Make the set_attributes and set_schema options to <class ...><require ......

Make the set_attributes and set_schema options to <class ...><require ... /></class> issue a warning rather than throw an exception. Whilst the concept doesn't make much sense in Zope 2, it's desirable to be able to re-use existing packages that do declare such protection

doc/CHANGES.rst

@@ -23,6 +23,11 @@ Known issues
 Restructuring
 +++++++++++++
 
+- Using <require set_schema="..." /> or <require set_attributes="..." /> in
+  the <class /> directive now emits a warning rather than an error. The
+  concept of protecting attribute 'set' does not exist in Zope 2, but it
+  should be possible to re-use packages that do declare such protection.
+
 - Updated to DateTime 2.12.0.
 
 - Updated to ZODB 3.9.0a12.

src/Products/Five/metaconfigure.py

@@ -16,12 +16,11 @@
 $Id$
 """
 import warnings
-from zope.configuration.exceptions import ConfigurationError
-from zope.app.component import contentdirective
+from zope.security import metaconfigure
 from App.class_init import InitializeClass
 from Products.Five.security import protectName
 
-class ClassDirective(contentdirective.ClassDirective):
+class ClassDirective(metaconfigure.ClassDirective):
 
     def __protectName(self, name, permission_id):
         self.__context.action(
@@ -30,14 +29,17 @@ class ClassDirective(contentdirective.ClassDirective):
             args = (self.__class, name, permission_id)
             )
 
-    def __protectSetAttributes(self, attributes, permissions):
-        raise ConfigurationError('set_attributes parameter not supported.')
+    def __protectSetAttributes(self, names, permission_id):
+        warnings.warn("The set_attribute option of the <require /> directive is not supported in Zope 2. " + \
+                      "Ignored for %s" % str(self.__class), stacklevel=3)
 
-    def __proctectSetSchema(self, schema, permission):
-        raise ConfigurationError('set_schema parameter not supported.')
+    def __protectSetSchema(self, schema, permission):
+        warnings.warn("The set_schema option of the <require /> directive is not supported in Zope 2. " + \
+                      "Ignored for %s" % str(self.__class), stacklevel=3)
 
     def __mimic(self, _context, class_):
-        raise ConfigurationError('like_class parameter not supported.')
+        warnings.warn("The like_class option of the <require /> directive is not supported in Zope 2. " + \
+                      "Ignored for %s" % str(self.__class), stacklevel=3)
 
     def __call__(self):
         return self.__context.action(

src/Products/Five/tests/test_security.py

@@ -18,6 +18,7 @@ $Id$
 
 from zope.interface import implements
 from zope.interface import Interface
+from zope.schema import TextLine
 from AccessControl.SecurityInfo import ClassSecurityInfo
 
 class ISuperDummy(Interface):
@@ -51,6 +52,16 @@ class Dummy2(Dummy1):
     security.declarePrivate('baz')
     security.declareProtected('View management screens', 'keg')
 
+class IDummy3(Interface):
+    attr = TextLine(title=u"Attribute")
+
+class Dummy3:
+    implements(IDummy3)
+    attr = None
+
+class Dummy4:
+    foo = None
+
 def test_security_equivalence():
     """This test demonstrates that the traditional declarative security of
     Zope 2 can be replaced by ZCML statements without any loss of
@@ -219,6 +230,56 @@ def test_allowed_interface():
       >>> tearDown()
     """
 
+def test_set_warnings():
+    """This test demonstrates that set_attributes and set_schema will result
+    in warnings, not errors. This type of protection doesn't make sense in
+    Zope 2, but we want to be able to re-use pure Zope 3 packages that use
+    them without error.
+
+      >>> from zope.app.testing.placelesssetup import setUp, tearDown
+      >>> setUp()
+
+    Before we can make security declarations through ZCML, we need to
+    register the directive and the permission:
+
+      >>> import Products.Five
+      >>> from Products.Five import zcml
+      >>> zcml.load_config('meta.zcml', Products.Five)
+      >>> zcml.load_config('permissions.zcml', Products.Five)
+
+    Now we provide some ZCML declarations for ``Dummy1``:
+
+      >>> configure_zcml = '''
+      ... <configure xmlns="http://namespaces.zope.org/zope">
+      ...
+      ...   <class class="Products.Five.tests.test_security.Dummy3">
+      ...       <require
+      ...           permission="zope2.View"
+      ...           interface="Products.Five.tests.test_security.IDummy3"
+      ...           />
+      ...       <require
+      ...           permission="cmf.ModifyPortalContent"
+      ...           set_schema="Products.Five.tests.test_security.IDummy3"
+      ...           />
+      ...   </class>
+      ...
+      ...   <class class="Products.Five.tests.test_security.Dummy4">
+      ...       <require
+      ...           permission="cmf.ModifyPortalContent"
+      ...           set_attributes="foo"
+      ...           />
+      ...   </class>
+      ...
+      ... </configure>
+      ... '''
+      
+      Running this should not throw an exception (but will print a warning to
+      stderr)
+      
+      >>> zcml.load_string(configure_zcml)
+      >>> tearDown()
+    """
+
 def test_checkPermission():
     """
     Test checkPermission