Commit 545e8d9d authored by Jérome Perrin's avatar Jérome Perrin

remove some compatibility code for zope 2.7


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@28351 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 19b97e93
...@@ -95,6 +95,20 @@ class Setter(Method): ...@@ -95,6 +95,20 @@ class Setter(Method):
modified_object_list.append(instance) modified_object_list.append(instance)
return modified_object_list return modified_object_list
class __roles__:
@staticmethod
def rolesForPermissionOn(ob):
# we explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = ob.im_self._aq_dynamic('%s__roles__' % ob.__name__)
if roles is None:
return rolesForPermissionOn(None, ob.im_self, ('Manager',),
'_Modify_portal_content_Permission')
else:
# wrap explicitly, because we used _aq_dynamic
return roles.__of__(ob.im_self)
from Products.CMFCore.Expression import Expression from Products.CMFCore.Expression import Expression
def _evaluateTales(instance=None, value=None): def _evaluateTales(instance=None, value=None):
from Products.ERP5Type.Utils import createExpressionContext from Products.ERP5Type.Utils import createExpressionContext
...@@ -158,6 +172,20 @@ class Getter(Method): ...@@ -158,6 +172,20 @@ class Getter(Method):
psyco.bind(__call__) psyco.bind(__call__)
class __roles__:
@staticmethod
def rolesForPermissionOn(ob):
# we explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = ob.im_self._aq_dynamic('%s__roles__' % ob.__name__)
if roles is None:
return rolesForPermissionOn(None, ob.im_self, ('Manager',),
'_Access_contents_information_Permission')
else:
# wrap explicitly, because we used _aq_dynamic
return roles.__of__(ob.im_self)
class Tester(Method): class Tester(Method):
""" """
Tests if an attribute value exists Tests if an attribute value exists
...@@ -184,35 +212,3 @@ class Tester(Method): ...@@ -184,35 +212,3 @@ class Tester(Method):
def __call__(self, instance, *args, **kw): def __call__(self, instance, *args, **kw):
return getattr(aq_base(instance), self._storage_id, None) not in self._null return getattr(aq_base(instance), self._storage_id, None) not in self._null
try:
from ZODB.Transaction import Transaction
# Zope 2.7 do not patch
except ImportError:
# Zope 2.8, patch
class __roles__:
@staticmethod
def rolesForPermissionOn(ob):
# we explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = ob.im_self._aq_dynamic('%s__roles__' % ob.__name__)
if roles is None:
return rolesForPermissionOn(None, ob.im_self, ('Manager',),
'_Modify_portal_content_Permission')
else:
# wrap explicitly, because we used _aq_dynamic
return roles.__of__(ob.im_self)
Setter.__roles__ = __roles__
class __roles__:
@staticmethod
def rolesForPermissionOn(ob):
# we explictly call _aq_dynamic to prevent acquiering the attribute
# from container
roles = ob.im_self._aq_dynamic('%s__roles__' % ob.__name__)
if roles is None:
return rolesForPermissionOn(None, ob.im_self, ('Manager',),
'_Access_contents_information_Permission')
else:
# wrap explicitly, because we used _aq_dynamic
return roles.__of__(ob.im_self)
Getter.__roles__ = __roles__
...@@ -2304,13 +2304,6 @@ class TestPropertySheet: ...@@ -2304,13 +2304,6 @@ class TestPropertySheet:
def test_DefaultSecurityOnAccessors(self): def test_DefaultSecurityOnAccessors(self):
# Test accessors are protected correctly # Test accessors are protected correctly
try:
from ZODB.Transaction import Transaction
return
# Zope 2.7 do not test
except ImportError:
pass
self._addProperty('Person', self._addProperty('Person',
''' { 'id': 'foo_bar', ''' { 'id': 'foo_bar',
'type': 'string', 'type': 'string',
...@@ -2332,13 +2325,6 @@ class TestPropertySheet: ...@@ -2332,13 +2325,6 @@ class TestPropertySheet:
self.assertFalse(guarded_hasattr(obj, 'getFooBar')) self.assertFalse(guarded_hasattr(obj, 'getFooBar'))
def test_DefaultSecurityOnListAccessors(self): def test_DefaultSecurityOnListAccessors(self):
try:
from ZODB.Transaction import Transaction
return
# Zope 2.7 do not test
except ImportError:
pass
# Test list accessors are protected correctly # Test list accessors are protected correctly
self._addProperty('Person', self._addProperty('Person',
''' { 'id': 'foo_bar', ''' { 'id': 'foo_bar',
...@@ -2360,12 +2346,6 @@ class TestPropertySheet: ...@@ -2360,12 +2346,6 @@ class TestPropertySheet:
self.assertFalse(guarded_hasattr(obj, 'getFooBarList')) self.assertFalse(guarded_hasattr(obj, 'getFooBarList'))
def test_DefaultSecurityOnCategoryAccessors(self): def test_DefaultSecurityOnCategoryAccessors(self):
try:
from ZODB.Transaction import Transaction
return
# Zope 2.7 do not test
except ImportError:
pass
# Test category accessors are protected correctly # Test category accessors are protected correctly
obj = self.getPersonModule().newContent(portal_type='Person') obj = self.getPersonModule().newContent(portal_type='Person')
self.assertTrue(guarded_hasattr(obj, 'setRegion')) self.assertTrue(guarded_hasattr(obj, 'setRegion'))
...@@ -2402,13 +2382,6 @@ class TestPropertySheet: ...@@ -2402,13 +2382,6 @@ class TestPropertySheet:
self.assertFalse(guarded_hasattr(obj, 'getRegionRelatedValueList')) self.assertFalse(guarded_hasattr(obj, 'getRegionRelatedValueList'))
def test_PropertySheetSecurityOnAccessors(self): def test_PropertySheetSecurityOnAccessors(self):
try:
from ZODB.Transaction import Transaction
return
# Zope 2.7 do not test
except ImportError:
pass
# Test accessors are protected correctly when you specify the permission # Test accessors are protected correctly when you specify the permission
# in the property sheet. # in the property sheet.
self._addProperty('Person', self._addProperty('Person',
...@@ -2431,26 +2404,22 @@ class TestPropertySheet: ...@@ -2431,26 +2404,22 @@ class TestPropertySheet:
self.assertFalse(guarded_hasattr(obj, 'getFooBar')) self.assertFalse(guarded_hasattr(obj, 'getFooBar'))
def test_edit(self): def test_edit(self):
# not working in 2.7 as accessor not patched self._addProperty('Person',
try: ''' { 'id': 'foo_bar',
from ZODB.Transaction import Transaction 'write_permission' : 'Set own password',
except ImportError: 'read_permission' : 'Manage users',
self._addProperty('Person', 'type': 'string',
''' { 'id': 'foo_bar', 'mode': 'w', }''')
'write_permission' : 'Set own password', obj = self.getPersonModule().newContent(portal_type='Person')
'read_permission' : 'Manage users', obj.edit(foo_bar="v1")
'type': 'string', self.assertEqual(obj.getFooBar(), "v1")
'mode': 'w', }''')
obj = self.getPersonModule().newContent(portal_type='Person') obj.manage_permission('Set own password', [], 0)
obj.edit(foo_bar="v1") self.assertRaises(Unauthorized, obj.edit, foo_bar="v2")
self.assertEqual(obj.getFooBar(), "v1") self.assertEqual(obj.getFooBar(), "v1")
obj.manage_permission('Set own password', [], 0) obj._edit(foo_bar="v3")
self.assertRaises(Unauthorized, obj.edit, foo_bar="v2") self.assertEqual(obj.getFooBar(), "v3")
self.assertEqual(obj.getFooBar(), "v1")
obj._edit(foo_bar="v3")
self.assertEqual(obj.getFooBar(), "v3")
def test_accessor_security_and_getTitle_acquisition(self): def test_accessor_security_and_getTitle_acquisition(self):
obj = self.getOrganisationModule().newContent(portal_type='Organisation') obj = self.getOrganisationModule().newContent(portal_type='Organisation')
...@@ -2623,6 +2592,7 @@ class TestPropertySheet: ...@@ -2623,6 +2592,7 @@ class TestPropertySheet:
person.validate() person.validate()
self.assertRaises(WorkflowException, person.validate) self.assertRaises(WorkflowException, person.validate)
class TestAccessControl(ERP5TypeTestCase): class TestAccessControl(ERP5TypeTestCase):
# Isolate test in a dedicaced class in order not to break other tests # Isolate test in a dedicaced class in order not to break other tests
# when this one fails. # when this one fails.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment