Ensure WSGIPublisher also starts and ends an interaction (analogous to the ZServer publisher).

41594f6d · Malthe Borch · 8ef94500 · 41594f6d · 41594f6d
Commit 41594f6d authored Oct 09, 2012 by Malthe Borch
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

doc/CHANGES.rst doc/CHANGES.rst +5 -0

src/ZPublisher/WSGIPublisher.py src/ZPublisher/WSGIPublisher.py +4 -0

No files found.
--- a/doc/CHANGES.rst
+++ b/doc/CHANGES.rst
@@ -11,6 +11,11 @@ http://docs.zope.org/zope2/releases/.
 Bugs Fixed
 ++++++++++

+- Ensure that the ``WSGIPublisher`` begins and ends an *interaction*
+  at the request/response barrier. This is required for instance for
+  the ``checkPermission`` call to function without an explicit
+  ``interaction`` parameter.
+
 - Ensure that ObjectManager's ``get`` and ``__getitem__`` methods return only
  "items" (no attributes / methods from the class or from acquisition).
  Thanks to Richard Mitchell at Netsight for the report.

--- a/src/ZPublisher/WSGIPublisher.py
+++ b/src/ZPublisher/WSGIPublisher.py
@@ -19,6 +19,7 @@ import transaction
 from zExceptions import Redirect
 from zExceptions import Unauthorized
 from zope.event import notify
+from zope.security.management import newInteraction, endInteraction
 from zope.publisher.skinnable import setDefaultSkin
 from ZServer.medusa.http_date import build_http_date

@@ -165,6 +166,7 @@ def publish(request, module_name,
    ) = _get_module_info(module_name)

    notify(PubStart(request))
+    newInteraction()
    request.processInputs()
    response = request.response

@@ -205,6 +207,8 @@ def publish(request, module_name,
    if result is not response:
        response.setBody(result)

+    endInteraction()
+
    notify(PubBeforeCommit(request))
    return response