[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests - testBindings.py:1.1.2.5

Mon Jan 26 16:41:41 EST 2004

Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv608/lib/python/AccessControl/tests

Modified Files:
      Tag: Zope-2_6-branch
	testBindings.py 
Log Message:


  - Shared/DC/Scripts/Bindings.py:

    o Push script onto the execution stack before computing bindings, so
      that script proxy roles will be in effect during binding.

    o Harden "spacesuit" against Python / ZPublisher's willingness to use
      methods like __str__, __call__, and index_html.

  - Products/PythonScripts/PythonScript.py:

    o Remove code which pushes script onto the execution stack, since
      it is now done in the Binding base class.

  - AccessControl/tests/testBindings.py:

    o Make tests explicitly assert protection of "special" names;  also
      verify that proxy roles work during binding.


=== Zope/lib/python/AccessControl/tests/testBindings.py 1.1.2.4 => 1.1.2.5 ===

--- Zope/lib/python/AccessControl/tests/testBindings.py:1.1.2.4	Mon Jan 26 15:27:41 2004
+++ Zope/lib/python/AccessControl/tests/testBindings.py	Mon Jan 26 16:41:10 2004
@@ -77,8 +77,9 @@
 class FauxFolder(Folder):
 
     security = ClassSecurityInfo()
-    securlity.declareObjectPrivate()
+    security.declareObjectPrivate()
 
+    security.declarePrivate('__repr__')
     def __repr__(self):
         return '<FauxFolder: %s>' % self.getId()
 
@@ -186,12 +187,31 @@
         newSecurityManager(None, UnderprivilegedUser())
         root = self._makeTree()
         guarded = root._getOb('guarded')
+
         ps = guarded._getOb('bound_used_container_ps')
         self.assertRaises(Unauthorized, ps)
+
         ps = guarded._getOb('container_str_ps')
         self.assertRaises(Unauthorized, ps)
+
         ps = guarded._getOb('container_ps')
-        self.assertRaises(Unauthorized, ps)
+        container = ps()
+        self.assertRaises(Unauthorized, container)
+        self.assertRaises(Unauthorized, container.index_html)
+        try:
+            str(container)
+        except Unauthorized:
+            pass
+        else:
+            self.fail("str(container) didn't raise Unauthorized!")
+
+        ps = guarded._getOb('bound_used_container_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
+
+        ps = guarded._getOb('container_str_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
 
     def test_bound_used_container_allowed(self):
         from AccessControl.SecurityManagement import newSecurityManager
@@ -216,12 +236,31 @@
         newSecurityManager(None, UnderprivilegedUser())
         root = self._makeTree()
         guarded = root._getOb('guarded')
+
         ps = guarded._getOb('bound_used_context_ps')
         self.assertRaises(Unauthorized, ps)
+
         ps = guarded._getOb('context_str_ps')
         self.assertRaises(Unauthorized, ps)
+
         ps = guarded._getOb('context_ps')
-        self.assertRaises(Unauthorized, ps)
+        context = ps()
+        self.assertRaises(Unauthorized, context)
+        self.assertRaises(Unauthorized, context.index_html)
+        try:
+            str(context)
+        except Unauthorized:
+            pass
+        else:
+            self.fail("str(context) didn't raise Unauthorized!")
+
+        ps = guarded._getOb('bound_used_context_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
+
+        ps = guarded._getOb('context_str_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
 
     def test_bound_used_context_allowed(self):
         from AccessControl.SecurityManagement import newSecurityManager


