[Zope-Checkins] CVS: Zope3/lib/python/Zope/PageTemplate - Expressions.py:1.1.2.7
Fred L. Drake, Jr.
fdrake@acm.org
Wed, 27 Feb 2002 17:49:56 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/PageTemplate
In directory cvs.zope.org:/tmp/cvs-serv22541
Modified Files:
Tag: Zope-3x-branch
Expressions.py
Log Message:
Update to use the Zope3 security infrastructure instead of the old-style APIs.
=== Zope3/lib/python/Zope/PageTemplate/Expressions.py 1.1.2.6 => 1.1.2.7 ===
TALESError, Undefined, Default
-def aq_base(ob):
- return ob
_engine = None
def getEngine():
@@ -42,26 +40,19 @@
reg('defer', DeferExpr)
if 0 and sys.modules.has_key('Zope'):
- import AccessControl
- from AccessControl import getSecurityManager, Unauthorized
- if hasattr(AccessControl, 'full_read_guard'):
- from ZRPythonExpr import PythonExpr, _SecureModuleImporter, \
- call_with_ns
- else:
- from ZPythonExpr import PythonExpr, _SecureModuleImporter, \
- call_with_ns
+ from Zope.App.Security.SecurityManagement import getSecurityManager
+ from Zope.Exceptions import Unauthorized
+ from ZRPythonExpr import PythonExpr, _SecureModuleImporter#, call_with_ns
SecureModuleImporter = _SecureModuleImporter()
else:
from PythonExpr import getSecurityManager, PythonExpr
- try:
- from zExceptions import Unauthorized
- except ImportError:
- Unauthorized = "Unauthorized"
- def call_with_ns(f, ns, arg=1):
- if arg==2:
- return f(None, ns)
- else:
- return f(ns)
+ from Zope.Exceptions import Unauthorized
+
+## def call_with_ns(f, ns, arg=1):
+## if arg == 2:
+## return f(None, ns)
+## else:
+## return f(ns)
class SecureModuleImporter:
def __getitem__(self, module):
@@ -75,21 +66,17 @@
Calls the object, possibly a document template, or just returns it if
not callable. (From DT_Util.py)
"""
- if hasattr(ob, '__render_with_namespace__'):
- ob = call_with_ns(ob.__render_with_namespace__, ns)
- else:
- base = aq_base(ob)
- if callable(base):
- try:
- if getattr(base, 'isDocTemp', 0):
- ob = call_with_ns(ob, ns, 2)
- else:
- ob = ob()
- except AttributeError, n:
- if str(n) != '__call__':
- raise
+## if hasattr(ob, '__render_with_namespace__'):
+## ob = call_with_ns(ob.__render_with_namespace__, ns)
+## elif hasattr(ob, "__call__"):
+ if hasattr(ob, "__call__"):
+ # We don't use callable(ob) since ExtensionClass-based content
+ # will return true even if they don't define a __call__()
+ # method; this is the same false positive as classic-classes.
+ ob = ob()
return ob
+
class PathExpr:
def __init__(self, name, expr, engine):
self._s = expr
@@ -240,7 +227,7 @@
def restrictedTraverse(self, path, securityManager,
- get=getattr, has=hasattr, N=None, M=[]):
+ get=getattr, has=hasattr, N=None, M=object()):
i = 0
if not path[0]:
@@ -263,49 +250,35 @@
# Never allowed in a URL.
raise AttributeError, name
- if name=='..':
+ if name == '..':
o = get(object, 'aq_parent', M)
if o is not M:
- if not validate(object, object, name, o):
- raise Unauthorized, name
- object=o
+ validate(name, o)
+ object = o
continue
- t=get(object, '__bobo_traverse__', N)
+ t = get(object, '__bobo_traverse__', N)
if t is not N:
- o=t(REQUEST, name)
-
- container = None
- if has(o, 'im_self'):
- container = o.im_self
- elif (has(get(object, 'aq_base', object), name)
- and get(object, name) == o):
- container = object
- if not validate(object, container, name, o):
- raise Unauthorized, name
+ o = t(REQUEST, name)
+
+## container = None
+## if has(o, 'im_self'):
+## container = o.im_self
+## elif (has(get(object, 'aq_base', object), name)
+## and get(object, name) == o):
+## container = object
+ validate(name, o)
else:
- o=get(object, name, M)
+ o = get(object, name, M)
if o is not M:
# Check security.
- if has(object, 'aq_acquire'):
- object.aq_acquire(
- name, validate2, validate)
- else:
- if not validate(object, object, name, o):
- raise Unauthorized, name
+ validate(name, o)
else:
try:
- o=object[name]
+ o = object[name]
except (AttributeError, TypeError):
raise AttributeError, name
- if not validate(object, object, name, o):
- raise Unauthorized, name
+ validate(name, o)
object = o
return object
-
-
-def validate2(orig, inst, name, v, real_validate):
- if not real_validate(orig, inst, name, v):
- raise Unauthorized, name
- return 1