Commit 6c4b4d71 authored by Martin Aspeli's avatar Martin Aspeli

Make the set_attributes and set_schema options to <class ...><require ......

Make the set_attributes and set_schema options to <class ...><require ... /></class> issue a warning rather than throw an exception. Whilst the concept doesn't make much sense in Zope 2, it's desirable to be able to re-use existing packages that do declare such protection
parent f50492af
...@@ -23,6 +23,11 @@ Known issues ...@@ -23,6 +23,11 @@ Known issues
Restructuring Restructuring
+++++++++++++ +++++++++++++
- Using <require set_schema="..." /> or <require set_attributes="..." /> in
the <class /> directive now emits a warning rather than an error. The
concept of protecting attribute 'set' does not exist in Zope 2, but it
should be possible to re-use packages that do declare such protection.
- Updated to DateTime 2.12.0. - Updated to DateTime 2.12.0.
- Updated to ZODB 3.9.0a12. - Updated to ZODB 3.9.0a12.
......
...@@ -16,12 +16,11 @@ ...@@ -16,12 +16,11 @@
$Id$ $Id$
""" """
import warnings import warnings
from zope.configuration.exceptions import ConfigurationError from zope.security import metaconfigure
from zope.app.component import contentdirective
from App.class_init import InitializeClass from App.class_init import InitializeClass
from Products.Five.security import protectName from Products.Five.security import protectName
class ClassDirective(contentdirective.ClassDirective): class ClassDirective(metaconfigure.ClassDirective):
def __protectName(self, name, permission_id): def __protectName(self, name, permission_id):
self.__context.action( self.__context.action(
...@@ -30,14 +29,17 @@ class ClassDirective(contentdirective.ClassDirective): ...@@ -30,14 +29,17 @@ class ClassDirective(contentdirective.ClassDirective):
args = (self.__class, name, permission_id) args = (self.__class, name, permission_id)
) )
def __protectSetAttributes(self, attributes, permissions): def __protectSetAttributes(self, names, permission_id):
raise ConfigurationError('set_attributes parameter not supported.') warnings.warn("The set_attribute option of the <require /> directive is not supported in Zope 2. " + \
"Ignored for %s" % str(self.__class), stacklevel=3)
def __proctectSetSchema(self, schema, permission): def __protectSetSchema(self, schema, permission):
raise ConfigurationError('set_schema parameter not supported.') warnings.warn("The set_schema option of the <require /> directive is not supported in Zope 2. " + \
"Ignored for %s" % str(self.__class), stacklevel=3)
def __mimic(self, _context, class_): def __mimic(self, _context, class_):
raise ConfigurationError('like_class parameter not supported.') warnings.warn("The like_class option of the <require /> directive is not supported in Zope 2. " + \
"Ignored for %s" % str(self.__class), stacklevel=3)
def __call__(self): def __call__(self):
return self.__context.action( return self.__context.action(
......
...@@ -18,6 +18,7 @@ $Id$ ...@@ -18,6 +18,7 @@ $Id$
from zope.interface import implements from zope.interface import implements
from zope.interface import Interface from zope.interface import Interface
from zope.schema import TextLine
from AccessControl.SecurityInfo import ClassSecurityInfo from AccessControl.SecurityInfo import ClassSecurityInfo
class ISuperDummy(Interface): class ISuperDummy(Interface):
...@@ -51,6 +52,16 @@ class Dummy2(Dummy1): ...@@ -51,6 +52,16 @@ class Dummy2(Dummy1):
security.declarePrivate('baz') security.declarePrivate('baz')
security.declareProtected('View management screens', 'keg') security.declareProtected('View management screens', 'keg')
class IDummy3(Interface):
attr = TextLine(title=u"Attribute")
class Dummy3:
implements(IDummy3)
attr = None
class Dummy4:
foo = None
def test_security_equivalence(): def test_security_equivalence():
"""This test demonstrates that the traditional declarative security of """This test demonstrates that the traditional declarative security of
Zope 2 can be replaced by ZCML statements without any loss of Zope 2 can be replaced by ZCML statements without any loss of
...@@ -219,6 +230,56 @@ def test_allowed_interface(): ...@@ -219,6 +230,56 @@ def test_allowed_interface():
>>> tearDown() >>> tearDown()
""" """
def test_set_warnings():
"""This test demonstrates that set_attributes and set_schema will result
in warnings, not errors. This type of protection doesn't make sense in
Zope 2, but we want to be able to re-use pure Zope 3 packages that use
them without error.
>>> from zope.app.testing.placelesssetup import setUp, tearDown
>>> setUp()
Before we can make security declarations through ZCML, we need to
register the directive and the permission:
>>> import Products.Five
>>> from Products.Five import zcml
>>> zcml.load_config('meta.zcml', Products.Five)
>>> zcml.load_config('permissions.zcml', Products.Five)
Now we provide some ZCML declarations for ``Dummy1``:
>>> configure_zcml = '''
... <configure xmlns="http://namespaces.zope.org/zope">
...
... <class class="Products.Five.tests.test_security.Dummy3">
... <require
... permission="zope2.View"
... interface="Products.Five.tests.test_security.IDummy3"
... />
... <require
... permission="cmf.ModifyPortalContent"
... set_schema="Products.Five.tests.test_security.IDummy3"
... />
... </class>
...
... <class class="Products.Five.tests.test_security.Dummy4">
... <require
... permission="cmf.ModifyPortalContent"
... set_attributes="foo"
... />
... </class>
...
... </configure>
... '''
Running this should not throw an exception (but will print a warning to
stderr)
>>> zcml.load_string(configure_zcml)
>>> tearDown()
"""
def test_checkPermission(): def test_checkPermission():
""" """
Test checkPermission Test checkPermission
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment