[CMF-checkins] SVN: CMF/trunk/CMFCore/ - don't allow IDs used by
Method Aliases
Yvo Schubbe
y.2005- at wcm-solutions.de
Sun Aug 7 12:00:41 EDT 2005
Log message for revision 37772:
- don't allow IDs used by Method Aliases
- made DummyUser.allowed more general
Changed:
U CMF/trunk/CMFCore/PortalFolder.py
U CMF/trunk/CMFCore/tests/base/dummy.py
U CMF/trunk/CMFCore/tests/test_PortalFolder.py
-=-
Modified: CMF/trunk/CMFCore/PortalFolder.py
===================================================================
--- CMF/trunk/CMFCore/PortalFolder.py 2005-08-07 15:59:22 UTC (rev 37771)
+++ CMF/trunk/CMFCore/PortalFolder.py 2005-08-07 16:00:41 UTC (rev 37772)
@@ -399,6 +399,10 @@
# don't allow an override.
if hasattr(ob, id) and id not in ob.contentIds():
raise BadRequest('The id "%s" is reserved.' % id)
+ # Don't allow ids used by Method Aliases.
+ ti = self.getTypeInfo()
+ if ti and ti.queryMethodID(id, context=self):
+ raise BadRequest('The id "%s" is reserved.' % id)
# Otherwise we're ok.
def _verifyObjectPaste(self, object, validate_src=1):
Modified: CMF/trunk/CMFCore/tests/base/dummy.py
===================================================================
--- CMF/trunk/CMFCore/tests/base/dummy.py 2005-08-07 15:59:22 UTC (rev 37771)
+++ CMF/trunk/CMFCore/tests/base/dummy.py 2005-08-07 16:00:41 UTC (rev 37772)
@@ -184,13 +184,17 @@
def reindexObjectSecurity(self):
pass
+ def contentIds(self):
+ return ('user_bar',)
+
class DummySite(DummyFolder):
""" A dummy portal folder.
"""
_domain = 'http://www.foobar.com'
_path = 'bar'
+ _isPortalRoot = 1
def absolute_url(self, relative=0):
return '/'.join( (self._domain, self._path, self._id) )
@@ -227,12 +231,12 @@
getUserName = getId
def allowed(self, object, object_roles=None):
- if object.getId() == 'portal_membership':
- return 0
- if object_roles:
- if 'FooAdder' in object_roles:
- return 0
- return 1
+ if object_roles is None or 'Anonymous' in object_roles:
+ return 1
+ for role in object_roles:
+ if role in self.getRolesInContext(object):
+ return 1
+ return 0
def getRolesInContext(self, object):
return ('Authenticated', 'Dummy', 'Member')
Modified: CMF/trunk/CMFCore/tests/test_PortalFolder.py
===================================================================
--- CMF/trunk/CMFCore/tests/test_PortalFolder.py 2005-08-07 15:59:22 UTC (rev 37771)
+++ CMF/trunk/CMFCore/tests/test_PortalFolder.py 2005-08-07 16:00:41 UTC (rev 37772)
@@ -42,6 +42,7 @@
from Products.CMFCore.tests.base.testcase import newSecurityManager
from Products.CMFCore.tests.base.testcase import noSecurityManager
from Products.CMFCore.tests.base.testcase import SecurityTest
+from Products.CMFCore.tests.base.tidata import FTIDATA_CMF15
from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY
from Products.CMFCore.tests.base.utils import has_path
from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI
@@ -372,7 +373,7 @@
self.assertRaises(BadRequest, test._setObject, 'foo',
DummyContent('foo'))
- def test_checkIdRaisesBadRequest(self):
+ def test__checkId_Duplicate(self):
#
# _checkId() should raise BadRequest on duplicate id
#
@@ -380,6 +381,23 @@
test._setObject('foo', DummyContent('foo'))
self.assertRaises(BadRequest, test._checkId, 'foo')
+ def test__checkId_PortalRoot(self):
+ test = self._makeOne('test')
+ acl_users = self.site._setObject('acl_users', DummyUserFolder())
+ test._checkId('acl_users')
+ newSecurityManager(None, acl_users.user_foo)
+ self.assertRaises(BadRequest, test._checkId, 'acl_users')
+
+ def test__checkId_MethodAlias(self):
+ test = self._makeOne('test')
+ test._setPortalTypeName('Dummy Content 15')
+ ttool = self.site._setObject('portal_types', TypesTool())
+ ttool._setObject('Dummy Content 15', FTI(**FTIDATA_CMF15[0]))
+ acl_users = self.site._setObject('acl_users', DummyUserFolder())
+ test._checkId('view.html')
+ newSecurityManager(None, acl_users.user_foo)
+ self.assertRaises(BadRequest, test._checkId, 'view.html')
+
def test_checkIdAvailableCatchesBadRequest(self):
#
# checkIdAvailable() should catch BadRequest
More information about the CMF-checkins
mailing list