[Checkins] SVN: zope.browserresource/trunk/ Add an ability to forbid publishing of some files in the resource directory. Now, by default, directory resources won't publish ".svn" subdirectory.
Dan Korostelev
nadako at gmail.com
Thu Sep 24 05:41:26 EDT 2009
Log message for revision 104477:
Add an ability to forbid publishing of some files in the resource directory. Now, by default, directory resources won't publish ".svn" subdirectory.
Changed:
U zope.browserresource/trunk/CHANGES.txt
U zope.browserresource/trunk/setup.py
U zope.browserresource/trunk/src/zope/browserresource/directory.py
U zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py
-=-
Modified: zope.browserresource/trunk/CHANGES.txt
===================================================================
--- zope.browserresource/trunk/CHANGES.txt 2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/CHANGES.txt 2009-09-24 09:41:25 UTC (rev 104477)
@@ -2,10 +2,14 @@
CHANGES
=======
-3.9.1 (unreleased)
-==================
+3.10.0 (unreleased)
+===================
-- ...
+- Add an ability to forbid publishing of some files in the resource directory,
+ this is done by fnmatch'ing the wildcards in the ``forbidden_names``class
+ attribute of ``DirectoryResource``. By default, the ``.svn`` is in that
+ attribute, so directories won't publish subversion system directory that can
+ contain private information.
3.9.0 (2009-08-27)
==================
Modified: zope.browserresource/trunk/setup.py
===================================================================
--- zope.browserresource/trunk/setup.py 2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/setup.py 2009-09-24 09:41:25 UTC (rev 104477)
@@ -19,7 +19,7 @@
open('CHANGES.txt').read())
setup(name='zope.browserresource',
- version = '3.9.1dev',
+ version = '3.10.0dev',
url='http://pypi.python.org/pypi/zope.browserresource/',
author='Zope Corporation and Contributors',
author_email='zope-dev at zope.org',
Modified: zope.browserresource/trunk/src/zope/browserresource/directory.py
===================================================================
--- zope.browserresource/trunk/src/zope/browserresource/directory.py 2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/src/zope/browserresource/directory.py 2009-09-24 09:41:25 UTC (rev 104477)
@@ -23,6 +23,7 @@
$Id$
"""
+import fnmatch
import os
from zope.component import queryUtility
@@ -55,6 +56,7 @@
default_factory = FileResourceFactory
directory_factory = None # this will be assigned later in the module
+ forbidden_names = ('.svn', )
def publishTraverse(self, request, name):
'''See interface IBrowserPublisher'''
@@ -71,6 +73,14 @@
return res
def get(self, name, default=_marker):
+
+ for pat in self.forbidden_names:
+ if fnmatch.fnmatch(name, pat):
+ if default is _marker:
+ raise NotFound(None, name)
+ else:
+ return default
+
path = self.context.path
filename = os.path.join(path, name)
isfile = os.path.isfile(filename)
Modified: zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py
===================================================================
--- zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py 2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py 2009-09-24 09:41:25 UTC (rev 104477)
@@ -16,6 +16,8 @@
$Id$
"""
import os
+import tempfile
+import shutil
from unittest import TestCase, main, makeSuite
from zope.publisher.interfaces import NotFound
@@ -81,6 +83,27 @@
self.assertRaises(KeyError, resource.__getitem__, 'doesnotexist')
file = resource['test.txt']
+ def testForbiddenNames(self):
+ request = TestRequest()
+ old_forbidden_names = DirectoryResource.forbidden_names
+ path = tempfile.mkdtemp()
+ try:
+ os.mkdir(os.path.join(path, '.svn'))
+ open(os.path.join(path, 'test.txt'), 'w').write('')
+
+ factory = DirectoryResourceFactory(path, checker, 'testfiles')
+ resource = factory(request)
+
+ self.assertEquals(resource.get('.svn', None), None)
+ self.assertNotEquals(resource.get('test.txt', None), None)
+
+ DirectoryResource.forbidden_names = ('*.txt', )
+ self.assertEquals(resource.get('test.txt', None), None)
+ self.assertNotEquals(resource.get('.svn', None), None)
+ finally:
+ shutil.rmtree(path)
+ DirectoryResource.forbidden_names = old_forbidden_names
+
def testProxy(self):
path = os.path.join(test_directory, 'testfiles')
request = TestRequest()
More information about the checkins
mailing list