Commit 291c4c73 authored by Chris McDonough's avatar Chris McDonough

Update AccessControl package to deal with various forms of Unicode and add...

Update AccessControl package to deal with various forms of Unicode and add some tests to make sure.  This fixes Collector #1034.
parent 586ead91
......@@ -13,8 +13,8 @@
__doc__='''Objects that implement Permission-based roles.
$Id: PermissionRole.py,v 1.18 2003/06/10 15:39:04 shane Exp $'''
__version__='$Revision: 1.18 $'[11:-2]
$Id: PermissionRole.py,v 1.19 2003/10/24 01:21:48 chrism Exp $'''
__version__='$Revision: 1.19 $'[11:-2]
_use_python_impl = 0
import os
......@@ -85,7 +85,8 @@ if _use_python_impl:
"""Implement permission-based roles
"""
def __of__(self, parent,tt=type(()),st=type(''),getattr=getattr):
def __of__(self, parent,tt=type(()),st=type(''),ut=type(u''),
getattr=getattr):
obj=parent
n=self._p
r=None
......@@ -102,7 +103,7 @@ if _use_python_impl:
if r is None: return roles
return r+list(roles)
if t is st:
if t in (st, ut):
# We found roles set to a name. Start over
# with the new permission name. If the permission
# name is '', then treat as private!
......
......@@ -13,8 +13,8 @@
__doc__='''Define Zope\'s default security policy
$Id: ZopeSecurityPolicy.py,v 1.23 2003/06/10 15:39:04 shane Exp $'''
__version__='$Revision: 1.23 $'[11:-2]
$Id: ZopeSecurityPolicy.py,v 1.24 2003/10/24 01:21:48 chrism Exp $'''
__version__='$Revision: 1.24 $'[11:-2]
_use_python_impl = 0
......@@ -33,7 +33,7 @@ else:
if _use_python_impl:
from types import StringType
from types import StringType, UnicodeType
import SimpleObjectPolicies
from AccessControl import Unauthorized
......@@ -193,6 +193,6 @@ if _use_python_impl:
def checkPermission(self, permission, object, context):
# XXX proxy roles and executable owner are not checked
roles=rolesForPermissionOn(permission, object)
if type(roles) is StringType:
if type(roles) in (StringType, UnicodeType):
roles=[roles]
return context.user.allowed(object, roles)
......@@ -36,7 +36,7 @@
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
$Id: cAccessControl.c,v 1.21 2003/09/11 16:00:42 jeremy Exp $
$Id: cAccessControl.c,v 1.22 2003/10/24 01:21:48 chrism Exp $
If you have questions regarding this software,
contact:
......@@ -758,13 +758,14 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
return NULL;
/*| # Provide special rules for acquisition attributes
**| if type(name) is StringType:
**| if type(name) in (StringType, UnicodeType):
**| if name[:3] == 'aq_' and name not in valid_aq_:
**| raise Unauthorized(name, value)
*/
if (PyString_Check(name)) { /* XXX what about unicode? */
sname = PyString_AS_STRING(name);
if ( PyString_Check(name) || PyUnicode_Check(name) ) {
sname = PyString_AsString(name);
if (sname != NULL) {
if (*sname == 'a' && sname[1]=='q' && sname[2]=='_') {
if (strcmp(sname,"aq_parent") != 0 &&
strcmp(sname,"aq_inner") != 0 &&
......@@ -775,6 +776,7 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
}
}
}
}
Py_XINCREF(roles); /* Convert the borrowed ref to a real one */
......@@ -1145,11 +1147,11 @@ static PyObject *ZopeSecurityPolicy_checkPermission(PyObject *self,
if (roles == NULL)
return NULL;
/*| if type(roles) is StringType:
/*| if type(roles) in (StringType, UnicodeType):
**| roles = [roles]
*/
if (PyString_Check(roles)) {
if ( PyString_Check(roles) || PyUnicode_Check(roles) ) {
PyObject *r;
r = PyList_New(1);
......@@ -1294,21 +1296,22 @@ SecurityManager_dealloc(SecurityManager *self)
static PyObject *
SecurityManager_getattro(SecurityManager *self, PyObject *name)
{
if (PyString_Check(name) && PyString_AS_STRING(name)[0]=='_')
if ( (PyString_Check(name) || PyUnicode_Check(name) ) &&
PyString_AsString(name)[0]=='_' )
{
if (strcmp(PyString_AS_STRING(name), "_thread_id")==0
if (strcmp(PyString_AsString(name), "_thread_id")==0
&& self->thread_id)
{
Py_INCREF(self->thread_id);
return self->thread_id;
}
else if (strcmp(PyString_AS_STRING(name), "_context")==0
else if (strcmp(PyString_AsString(name), "_context")==0
&& self->context)
{
Py_INCREF(self->context);
return self->context;
}
else if (strcmp(PyString_AS_STRING(name), "_policy")==0
else if (strcmp(PyString_AsString(name), "_policy")==0
&& self->policy)
{
Py_INCREF(self->policy);
......@@ -1322,21 +1325,22 @@ SecurityManager_getattro(SecurityManager *self, PyObject *name)
static int
SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
{
if (v && PyString_Check(name) && PyString_AS_STRING(name)[0]=='_')
if ( (PyString_Check(name) || PyUnicode_Check(name) ) &&
PyString_AsString(name)[0]=='_' )
{
if (strcmp(PyString_AS_STRING(name), "_thread_id")==0)
if (strcmp(PyString_AsString(name), "_thread_id")==0)
{
Py_INCREF(v);
ASSIGN(self->thread_id, v);
return 0;
}
else if (strcmp(PyString_AS_STRING(name), "_context")==0)
else if (strcmp(PyString_AsString(name), "_context")==0)
{
Py_INCREF(v);
ASSIGN(self->context, v);
return 0;
}
else if (strcmp(PyString_AS_STRING(name), "_policy")==0)
else if (strcmp(PyString_AsString(name), "_policy")==0)
{
Py_INCREF(v);
ASSIGN(self->policy, v);
......@@ -1485,7 +1489,7 @@ static void PermissionRole_dealloc(PermissionRole *self) {
static PyObject *PermissionRole_getattro(PermissionRole *self, PyObject *name) {
PyObject *result= NULL;
char *name_s= PyString_AsString(name);
char *name_s = PyString_AsString(name);
/* see whether we know the attribute */
/* we support both the old "_d" (from the Python implementation)
......@@ -1595,13 +1599,13 @@ static PyObject *imPermissionRole_of(imPermissionRole *self, PyObject *args) {
}
/*|
**| if t is StringType:
**| if t in (StringType, UnicodeType):
**| # We found roles set to a name. Start over
**| # with the new permission name. If the permission
**| # name is '', then treat as private!
*/
if (PyString_Check(roles)) {
if (PyString_Check(roles) || PyUnicode_Check(roles)) {
/*|
**| if roles:
......@@ -1911,7 +1915,8 @@ guarded_getattr(PyObject *inst, PyObject *name, PyObject *default_,
int i;
/* if name[:1] != '_': */
if (PyString_Check(name) && PyString_AS_STRING(name)[0] != '_')
if ( (PyString_Check(name) || PyUnicode_Check(name)) &&
PyString_AsString(name)[0] != '_')
{
/*
......@@ -2078,7 +2083,7 @@ void initcAccessControl(void) {
module = Py_InitModule3("cAccessControl",
cAccessControl_methods,
"$Id: cAccessControl.c,v 1.21 2003/09/11 16:00:42 jeremy Exp $\n");
"$Id: cAccessControl.c,v 1.22 2003/10/24 01:21:48 chrism Exp $\n");
aq_init(); /* For Python <= 2.1.1, aq_init() should be after
Py_InitModule(). */
......
......@@ -13,8 +13,8 @@
"""Tests of ZopeSecurityPolicy
"""
__rcs_id__='$Id: testZopeSecurityPolicy.py,v 1.6 2003/06/10 15:39:04 shane Exp $'
__version__='$Revision: 1.6 $'[11:-2]
__rcs_id__='$Id: testZopeSecurityPolicy.py,v 1.7 2003/10/24 01:21:49 chrism Exp $'
__version__='$Revision: 1.7 $'[11:-2]
import os, sys, unittest
......@@ -207,6 +207,14 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
c.attr = PublicMethod()
self.assertPolicyAllows(c, 'attr')
def testUnicodeAttributeLookups(self):
item = self.item
r_item = self.a.r_item
self.assertPolicyAllows(item, u'public_prop')
self.assertPolicyDenies(r_item, u'private_prop')
self.assertPolicyAllows(item, u'public_m')
self.assertPolicyDenies(item, u'dangerous_m')
def testRolesForPermission(self):
# Test of policy.checkPermission().
r_item = self.a.r_item
......@@ -217,6 +225,15 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
v = self.policy.checkPermission('View', r_item, o_context)
self.assert_(v, '_View_Permission should grant access to theowner')
def testUnicodeRolesForPermission(self):
r_item = self.a.r_item
context = self.context
v = self.policy.checkPermission(u'View', r_item, context)
self.assert_(not v, '_View_Permission should deny access to user')
o_context = SecurityContext(self.uf.getUserById('theowner'))
v = self.policy.checkPermission(u'View', r_item, o_context)
self.assert_(v, '_View_Permission should grant access to theowner')
def testAqNames(self):
policy = self.policy
names = {
......@@ -252,7 +269,7 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(ZopeSecurityPolicyTests))
suite.addTest(unittest.makeSuite(ZopeSecurityPolicyTests, 'test'))
return suite
def main():
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment