1f596 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com> Date: Wed, 21 May 2008 12:46:02 +0000 Subject: [PATCH] revert the commit about security on accessor as it seems not to work with all zope2.8 versions git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@21057 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Type/Accessor/Accessor.py | 13 --- product/ERP5Type/tests/testERP5Type.py | 130 ------------------------- 2 files changed, 143 deletions(-) diff --git a/product/ERP5Type/Accessor/Accessor.py b/product/ERP5Type/Accessor/Accessor.py index cf7d279b63..7093a6458c 100644 --- a/product/ERP5Type/Accessor/Accessor.py +++ b/product/ERP5Type/Accessor/Accessor.py @@ -65,16 +65,3 @@ class Accessor(Method): # Returns a reindexing alias from Alias import ReindexAlias return ReindexAlias(id, self.__name__) - -try: - from ZODB.Transaction import Transaction - # Zope 2.7 do not patch -except ImportError: - # Zope 2.8, patch - class __roles__: - @staticmethod - def rolesForPermissionOn(ob): - return getattr(ob.im_self, '%s__roles__' % ob.__name__) - - Accessor.__roles__ = __roles__ - diff --git a/product/ERP5Type/tests/testERP5Type.py b/product/ERP5Type/tests/testERP5Type.py index 6e8180abc2..3867861a7c 100644 --- a/product/ERP5Type/tests/testERP5Type.py +++ b/product/ERP5Type/tests/testERP5Type.py @@ -2095,136 +2095,6 @@ class TestPropertySheet: finally: removeZODBPythonScript(script_container, script_id) - def test_DefaultSecurityOnAccessors(self): - # Test accessors are protected correctly - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - self._addProperty('Person', - ''' { 'id': 'foo_bar', - 'type': 'string', - 'mode': 'w', }''') - obj = self.getPersonModule().newContent(portal_type='Person') - - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - # setter is protected by default with modify portal content - obj.manage_permission(Permissions.ModifyPortalContent, [], 0) - self.assertFalse(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - # getter is protected with Access content information - obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1) - obj.manage_permission(Permissions.AccessContentsInformation, [], 0) - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertFalse(guarded_hasattr(obj, 'getFooBar')) - - def test_DefaultSecurityOnListAccessors(self): - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - # Test list accessors are protected correctly - self._addProperty('Person', - ''' { 'id': 'foo_bar', - 'type': 'lines', - 'mode': 'w', }''') - obj = self.getPersonModule().newContent(portal_type='Person') - self.assertTrue(guarded_hasattr(obj, 'setFooBarList')) - self.assertTrue(guarded_hasattr(obj, 'getFooBarList')) - - # setter is protected by default with modify portal content - obj.manage_permission(Permissions.ModifyPortalContent, [], 0) - self.assertFalse(guarded_hasattr(obj, 'setFooBarList')) - self.assertTrue(guarded_hasattr(obj, 'getFooBarList')) - - # getter is protected with Access content information - obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1) - obj.manage_permission(Permissions.AccessContentsInformation, [], 0) - self.assertTrue(guarded_hasattr(obj, 'setFooBarList')) - self.assertFalse(guarded_hasattr(obj, 'getFooBarList')) - - def test_DefaultSecurityOnCategoryAccessors(self): - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - # Test category accessors are protected correctly - obj = self.getPersonModule().newContent(portal_type='Person') - self.assertTrue(guarded_hasattr(obj, 'setRegion')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'setRegionList')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegion')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'getRegionList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionRelatedValueList')) - - # setter is protected by default with modify portal content - obj.manage_permission(Permissions.ModifyPortalContent, [], 0) - self.assertFalse(guarded_hasattr(obj, 'setRegion')) - self.assertFalse(guarded_hasattr(obj, 'setRegionValue')) - self.assertFalse(guarded_hasattr(obj, 'setRegionList')) - self.assertFalse(guarded_hasattr(obj, 'setRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegion')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'getRegionList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionRelatedValueList')) - - # getter is protected with Access content information - obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1) - obj.manage_permission(Permissions.AccessContentsInformation, [], 0) - self.assertTrue(guarded_hasattr(obj, 'setRegion')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'setRegionList')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValueList')) - self.assertFalse(guarded_hasattr(obj, 'getRegion')) - self.assertFalse(guarded_hasattr(obj, 'getRegionValue')) - self.assertFalse(guarded_hasattr(obj, 'getRegionList')) - self.assertFalse(guarded_hasattr(obj, 'getRegionValueList')) - self.assertFalse(guarded_hasattr(obj, 'getRegionRelatedValueList')) - - def test_PropertySheetSecurityOnAccessors(self): - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - # Test accessors are protected correctly when you specify the permission - # in the property sheet. - self._addProperty('Person', - ''' { 'id': 'foo_bar', - 'write_permission' : 'Set own password', - 'read_permission' : 'Manage users', - 'type': 'string', - 'mode': 'w', }''') - obj = self.getPersonModule().newContent(portal_type='Person') - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - obj.manage_permission('Set own password', [], 0) - self.assertFalse(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - obj.manage_permission('Set own password', ['Manager'], 1) - obj.manage_permission('Manage users', [], 0) - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertFalse(guarded_hasattr(obj, 'getFooBar')) def test_suite(): suite = unittest.TestSuite() -- 2.30.9