Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
ae79aa21
Commit
ae79aa21
authored
Apr 21, 2006
by
Alec Mitchell
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Merge fix for #2072 into trunk
parent
26faf842
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
77 additions
and
2 deletions
+77
-2
lib/python/OFS/Traversable.py
lib/python/OFS/Traversable.py
+14
-2
lib/python/OFS/tests/testTraverse.py
lib/python/OFS/tests/testTraverse.py
+63
-0
No files found.
lib/python/OFS/Traversable.py
View file @
ae79aa21
...
...
@@ -206,8 +206,20 @@ class Traversable:
else
:
# Can't determine container
container
=
_none
if
not
securityManager
.
validate
(
obj
,
container
,
name
,
next
):
try
:
validated
=
securityManager
.
validate
(
obj
,
container
,
name
,
next
)
except
Unauthorized
:
# If next is a simple unwrapped property, it's
# parentage is indeterminate, but it may have been
# acquired safely. In this case validate will
# raise an error, and we can explicitly check that
# our value was acquired safely.
validated
=
0
if
container
is
_none
and
\
guarded_getattr
(
obj
,
name
,
marker
)
is
next
:
validated
=
1
if
not
validated
:
raise
Unauthorized
,
name
else
:
if
restricted
:
...
...
lib/python/OFS/tests/testTraverse.py
View file @
ae79aa21
...
...
@@ -22,6 +22,7 @@ import cStringIO
import
transaction
import
ZODB
,
Acquisition
,
transaction
from
AccessControl
import
SecurityManager
,
Unauthorized
from
AccessControl.Permissions
import
access_contents_information
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.SecurityManagement
import
noSecurityManager
from
Acquisition
import
aq_base
...
...
@@ -102,6 +103,16 @@ class BoboTraversable(SimpleItem):
bb_status
=
'screechy'
class
BoboTraversableWithAcquisition
(
SimpleItem
):
"""
A BoboTraversable class which may use acquisition to find objects.
This is similar to how the __bobo_traverse__ added by Five behaves).
"""
def
__bobo_traverse__
(
self
,
request
,
name
):
return
Acquisition
.
aq_get
(
self
,
name
)
def
makeConnection
():
import
ZODB
from
ZODB.DemoStorage
import
DemoStorage
...
...
@@ -235,6 +246,58 @@ class TestTraverse( unittest.TestCase ):
self
.
failUnless
(
bb
.
restrictedTraverse
(
'manufactured'
)
is
42
)
def
testBoboTraverseToAcquiredObject
(
self
):
# Verify it's possible to use a __bobo_traverse__ which retrieves
# objects by acquisition
noSecurityManager
()
SecurityManager
.
setSecurityPolicy
(
self
.
oldPolicy
)
bb
=
BoboTraversableWithAcquisition
()
bb
=
bb
.
__of__
(
self
.
root
)
self
.
assertEqual
(
bb
.
restrictedTraverse
(
'folder1'
),
bb
.
folder1
)
self
.
assertEqual
(
Acquisition
.
aq_inner
(
bb
.
restrictedTraverse
(
'folder1'
)),
self
.
root
.
folder1
)
def
testBoboTraverseToAcquiredProtectedObject
(
self
):
# Verify it's possible to use a __bobo_traverse__ which retrieves
# objects by acquisition
noSecurityManager
()
SecurityManager
.
setSecurityPolicy
(
self
.
oldPolicy
)
folder
=
self
.
root
.
folder1
# restrict the ability to access the retrieved object itself
folder
.
manage_permission
(
access_contents_information
,
[],
0
)
bb
=
BoboTraversableWithAcquisition
()
bb
=
bb
.
__of__
(
self
.
root
)
self
.
failUnlessRaises
(
Unauthorized
,
self
.
root
.
folder1
.
restrictedTraverse
,
'folder1'
)
def
testBoboTraverseToAcquiredAttribute
(
self
):
# Verify it's possible to use __bobo_traverse__ to an acquired
# attribute
noSecurityManager
()
SecurityManager
.
setSecurityPolicy
(
self
.
oldPolicy
)
folder
=
self
.
root
.
folder1
folder
.
stuff
=
'stuff here'
bb
=
BoboTraversableWithAcquisition
()
bb
=
bb
.
__of__
(
folder
)
self
.
assertEqual
(
bb
.
restrictedTraverse
(
'stuff'
),
'stuff here'
)
def
testBoboTraverseToAcquiredProtectedAttribute
(
self
):
# Verify that using __bobo_traverse__ to get an acquired but
# protected attribute results in Unauthorized
noSecurityManager
()
SecurityManager
.
setSecurityPolicy
(
self
.
oldPolicy
)
folder
=
self
.
root
.
folder1
# We protect the the attribute by restricting access to the parent
folder
.
manage_permission
(
access_contents_information
,
[],
0
)
folder
.
stuff
=
'stuff here'
bb
=
BoboTraversableWithAcquisition
()
bb
=
bb
.
__of__
(
folder
)
self
.
failUnlessRaises
(
Unauthorized
,
self
.
root
.
folder1
.
restrictedTraverse
,
'stuff'
)
def
testAcquiredAttributeDenial
(
self
):
# Verify that restrictedTraverse raises the right kind of exception
# on denial of access to an acquired attribute. If it raises
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment