Commit 618f7fac authored by Tres Seaver's avatar Tres Seaver

- Merge bindings test, python script fix from 2.6 branch.

parent e4f59104
...@@ -13,12 +13,14 @@ ...@@ -13,12 +13,14 @@
############################################################################## ##############################################################################
"""Test Bindings """Test Bindings
$Id: testBindings.py,v 1.4 2004/01/27 18:37:24 Brian Exp $ $Id: testBindings.py,v 1.5 2004/01/27 19:37:29 tseaver Exp $
""" """
import unittest import unittest
import ZODB import ZODB
from Acquisition import Implicit from Acquisition import Implicit
from AccessControl import ClassSecurityInfo
from Globals import InitializeClass
from OFS.ObjectManager import ObjectManager from OFS.ObjectManager import ObjectManager
from OFS.Folder import Folder from OFS.Folder import Folder
...@@ -73,9 +75,20 @@ class FauxRoot(ObjectManager): ...@@ -73,9 +75,20 @@ class FauxRoot(ObjectManager):
return '<FauxRoot>' return '<FauxRoot>'
class FauxFolder(Folder): class FauxFolder(Folder):
security = ClassSecurityInfo()
security.declareObjectPrivate()
security.declarePrivate('__repr__')
def __repr__(self): def __repr__(self):
return '<FauxFolder: %s>' % self.getId() return '<FauxFolder: %s>' % self.getId()
security.declarePublic('methodWithRoles')
def methodWithRoles(self):
return 'method called'
InitializeClass(FauxFolder)
class TestBindings(unittest.TestCase): class TestBindings(unittest.TestCase):
def setUp(self): def setUp(self):
...@@ -130,12 +143,23 @@ class TestBindings(unittest.TestCase): ...@@ -130,12 +143,23 @@ class TestBindings(unittest.TestCase):
bound_used_context_ps = self._newPS('return context.id') bound_used_context_ps = self._newPS('return context.id')
guarded._setOb('bound_used_context_ps', bound_used_context_ps) guarded._setOb('bound_used_context_ps', bound_used_context_ps)
bound_used_context_methodWithRoles_ps = self._newPS(
'return context.methodWithRoles()')
guarded._setOb('bound_used_context_methodWithRoles_ps',
bound_used_context_methodWithRoles_ps)
container_ps = self._newPS('return container') container_ps = self._newPS('return container')
guarded._setOb('container_ps', container_ps) guarded._setOb('container_ps', container_ps)
container_str_ps = self._newPS('return str(container)')
guarded._setOb('container_str_ps', container_str_ps)
context_ps = self._newPS('return context') context_ps = self._newPS('return context')
guarded._setOb('context_ps', context_ps) guarded._setOb('context_ps', context_ps)
context_str_ps = self._newPS('return str(context)')
guarded._setOb('context_str_ps', context_str_ps)
return root return root
def _newPS(self, txt, bind=None): def _newPS(self, txt, bind=None):
...@@ -165,9 +189,32 @@ class TestBindings(unittest.TestCase): ...@@ -165,9 +189,32 @@ class TestBindings(unittest.TestCase):
newSecurityManager(None, UnderprivilegedUser()) newSecurityManager(None, UnderprivilegedUser())
root = self._makeTree() root = self._makeTree()
guarded = root._getOb('guarded') guarded = root._getOb('guarded')
ps = guarded._getOb('bound_used_container_ps') ps = guarded._getOb('bound_used_container_ps')
self.assertRaises(Unauthorized, ps) self.assertRaises(Unauthorized, ps)
ps = guarded._getOb('container_str_ps')
self.assertRaises(Unauthorized, ps)
ps = guarded._getOb('container_ps')
container = ps()
self.assertRaises(Unauthorized, container)
self.assertRaises(Unauthorized, container.index_html)
try:
str(container)
except Unauthorized:
pass
else:
self.fail("str(container) didn't raise Unauthorized!")
ps = guarded._getOb('bound_used_container_ps')
ps._proxy_roles = ( 'Manager', )
ps()
ps = guarded._getOb('container_str_ps')
ps._proxy_roles = ( 'Manager', )
ps()
def test_bound_used_container_allowed(self): def test_bound_used_container_allowed(self):
from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import newSecurityManager
newSecurityManager(None, UnderprivilegedUser()) newSecurityManager(None, UnderprivilegedUser())
...@@ -191,9 +238,32 @@ class TestBindings(unittest.TestCase): ...@@ -191,9 +238,32 @@ class TestBindings(unittest.TestCase):
newSecurityManager(None, UnderprivilegedUser()) newSecurityManager(None, UnderprivilegedUser())
root = self._makeTree() root = self._makeTree()
guarded = root._getOb('guarded') guarded = root._getOb('guarded')
ps = guarded._getOb('bound_used_context_ps') ps = guarded._getOb('bound_used_context_ps')
self.assertRaises(Unauthorized, ps) self.assertRaises(Unauthorized, ps)
ps = guarded._getOb('context_str_ps')
self.assertRaises(Unauthorized, ps)
ps = guarded._getOb('context_ps')
context = ps()
self.assertRaises(Unauthorized, context)
self.assertRaises(Unauthorized, context.index_html)
try:
str(context)
except Unauthorized:
pass
else:
self.fail("str(context) didn't raise Unauthorized!")
ps = guarded._getOb('bound_used_context_ps')
ps._proxy_roles = ( 'Manager', )
ps()
ps = guarded._getOb('context_str_ps')
ps._proxy_roles = ( 'Manager', )
ps()
def test_bound_used_context_allowed(self): def test_bound_used_context_allowed(self):
from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import newSecurityManager
newSecurityManager(None, UnderprivilegedUser()) newSecurityManager(None, UnderprivilegedUser())
...@@ -221,6 +291,20 @@ class TestBindings(unittest.TestCase): ...@@ -221,6 +291,20 @@ class TestBindings(unittest.TestCase):
'name_subpath': ''}) 'name_subpath': ''})
self.assertEqual(boundless_ps(), 42) self.assertEqual(boundless_ps(), 42)
def test_bound_used_context_method_w_roles(self):
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl import Unauthorized
newSecurityManager(None, UnderprivilegedUser())
root = self._makeTree()
guarded = root._getOb('guarded')
# Assert that we can call a protected method, even though we have
# no access to the context directly.
ps = guarded._getOb('bound_used_context_ps')
self.assertRaises(Unauthorized, ps)
ps = guarded._getOb('bound_used_context_methodWithRoles_ps')
self.assertEqual(ps(), 'method called')
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
......
...@@ -17,7 +17,7 @@ This product provides support for Script objects containing restricted ...@@ -17,7 +17,7 @@ This product provides support for Script objects containing restricted
Python code. Python code.
""" """
__version__='$Revision: 1.53 $'[11:-2] __version__='$Revision: 1.54 $'[11:-2]
import sys, os, traceback, re, marshal, new import sys, os, traceback, re, marshal, new
from Globals import DTMLFile, MessageDialog, package_home from Globals import DTMLFile, MessageDialog, package_home
...@@ -315,17 +315,11 @@ class PythonScript(Script, Historical, Cacheable): ...@@ -315,17 +315,11 @@ class PythonScript(Script, Historical, Cacheable):
PythonScriptTracebackSupplement, self, -1) PythonScriptTracebackSupplement, self, -1)
f = new.function(fcode, g, None, fadefs) f = new.function(fcode, g, None, fadefs)
# Execute the function in a new security context.
security=getSecurityManager()
security.addContext(self)
try:
result = f(*args, **kw) result = f(*args, **kw)
if keyset is not None: if keyset is not None:
# Store the result in the cache. # Store the result in the cache.
self.ZCacheable_set(result, keywords=keyset) self.ZCacheable_set(result, keywords=keyset)
return result return result
finally:
security.removeContext(self)
def manage_haveProxy(self,r): return r in self._proxy_roles def manage_haveProxy(self,r): return r in self._proxy_roles
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment