[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/ZMI/tests - testZMIViewUtility.py:1.1.2.5

Jim Fulton jim@zope.com
Tue, 12 Feb 2002 20:08:06 -0500 

Update of /cvs-repository/Zope3/lib/python/Zope/App/ZMI/tests
In directory cvs.zope.org:/tmp/cvs-serv19608/tests

Modified Files:
      Tag: Zope-3x-branch
	testZMIViewUtility.py 
Log Message:
Changed the approach for permission-filtering views to use
ZopePublication.PublicationTraverser. This is because we have to check
the same sort of traversal the publisher uses. We also need a request
so we can handle views. This means the logic had to move out to the
view utility (which is a view ;).

This is a lot of work.  

Maybe we can get the view permission at configuration time. This would
avoid traversal while filtering. This needs more thought.



=== Zope3/lib/python/Zope/App/ZMI/tests/testZMIViewUtility.py 1.1.2.4 => 1.1.2.5 ===
 from Zope.App.ZMI.IZMIViewService import IZMIViewService
 from Zope.ComponentArchitecture import getService, provideService
-from Zope.ComponentArchitecture import defineService, _clear
+from Zope.ComponentArchitecture import defineService, provideView, _clear
 from Zope.App.ZMI.ZMIViewUtility import ZMIViewUtility
+from Zope.Publisher.Browser.IBrowserPublisher import IBrowserPublisher
+from Zope.App.ZopePublication.Traversers import DefaultTraverser
+from Zope.App.Security.SecurityManagement import setSecurityPolicy
+from Zope.Exceptions import Unauthorized
+
+class SecurityPolicy:
+
+    def validate(self, name, value, context):
+        if getattr(value, 'bad', 0):
+            raise Unauthorized
+        
+    def checkPermission(self, permission, object, context):
+        return 1
+
 
 class Service:
     __implements__ = IZMIViewService
@@ -29,26 +43,51 @@
     def getViews(self, ob):
         return [('l1', 'a1'),
                 ('l2', 'a2/a3'),
+                ('lbad', 'abad'),
                 ('l3', 'a3;view'),]
 
+class I(Interface): pass
+class C:
+    __implements__ = I
+ob = C()
+ob.a1 = C()
+ob.a2 = C()
+ob.a2.a3 = C()
+ob.abad = C()
+ob.abad.bad=1
+
+class V:
+    def __init__(self, context): pass
+    __implements__ = IBrowserPublisher
+
 
 class Test(unittest.TestCase):
 
     def setUp(self):
         defineService('ZMIViewService', IZMIViewService)
         provideService('ZMIViewService', Service())
+        provideView(I, 'a3', IBrowserPublisher, V)
+        provideView(None, '_traverse', IBrowserPublisher, DefaultTraverser)
+        self.oldsp = setSecurityPolicy(SecurityPolicy())
 
     def tearDown(self):
         _clear()
+        setSecurityPolicy(self.oldsp)
 
     def test(self):
-        v = ZMIViewUtility(None)
+        v = ZMIViewUtility(ob)
+        v.setViewRequest(Request())
         self.assertEqual(v.getZMIViews(),
-                         [{'label':'l1', 'action':'a1;skin=zmi'},
-                          {'label':'l2', 'action':'a2;skin=zmi/a3'},
-                          {'label':'l3', 'action':'a3;view;skin=zmi'}
+                         [{'label':'l1', 'action':'../a1'},
+                          {'label':'l2', 'action':'../a2/a3'},
+                          {'label':'l3', 'action':'../a3;view'}
                           ])
-        
+
+class Request:
+    def getViewType(self):
+        return IBrowserPublisher
+    def getViewSkin(self):
+        return ''
         
 def test_suite():
     loader=unittest.TestLoader()