[Checkins] SVN: five.pt/trunk/src/five/pt/ allow access to RepeatItem as well
Leonardo Rochael Almeida
leorochael at gmail.com
Tue Sep 20 09:57:55 EST 2011
Log message for revision 122856:
allow access to RepeatItem as well
Changed:
U five.pt/trunk/src/five/pt/patches.py
U five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py
-=-
Modified: five.pt/trunk/src/five/pt/patches.py
===================================================================
--- five.pt/trunk/src/five/pt/patches.py 2011-09-20 12:46:23 UTC (rev 122855)
+++ five.pt/trunk/src/five/pt/patches.py 2011-09-20 14:57:54 UTC (rev 122856)
@@ -19,6 +19,7 @@
from chameleon.tales import StringExpr
from chameleon.tales import NotExpr
from chameleon.tal import RepeatDict
+from chameleon.tal import RepeatItem
from z3c.pt.expressions import PythonExpr
@@ -30,13 +31,17 @@
from .expressions import UntrustedPythonExpr
-# Declare Chameleon's repeat dictionary public
-RepeatDict.security = ClassSecurityInfo()
-RepeatDict.security.declareObjectPublic()
-RepeatDict.__allow_access_to_unprotected_subobjects__ = True
+# Declare Chameleon's repeat objects public
+_public_classes = [
+ RepeatDict,
+ RepeatItem,
+]
+for cls in _public_classes:
+ cls.security = ClassSecurityInfo()
+ cls.security.declareObjectPublic()
+ cls.__allow_access_to_unprotected_subobjects__ = True
+ InitializeClass(cls)
-InitializeClass(RepeatDict)
-
# Zope 2 Page Template expressions
_secure_expression_types = {
'python': UntrustedPythonExpr,
Modified: five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py
===================================================================
--- five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py 2011-09-20 12:46:23 UTC (rev 122855)
+++ five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py 2011-09-20 14:57:54 UTC (rev 122856)
@@ -181,7 +181,22 @@
template = self._makeOne('foo', repeat_object)
# this should not raise an Unauthorized error
self.assertEquals(template().strip().split(), u'0 1 2'.split())
+ # XXX-leorochael: the rest of this test is not actually
+ # testing the security access, but I couldn't find a simpler
+ # way to test if the RepeatItem instance itself allows public
+ # access, and there are convoluted situations in production
+ # that need RepeatItem to be declared public.
+ src = """
+ <tal:b repeat="x python: range(1)"
+ content="python: options['do'](repeat)" />
+ """.strip()
+ def do(repeat):
+ subobject_acces = '__allow_access_to_unprotected_subobjects__'
+ self.assertTrue(getattr(repeat['x'], subobject_acces, False))
+ template = self._makeOne('bar', src)
+ template(do=do)
+
def test_path_function(self):
# check that the "path" function inside a python expression works
self.folder.method = 'post'
More information about the checkins
mailing list