[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZopePublication - PublicationTraverse.py:1.1.2.16 Traversers.py:1.1.2.17 ZopePublication.py:1.1.2.37

Jim Fulton jim@zope.com
Sun, 28 Apr 2002 13:17:13 -0400 

Update of /cvs-repository/Zope3/lib/python/Zope/App/ZopePublication
In directory cvs.zope.org:/tmp/cvs-serv17050/lib/python/Zope/App/ZopePublication

Modified Files:
      Tag: Zope-3x-branch
	PublicationTraverse.py Traversers.py ZopePublication.py 
Log Message:
HOTYB: Merged SecurityProxy-branch into main branch.  

All tests pass and folders can be listed and added through the web.
It is likely that most other things don't work and will need to be
fixed. The reason is that many accesses that should have been checked
before are now being checked and additional checks and thinking about
permissions and security settings are needed.

I'm in the process of drafting a paper for the wiki that describes the
changes in more detail.


=== Zope3/lib/python/Zope/App/ZopePublication/PublicationTraverse.py 1.1.2.15 => 1.1.2.16 ===
 from Zope.Publisher.Browser.IBrowserPublisher import IBrowserPublisher
 from Zope.ComponentArchitecture import getRequestView, getService
-from Zope.App.Security.SecurityManagement import getSecurityManager
 from Zope.Publisher.Exceptions import NotFound
 from types import StringTypes
-from Zope.ContextWrapper import Wrapper, getcontext
+from Zope.Proxy.ContextWrapper import ContextWrapper, getWrapperContext
 
 from Zope.App.OFS.Container.IContainer import IWriteContainer
 from Zope.App.OFS.ApplicationControl.ApplicationControl \
      import ApplicationController
+from Zope.Proxy.ProxyIntrospection import removeAllProxies
 
 class DuplicateNamespaces(Exception):
     """More than one namespace was specified in a request"""
@@ -42,7 +42,7 @@
 
         nm = name # the name to look up the object with
 
-        if name.find(';'):
+        if name.find(';') >= 0:
             # Process URI segment parameters. It makes sense to centralize
             # this here. Later it may be abstracted and distributed again,
             # but, if so it will be distributed to various path
@@ -91,7 +91,7 @@
         if nm == '.':
             return ob
                 
-        if request.getViewType().isImplementedBy(ob):
+        if request.getViewType().isImplementedBy(removeAllProxies(ob)):
             ob2 = ob.publishTraverse(request, nm)
         else:
             adapter = getRequestView(ob, '_traverse', request, self # marker
@@ -105,8 +105,7 @@
         return self._wrap(ob2, ob, name, nm)
 
     def _wrap(self, ob, parent, name, nm):
-        wrapped = Wrapper(ob, parent, name=name)
-        getSecurityManager().validate(nm, wrapped)
+        wrapped = ContextWrapper(ob, parent, name=name)
         return wrapped
 
     def _traverseview(self, request, ob, name):
@@ -174,7 +173,7 @@
                 return self._wrap(ob2, origOb, name, name)
                 
             except NotFound:
-                ob = getcontext(ob)
+                ob = getWrapperContext(ob)
                 if ob is None:
                     raise NotFound(origOb, name, request)
         raise ExcessiveWrapping(origOb, name, request)


=== Zope3/lib/python/Zope/App/ZopePublication/Traversers.py 1.1.2.16 => 1.1.2.17 ===
         if name.endswith(';view'):
             return getRequestView( ob, name[:-5], request)
-        if hasattr(ob, name):
-            subob = getattr(ob, name)
-        else:
+
+        subob = getattr(ob, name, self) # self is marker here
+        if subob is self:
+            # no attribute
             try:
                 subob = ob[name]
             except (KeyError, IndexError,


=== Zope3/lib/python/Zope/App/ZopePublication/ZopePublication.py 1.1.2.36 => 1.1.2.37 ===
 from Zope.Publisher.mapply import mapply
 from Zope.Publisher.Exceptions import Retry
-from Zope.App.Security.SecurityManagement import getSecurityManager
-from Zope.App.Security.SecurityManagement import newSecurityManager
+from Zope.Security.SecurityManagement import getSecurityManager
+from Zope.Security.SecurityManagement import newSecurityManager
 from Zope.App.Security.PrincipalRegistry import principalRegistry as prin_reg
 from Zope.Exceptions import Unauthorized
 
@@ -28,6 +28,8 @@
 from Zope.App.OFS.Folder.RootFolder import RootFolder
 from PublicationTraverse import PublicationTraverse
 
+from Zope.Security.Checker import ProxyFactory
+
 class RequestContainer:
     # TODO: add security assertion declaring access to REQUEST
 
@@ -101,7 +103,7 @@
         if app is None:
             raise SystemError, "Zope Application Not Found"
 
-        return app
+        return ProxyFactory(app)
 
     def callTraversalHooks(self, request, ob):
         # Call __before_publishing_traverse__ hooks