Commit c29f5cda authored by Vincent Pelletier's avatar Vincent Pelletier

Allow restricted python to use HBTreeFolder2 iterators.

parent 55ad3274
......@@ -33,6 +33,7 @@ from AccessControl import getSecurityManager, ClassSecurityInfo
from AccessControl.Permissions import access_contents_information, \
view_management_screens
from zLOG import LOG, INFO, ERROR, WARNING
from AccessControl.SimpleObjectPolicies import ContainerAssertions
manage_addHBTreeFolder2Form = DTMLFile('folderAdd', globals())
......@@ -109,6 +110,7 @@ class HBTreeObjectIds(object):
except StopIteration:
del self._index, self._ikeys
raise IndexError
ContainerAssertions[HBTreeObjectIds] = 1
class HBTreeObjectItems(HBTreeObjectIds):
......@@ -119,6 +121,7 @@ class HBTreeObjectItems(HBTreeObjectIds):
def __getitem__(self, item):
object_id = HBTreeObjectIds.__getitem__(self, item)
return object_id, self._tree._getOb(object_id)
ContainerAssertions[HBTreeObjectItems] = 1
class HBTreeObjectValues(HBTreeObjectIds):
......@@ -128,6 +131,7 @@ class HBTreeObjectValues(HBTreeObjectIds):
def __getitem__(self, item):
return self._tree._getOb(HBTreeObjectIds.__getitem__(self, item))
ContainerAssertions[HBTreeObjectValues] = 1
class HBTreeFolder2Base (Persistent):
......
......@@ -26,6 +26,7 @@ import timeit
from textwrap import dedent
from Products.ERP5Type.tests.backportUnittest import expectedFailure
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.PythonScripts.PythonScript import PythonScript
class HBTreeFolder2Tests(ERP5TypeTestCase):
......@@ -222,6 +223,44 @@ class HBTreeFolder2Tests(ERP5TypeTestCase):
id_list.remove(i)
h._delOb(i)
def testRestrictedIteration(self):
"""
Check content iterators can be used by restricted python code.
"""
# To let restricted python access methods on folder
marker = object()
saved_class_attributes = {}
for method_id in ('objectIds', 'objectValues', 'objectItems'):
roles_id = method_id + '__roles__'
saved_class_attributes[roles_id] = getattr(HBTreeFolder2, roles_id,
marker)
setattr(HBTreeFolder2, roles_id, None)
try:
h = HBTreeFolder2()
# whatever value, as long as it has an __of__
h._setOb('foo', HBTreeFolder2())
script = PythonScript('script')
script.ZPythonScript_edit('h', dedent("""
for dummy in h.objectIds():
pass
for dummy in h.objectValues():
pass
for dummy in h.objectItems():
pass
"""))
class DummyRequest(object):
# To make Shared.DC.Scripts.Bindings.Bindings._getTraverseSubpath
# happy
other = {}
script.REQUEST = DummyRequest
script(h)
finally:
for roles_id, orig in saved_class_attributes.iteritems():
if orig is marker:
delattr(HBTreeFolder2, roles_id)
else:
setattr(HBTreeFolder2, roles_id, orig)
@expectedFailure
def _testPerformanceInDepth(self):
"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment