[CMF-checkins] SVN: CMF/branches/1.5/C - don't allow IDs used by
Method Aliases
Yvo Schubbe
y.2005- at wcm-solutions.de
Sun Aug 7 11:59:22 EDT 2005
Log message for revision 37771:
- don't allow IDs used by Method Aliases
- made DummyUser.allowed more general
Changed:
U CMF/branches/1.5/CHANGES.txt
U CMF/branches/1.5/CMFCore/PortalFolder.py
U CMF/branches/1.5/CMFCore/tests/base/dummy.py
U CMF/branches/1.5/CMFCore/tests/test_PortalFolder.py
-=-
Modified: CMF/branches/1.5/CHANGES.txt
===================================================================
--- CMF/branches/1.5/CHANGES.txt 2005-08-07 14:38:18 UTC (rev 37770)
+++ CMF/branches/1.5/CHANGES.txt 2005-08-07 15:59:22 UTC (rev 37771)
@@ -1,3 +1,12 @@
+CMF 1.5.4-beta (unreleased)
+
+ Bug Fixes
+
+ - PortalFolder: Improved the _checkId method.
+ Method Aliases mask objects with matching IDs. Thus _checkId() and
+ checkIdAvailable() now make sure non-managers can't create objects with
+ IDs already taken by Method Aliases of the current folder.
+
CMF 1.5.3 (2005/08/07)
Bugs fixed
@@ -7,7 +16,6 @@
portal_syndication tool that relied on all syndication containers
deriving from PortalFolder (http://www.zope.org/Collectors/CMF/369)
-
CMF 1.5.3-beta (2005/08/02)
Bugs Fixed
Modified: CMF/branches/1.5/CMFCore/PortalFolder.py
===================================================================
--- CMF/branches/1.5/CMFCore/PortalFolder.py 2005-08-07 14:38:18 UTC (rev 37770)
+++ CMF/branches/1.5/CMFCore/PortalFolder.py 2005-08-07 15:59:22 UTC (rev 37771)
@@ -448,6 +448,10 @@
# don't allow an override.
if hasattr(ob, id) and id not in ob.contentIds():
raise BadRequest('The id "%s" is reserved.' % id)
+ # Don't allow ids used by Method Aliases.
+ ti = self.getTypeInfo()
+ if ti and ti.queryMethodID(id, context=self):
+ raise BadRequest('The id "%s" is reserved.' % id)
# Otherwise we're ok.
def _verifyObjectPaste(self, object, validate_src=1):
Modified: CMF/branches/1.5/CMFCore/tests/base/dummy.py
===================================================================
--- CMF/branches/1.5/CMFCore/tests/base/dummy.py 2005-08-07 14:38:18 UTC (rev 37770)
+++ CMF/branches/1.5/CMFCore/tests/base/dummy.py 2005-08-07 15:59:22 UTC (rev 37771)
@@ -184,13 +184,17 @@
def reindexObjectSecurity(self):
pass
+ def contentIds(self):
+ return ('user_bar',)
+
class DummySite(DummyFolder):
""" A dummy portal folder.
"""
_domain = 'http://www.foobar.com'
_path = 'bar'
+ _isPortalRoot = 1
def absolute_url(self, relative=0):
return '/'.join( (self._domain, self._path, self._id) )
@@ -227,12 +231,12 @@
getUserName = getId
def allowed(self, object, object_roles=None):
- if object.getId() == 'portal_membership':
- return 0
- if object_roles:
- if 'FooAdder' in object_roles:
- return 0
- return 1
+ if object_roles is None or 'Anonymous' in object_roles:
+ return 1
+ for role in object_roles:
+ if role in self.getRolesInContext(object):
+ return 1
+ return 0
def getRolesInContext(self, object):
return ('Authenticated', 'Dummy', 'Member')
Modified: CMF/branches/1.5/CMFCore/tests/test_PortalFolder.py
===================================================================
--- CMF/branches/1.5/CMFCore/tests/test_PortalFolder.py 2005-08-07 14:38:18 UTC (rev 37770)
+++ CMF/branches/1.5/CMFCore/tests/test_PortalFolder.py 2005-08-07 15:59:22 UTC (rev 37771)
@@ -50,6 +50,7 @@
from Products.CMFCore.tests.base.testcase import newSecurityManager
from Products.CMFCore.tests.base.testcase import noSecurityManager
from Products.CMFCore.tests.base.testcase import SecurityTest
+from Products.CMFCore.tests.base.tidata import FTIDATA_CMF15
from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY
from Products.CMFCore.tests.base.utils import has_path
from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI
@@ -384,7 +385,7 @@
self.assertRaises(BadRequest, test._setObject, 'foo',
DummyContent('foo'))
- def test_checkIdRaisesBadRequest(self):
+ def test__checkId_Duplicate(self):
#
# _checkId() should raise BadRequest on duplicate id
#
@@ -392,6 +393,23 @@
test._setObject('foo', DummyContent('foo'))
self.assertRaises(BadRequest, test._checkId, 'foo')
+ def test__checkId_PortalRoot(self):
+ test = self._makeOne('test')
+ acl_users = self.site._setObject('acl_users', DummyUserFolder())
+ test._checkId('acl_users')
+ newSecurityManager(None, acl_users.user_foo)
+ self.assertRaises(BadRequest, test._checkId, 'acl_users')
+
+ def test__checkId_MethodAlias(self):
+ test = self._makeOne('test')
+ test._setPortalTypeName('Dummy Content 15')
+ ttool = self.site._setObject('portal_types', TypesTool())
+ ttool._setObject('Dummy Content 15', FTI(**FTIDATA_CMF15[0]))
+ acl_users = self.site._setObject('acl_users', DummyUserFolder())
+ test._checkId('view.html')
+ newSecurityManager(None, acl_users.user_foo)
+ self.assertRaises(BadRequest, test._checkId, 'view.html')
+
def test_checkIdAvailableCatchesBadRequest(self):
#
# checkIdAvailable() should catch BadRequest
More information about the CMF-checkins
mailing list