[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZMI/tests - sampleInterfaces.py:1.1.2.5 testZMIViewUtility.py:1.1.2.8

Jim Fulton jim@zope.com
Sun, 28 Apr 2002 13:17:13 -0400 

Update of /cvs-repository/Zope3/lib/python/Zope/App/ZMI/tests
In directory cvs.zope.org:/tmp/cvs-serv17050/lib/python/Zope/App/ZMI/tests

Modified Files:
      Tag: Zope-3x-branch
	sampleInterfaces.py testZMIViewUtility.py 
Log Message:
HOTYB: Merged SecurityProxy-branch into main branch.  

All tests pass and folders can be listed and added through the web.
It is likely that most other things don't work and will need to be
fixed. The reason is that many accesses that should have been checked
before are now being checked and additional checks and thinking about
permissions and security settings are needed.

I'm in the process of drafting a paper for the wiki that describes the
changes in more detail.


=== Zope3/lib/python/Zope/App/ZMI/tests/sampleInterfaces.py 1.1.2.4 => 1.1.2.5 ===
     def __init__(self, *args, **kw): pass
 
-    def restrictedTraverse(self, *args, **kw):
+    def traverse(self, *args, **kw):
         return None
 
 


=== Zope3/lib/python/Zope/App/ZMI/tests/testZMIViewUtility.py 1.1.2.7 => 1.1.2.8 ===
 from Zope.Publisher.Browser.IBrowserPublisher import IBrowserPublisher
 from Zope.App.ZopePublication.Traversers import DefaultTraverser
-from Zope.App.Security.SecurityManagement import setSecurityPolicy
+from Zope.Security.SecurityManagement import setSecurityPolicy
+from Zope.Security.SecurityManagement import newSecurityManager
 from Zope.Exceptions import Unauthorized
-
-class SecurityPolicy:
-
-    def validate(self, name, value, context):
-        if getattr(value, 'bad', 0):
-            raise Unauthorized
-        
-    def checkPermission(self, permission, object, context):
-        return 1
-
+from Zope.Security.Checker import defineChecker, NamesChecker, CheckerPublic
+from Zope.Security.Proxy import ProxyFactory
 
 class Service:
     __implements__ = IZMIViewService
@@ -51,6 +44,7 @@
 class I(Interface): pass
 class C:
     __implements__ = I
+
 ob = C()
 ob.a1 = C()
 ob.a2 = C()
@@ -70,14 +64,12 @@
         provideService('ZMIViewService', Service())
         provideView(I, 'a3', IBrowserPublisher, V)
         provideView(None, '_traverse', IBrowserPublisher, DefaultTraverser)
-        self.oldsp = setSecurityPolicy(SecurityPolicy())
-
-    def tearDown(self):
-        CleanUp.tearDown(self)
-        setSecurityPolicy(self.oldsp)
+        defineChecker(C, NamesChecker(['a1', 'a2', 'a3'], CheckerPublic,
+                                      abad='waaa'))
 
     def test(self):
-        v = ZMIViewUtility(ob)
+        newSecurityManager('who')
+        v = ZMIViewUtility(ProxyFactory(ob))
         v.setViewRequest(Request())
         self.assertEqual(v.getZMIViews(),
                          [{'label':'l1', 'action':'../a1'},