[Checkins] SVN: grokcore.view/trunk/s Bring over an ftest that
tests security declaration on views.
Philipp von Weitershausen
philikon at philikon.de
Tue Jul 22 15:10:39 EDT 2008
Log message for revision 88728:
Bring over an ftest that tests security declaration on views.
Added 'Public' permission to grokcore.view (temporarily until grokcore.security
emerges)
Changed:
U grokcore.view/trunk/setup.py
U grokcore.view/trunk/src/grokcore/view/__init__.py
U grokcore.view/trunk/src/grokcore/view/components.py
U grokcore.view/trunk/src/grokcore/view/ftesting.zcml
A grokcore.view/trunk/src/grokcore/view/ftests/view/require.py
-=-
Modified: grokcore.view/trunk/setup.py
===================================================================
--- grokcore.view/trunk/setup.py 2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/setup.py 2008-07-22 19:10:37 UTC (rev 88728)
@@ -39,6 +39,7 @@
'zope.testbrowser',
'zope.securitypolicy',
'zope.app.zcmlfiles',
+ 'zope.app.authentication',
],
entry_points="""
# -*- Entry points: -*-
Modified: grokcore.view/trunk/src/grokcore/view/__init__.py
===================================================================
--- grokcore.view/trunk/src/grokcore/view/__init__.py 2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/src/grokcore/view/__init__.py 2008-07-22 19:10:37 UTC (rev 88728)
@@ -2,7 +2,7 @@
from grokcore.view.directive import layer, view, require, template, templatedir
from grokcore.view.util import url
-from grokcore.view.components import View, Permission, GrokForm, Skin
+from grokcore.view.components import View, Permission, Public, GrokForm, Skin
from grokcore.view.components import PageTemplate, PageTemplateFile
from grokcore.view.components import IGrokLayer
Modified: grokcore.view/trunk/src/grokcore/view/components.py
===================================================================
--- grokcore.view/trunk/src/grokcore/view/components.py 2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/src/grokcore/view/components.py 2008-07-22 19:10:37 UTC (rev 88728)
@@ -21,6 +21,9 @@
pass
+Public = 'zope.Public'
+
+
class Skin(object):
pass
Modified: grokcore.view/trunk/src/grokcore/view/ftesting.zcml
===================================================================
--- grokcore.view/trunk/src/grokcore/view/ftesting.zcml 2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/src/grokcore/view/ftesting.zcml 2008-07-22 19:10:37 UTC (rev 88728)
@@ -24,6 +24,7 @@
<include package="zope.app.publication" /-->
<include package="zope.app.zcmlfiles" />
+ <include package="zope.app.authentication" />
<grok:grok package="grokcore.view.ftests" />
<securityPolicy
Copied: grokcore.view/trunk/src/grokcore/view/ftests/view/require.py (from rev 88673, grok/branches/grokcore.xxx/src/grok/ftests/security/require.py)
===================================================================
--- grokcore.view/trunk/src/grokcore/view/ftests/view/require.py (rev 0)
+++ grokcore.view/trunk/src/grokcore/view/ftests/view/require.py 2008-07-22 19:10:37 UTC (rev 88728)
@@ -0,0 +1,45 @@
+"""
+Viewing a protected view with insufficient privileges will yield
+Unauthorized:
+
+ >>> from zope.testbrowser.testing import Browser
+ >>> browser = Browser()
+ >>> browser.open("http://localhost/@@painting")
+ Traceback (most recent call last):
+ HTTPError: HTTP Error 401: Unauthorized
+
+When we log in (e.g. as a manager), we can access the view just fine:
+
+ >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+ >>> browser.handleErrors = False
+ >>> browser.open("http://localhost/@@painting")
+ >>> print browser.contents
+ What a beautiful painting.
+
+A view protected with 'zope.Public' is always accessible:
+
+ >>> browser = Browser()
+ >>> browser.open("http://localhost/@@publicnudity")
+ >>> print browser.contents
+ Everybody can see this.
+"""
+
+import grokcore.view as grok
+import zope.interface
+
+class ViewPainting(grok.Permission):
+ grok.name('cave.ViewPainting')
+
+class Painting(grok.View):
+ grok.context(zope.interface.Interface)
+ grok.require(ViewPainting)
+
+ def render(self):
+ return 'What a beautiful painting.'
+
+class PublicNudity(grok.View):
+ grok.context(zope.interface.Interface)
+ grok.require(grok.Public)
+
+ def render(self):
+ return 'Everybody can see this.'
More information about the Checkins
mailing list