restricted py3

bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testRestrictedPythonSecurity.py

@@ -31,6 +31,7 @@ import tempfile
 import textwrap
 import unittest
 import uuid
+import six
 
 from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
 from Products.ERP5Type.tests.utils import createZODBPythonScript
@@ -121,41 +122,41 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
         return decimal.Decimal.from_float(3.3)
         ''')
 
-  def test_urlparse(self):
+  def test_six_moves_urlparse(self):
     self.createAndRunScript('''
-        import urlparse
-        return urlparse.urlparse("http://example.com/pa/th/?q=s").path
+        import six.moves.urllib.parse
+        return six.moves.urllib.parse.urlparse("http://example.com/pa/th/?q=s").path
         ''',
         expected='/pa/th/'
     )
     # access computed attributes (property) is also OK
     self.createAndRunScript('''
-        import urlparse
-        return urlparse.urlparse("http://example.com/pa/th/?q=s").hostname
+        import six.moves.urllib.parse
+        return six.moves.urllib.parse.urlparse("http://example.com/pa/th/?q=s").hostname
         ''',
         expected='example.com'
     )
     self.createAndRunScript('''
-        import urlparse
-        return urlparse.urlsplit("http://example.com/pa/th/?q=s").path
+        import six.moves.urllib.parse
+        return six.moves.urllib.parse.urlsplit("http://example.com/pa/th/?q=s").path
         ''',
         expected='/pa/th/'
     )
     self.createAndRunScript('''
-        import urlparse
-        return urlparse.urldefrag("http://example.com/#frag")[1]
+        import six.moves.urllib.parse
+        return six.moves.urllib.parse.urldefrag("http://example.com/#frag")[1]
         ''',
         expected='frag'
     )
     self.createAndRunScript('''
-        import urlparse
-        return urlparse.parse_qs("q=s")
+        import six.moves.urllib.parse
+        return six.moves.urllib.parse.parse_qs("q=s")
         ''',
         expected={'q': ['s']}
     )
     self.createAndRunScript('''
-        import urlparse
-        return urlparse.parse_qsl("q=s")
+        import six.moves.urllib.parse
+        return six.moves.urllib.parse.parse_qsl("q=s")
         ''',
         expected=[('q', 's')]
     )
@@ -342,11 +343,11 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
           except StopIteration:
             break
           except Exception as e:
-            result.append(repr(e))
+            result.append(str(type(e)))
         return result
         ''',
         kwargs={'generator': generator_with_not_allowed_objects()},
-        expected=["one", "Unauthorized()", 2],
+        expected=["one", str(Unauthorized), 2],
     )
 
   def test_json(self):
@@ -967,14 +968,22 @@ def test_suite():
     self.assertUnauth('subprocess', ())
   AccessControl.tests.testModuleSecurity.ModuleSecurityTests.test_unprotected_module = test_unprotected_module
   add_tests(suite, AccessControl.tests.testModuleSecurity)
-  import AccessControl.tests.testOwned
+  if six.PY2:
+    import AccessControl.tests.testOwned  # pylint:disable=no-name-in-module,import-error
     add_tests(suite, AccessControl.tests.testOwned)
+  else:
+    import AccessControl.tests.test_owner  # pylint:disable=no-name-in-module,import-error
+    add_tests(suite, AccessControl.tests.test_owner)
   import AccessControl.tests.testPermissionMapping
   add_tests(suite, AccessControl.tests.testPermissionMapping)
   import AccessControl.tests.testPermissionRole
   add_tests(suite, AccessControl.tests.testPermissionRole)
-  import AccessControl.tests.testRole
+  if six.PY2:
+    import AccessControl.tests.testRole  # pylint:disable=no-name-in-module,import-error
     add_tests(suite, AccessControl.tests.testRole)
+  else:
+    import AccessControl.tests.test_rolemanager  # pylint:disable=no-name-in-module,import-error
+    add_tests(suite, AccessControl.tests.test_rolemanager)
   import AccessControl.tests.testSecurityManager
   add_tests(suite, AccessControl.tests.testSecurityManager)
   import AccessControl.tests.testZCML

product/ERP5Type/Collections.py

@@ -29,11 +29,25 @@ Restricted collections module.
 
 From restricted python, use "import collections" (see patches/Restricted.py).
 """
+import six
+
 from collections import (
     Counter, defaultdict, deque, OrderedDict, namedtuple as _namedtuple)
 
-
-def namedtuple(typename, field_names, verbose=False, rename=False):
+if six.PY2:
+  def namedtuple(typename, field_names, verbose=False, rename=False):
     ret = _namedtuple(typename, field_names, verbose, rename)
     ret.__allow_access_to_unprotected_subobjects__ = 1
     return ret
+else:
+  def namedtuple(typename, field_names, rename=False, defaults=None, module=None):
+    ret = _namedtuple(
+      typename,
+      field_names,
+      rename=rename,
+      defaults=defaults,
+      module=module
+    )
+    ret.__allow_access_to_unprotected_subobjects__ = 1
+    return ret
+

product/ERP5Type/Six.py

@@ -48,5 +48,6 @@ from AccessControl.ZopeGuards import SafeIter
 iterkeys = lambda d: SafeIter(_six.iterkeys(d), d)
 itervalues = lambda d: SafeIter(_six.itervalues(d), d)
 
-from AccessControl.ZopeGuards import safe_builtins as _safe_builtins
-_safe_builtins['xrange'] = _six.moves.xrange
+if PY2:
+  from AccessControl.ZopeGuards import safe_builtins as _safe_builtins
+  _safe_builtins['xrange'] = _six.moves.xrange

product/ERP5Type/patches/Restricted.py

@@ -385,6 +385,8 @@ import six.moves.urllib.parse
 allow_module('six.moves.urllib.parse')
 allow_type(six.moves.urllib.parse.ParseResult)
 allow_type(six.moves.urllib.parse.SplitResult)
+# BBB this is different type on python3
+allow_type(type(six.moves.urllib.parse.urldefrag('')))
 ModuleSecurityInfo('six.moves.urllib.parse').declarePublic(
   'urlencode',
   'quote', 'unquote',