Skip to content

Z
Zope
Commit 4ac217a2 authored by 's avatar
Browse files
Options

- added more security tests 

- fixed __ac_permissions__ created by the browser:view directive
parent fbc0a65e
Hide whitespace changes
Inline Side-by-side
Showing with 96 additions and 1 deletion
src/Products/Five/browser/metaconfigure.py
View file @ 4ac217a2
......@@ -262,6 +262,7 @@ class view(zope.browserpage.metaconfigure.view):
)
if class_ is not None:
cdict.update(getSecurityInfo(class_))
bases = (class_, simple)
else:
bases = (simple,)
......
src/Products/Five/browser/tests/pages.py
View file @ 4ac217a2
......@@ -14,9 +14,11 @@
"""Test browser pages
"""
from AccessControl.class_init import InitializeClass
from AccessControl.SecurityInfo import ClassSecurityInfo
from OFS.SimpleItem import SimpleItem
from Products.Five import BrowserView
from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
from OFS.SimpleItem import SimpleItem
class SimpleView(BrowserView):
......@@ -96,3 +98,25 @@ class NewStyleClass(object):
def method(self):
"""Docstring"""
return
class ProtectedView(object):
security = ClassSecurityInfo()
security.declarePublic('public_method')
def public_method(self):
"""Docstring"""
return u'PUBLIC'
security.declareProtected('View', 'protected_method')
def protected_method(self):
"""Docstring"""
return u'PROTECTED'
security.declarePrivate('private_method')
def private_method(self):
"""Docstring"""
return u'PRIVATE'
InitializeClass(ProtectedView)
src/Products/Five/browser/tests/pages.txt
View file @ 4ac217a2
......@@ -319,6 +319,52 @@ Test traversal to resources from within ZPT pages:
<html><body><img alt=""
src="http://nohost/test_folder_1_/testoid/++resource++pattern.png" /></body></html>
Security settings of the base class are combined with new settings based on the
view permission:
>>> from AccessControl import ACCESS_PUBLIC
>>> view = self.folder.unrestrictedTraverse('testoid/protected_class_page')
>>> view.__parent__ == self.folder.testoid
True
>>> view.__ac_permissions__
(('View', ('protected_method',)), ('View management screens', ('', '__call__')))
>>> aq_acquire(view, '__call____roles__')
('Manager',)
>>> aq_acquire(view, 'public_method__roles__') is ACCESS_PUBLIC
True
>>> aq_acquire(view, 'protected_method__roles__')
['Manager', 'test_role_1_', 'Manager', 'Anonymous']
>>> aq_acquire(view, 'private_method__roles__') is ACCESS_PRIVATE
True
>>> view = self.folder.unrestrictedTraverse('testoid/protected_template_class_page')
>>> view.__parent__ == self.folder.testoid
True
>>> view.__ac_permissions__
(('View', ('protected_method',)), ('View management screens', ('', '__call__')))
>>> aq_acquire(view, '__call____roles__')
('Manager',)
>>> aq_acquire(view, 'public_method__roles__') is ACCESS_PUBLIC
True
>>> aq_acquire(view, 'protected_method__roles__')
['Manager', 'test_role_1_', 'Manager', 'Anonymous']
>>> aq_acquire(view, 'private_method__roles__') is ACCESS_PRIVATE
True
>>> view = self.folder.unrestrictedTraverse('testoid/protected_class_view')
>>> view.__parent__ == self.folder.testoid
True
>>> view.__ac_permissions__
(('View', ('protected_method',)), ('View management screens', ('',)))
>>> getattr(view, '__call____roles__', False)
False
>>> aq_acquire(view, 'public_method__roles__') is ACCESS_PUBLIC
True
>>> aq_acquire(view, 'protected_method__roles__')
['Manager', 'test_role_1_', 'Manager', 'Anonymous']
>>> aq_acquire(view, 'private_method__roles__') is ACCESS_PRIVATE
True
Clean up
--------
......
src/Products/Five/browser/tests/pages.zcml
View file @ 4ac217a2
......@@ -250,4 +250,28 @@
permission="zope2.Public"
/>
<!-- views with protected methods -->
<browser:page
for="Products.Five.tests.testing.simplecontent.ISimpleContent"
class=".pages.ProtectedView"
name="protected_class_page"
permission="zope2.ViewManagementScreens"
/>
<browser:page
for="Products.Five.tests.testing.simplecontent.ISimpleContent"
class=".pages.ProtectedView"
template="falcon.pt"
name="protected_template_class_page"
permission="zope2.ViewManagementScreens"
/>
<browser:view
for="Products.Five.tests.testing.simplecontent.ISimpleContent"
class=".pages.ProtectedView"
name="protected_class_view"
permission="zope2.ViewManagementScreens"
/>
</configure>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7