- Merge fix / test for Collector #1186

5aeb67d3 · Tres Seaver · f8899497 · 5aeb67d3 · 5aeb67d3
Commit 5aeb67d3 authored Jan 16, 2004 by Tres Seaver
Showing with 33 additions and 3 deletions

lib/python/AccessControl/ZopeGuards.py lib/python/AccessControl/ZopeGuards.py +4 -1

lib/python/AccessControl/tests/testSecurity.py lib/python/AccessControl/tests/testSecurity.py +29 -2

No files found.
--- a/lib/python/AccessControl/ZopeGuards.py
+++ b/lib/python/AccessControl/ZopeGuards.py
@@ -11,13 +11,14 @@
 #
 ##############################################################################

-__version__='$Revision: 1.17 $'[11:-2]
+__version__='$Revision: 1.18 $'[11:-2]

 import sys

 import RestrictedPython
 from RestrictedPython.Guards import safe_builtins, full_write_guard
 from RestrictedPython.Utilities import utility_builtins
+from RestrictedPython.Eval import RestrictionCapableEval
 from SecurityManagement import getSecurityManager
 from SecurityInfo import secureModule
 from SimpleObjectPolicies import Containers, ContainerAssertions
@@ -406,3 +407,5 @@ _safe_globals = {'__builtins__': safe_builtins,
                }

 get_safe_globals = _safe_globals.copy
+
+RestrictionCapableEval.globals.update(_safe_globals)
--- a/lib/python/AccessControl/tests/testSecurity.py
+++ b/lib/python/AccessControl/tests/testSecurity.py
@@ -13,8 +13,8 @@
 """Document Template Tests
 """

-__rcs_id__='$Id: testSecurity.py,v 1.11 2003/01/27 22:55:27 gvanrossum Exp $'
-__version__='$Revision: 1.11 $'[11:-2]
+__rcs_id__='$Id: testSecurity.py,v 1.12 2004/01/16 18:18:51 tseaver Exp $'
+__version__='$Revision: 1.12 $'[11:-2]

 import os, sys, unittest

@@ -78,6 +78,33 @@ class SecurityTests (DTMLTests):
        res = html(c=c)
        assert res == '10', res

+    def testNewDTMLBuiltins(self):
+
+        NEW_BUILTINS_TEMPLATE = """
+        <dtml-var expr="_.min([1,2])">
+        <dtml-var expr="_.max([2,3])">
+        <dtml-var expr="_.sum([1,2,3,4])">
+        <dtml-var expr="[x for x in (1, 2, 3)]">
+        """
+
+        EXPECTED = ['1', '3', '10', '[1, 2, 3]']
+
+        #
+        #   XXX:    these expressions seem like they should work, with
+        #           the following ExPECTED, but they raise Unauthorized
+        #           on the 'next' name.
+        #
+        #<dtml-var expr="_.iter([1,2,3]).next()">
+        #<dtml-var expr="_.enumerate([1,2,3]).next()">
+        #
+        #EXPECTED = ['1', '3', '10', '1', '(0, 1)']
+
+        template = self.doc_class(NEW_BUILTINS_TEMPLATE)
+        res = template()
+        lines = filter(None, [x.strip() for x in res.split('\n')])
+
+        self.assertEqual(lines, EXPECTED)
+
    # Note: we need more tests!

 def test_suite():