[Zope-Checkins] CVS: Zope2 - ZopeGuards.py:1.1.2.4
shane@digicool.com
shane@digicool.com
Thu, 26 Apr 2001 15:20:42 -0400 (EDT)
Update of /cvs-repository/Zope2/lib/python/RestrictedPython
In directory korak:/tmp/cvs-serv29566
Modified Files:
Tag: RestrictedPythonBranch
ZopeGuards.py
Log Message:
Better exception handling
--- Updated File ZopeGuards.py in package Zope2 --
--- ZopeGuards.py 2001/04/26 15:59:07 1.1.2.3
+++ ZopeGuards.py 2001/04/26 19:20:40 1.1.2.4
@@ -94,19 +94,20 @@
return validate(inst, obj, name, v)
def guarded_getattr(inst, name, default=_marker):
- if name[:1]!='_':
- try:
- # Filter out the objects we can't access.
- if hasattr(inst, 'aq_acquire'):
- return inst.aq_acquire(name, aq_validate,
- getSecurityManager().validate)
- # Or just try to get the attribute directly.
- v = getattr(inst, name)
+ if name[:1] != '_':
+ # Try to get the attribute normally so that unusual
+ # exceptions are caught early.
+ try: v = getattr(inst, name)
except AttributeError:
if default is not _marker:
return default
- raise
- if getSecurityManager().validate(inst,inst,name,v):
+ raise AttributeError
+ validate = getSecurityManager().validate
+ # Filter out the objects we can't access.
+ if hasattr(inst, 'aq_acquire'):
+ return inst.aq_acquire(name, aq_validate, validate)
+ # Or just try to get the attribute directly.
+ if validate(inst, inst, name, v):
return v
raise Unauthorized, name
safe_builtins['getattr'] = guarded_getattr
@@ -125,7 +126,7 @@
# We don't guard slices
return object[index.start:index.stop]
v = object[index]
- if getSecurityManager().validate(object, object, None, v):
+ if getSecurityManager().validate(object, object, index, v):
return v
raise Unauthorized, 'unauthorized access to element %s' % `i`