[Zope-Checkins] SVN: Zope/trunk/ Make the set_attributes and set_schema options to <class ...><require ... /></class> issue a warning rather than throw an exception. Whilst the concept doesn't make much sense in Zope 2, it's desirable to be able to re-use existing packages that do declare such protection
Martin Aspeli
optilude at gmx.net
Mon Apr 13 06:15:13 EDT 2009
Log message for revision 99145:
Make the set_attributes and set_schema options to <class ...><require ... /></class> issue a warning rather than throw an exception. Whilst the concept doesn't make much sense in Zope 2, it's desirable to be able to re-use existing packages that do declare such protection
Changed:
U Zope/trunk/doc/CHANGES.rst
U Zope/trunk/src/Products/Five/metaconfigure.py
U Zope/trunk/src/Products/Five/tests/test_security.py
-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================
--- Zope/trunk/doc/CHANGES.rst 2009-04-13 02:25:29 UTC (rev 99144)
+++ Zope/trunk/doc/CHANGES.rst 2009-04-13 10:15:12 UTC (rev 99145)
@@ -23,6 +23,11 @@
Restructuring
+++++++++++++
+- Using <require set_schema="..." /> or <require set_attributes="..." /> in
+ the <class /> directive now emits a warning rather than an error. The
+ concept of protecting attribute 'set' does not exist in Zope 2, but it
+ should be possible to re-use packages that do declare such protection.
+
- Updated to DateTime 2.12.0.
- Updated to ZODB 3.9.0a12.
Modified: Zope/trunk/src/Products/Five/metaconfigure.py
===================================================================
--- Zope/trunk/src/Products/Five/metaconfigure.py 2009-04-13 02:25:29 UTC (rev 99144)
+++ Zope/trunk/src/Products/Five/metaconfigure.py 2009-04-13 10:15:12 UTC (rev 99145)
@@ -16,12 +16,11 @@
$Id$
"""
import warnings
-from zope.configuration.exceptions import ConfigurationError
-from zope.app.component import contentdirective
+from zope.security import metaconfigure
from App.class_init import InitializeClass
from Products.Five.security import protectName
-class ClassDirective(contentdirective.ClassDirective):
+class ClassDirective(metaconfigure.ClassDirective):
def __protectName(self, name, permission_id):
self.__context.action(
@@ -30,14 +29,17 @@
args = (self.__class, name, permission_id)
)
- def __protectSetAttributes(self, attributes, permissions):
- raise ConfigurationError('set_attributes parameter not supported.')
+ def __protectSetAttributes(self, names, permission_id):
+ warnings.warn("The set_attribute option of the <require /> directive is not supported in Zope 2. " + \
+ "Ignored for %s" % str(self.__class), stacklevel=3)
- def __proctectSetSchema(self, schema, permission):
- raise ConfigurationError('set_schema parameter not supported.')
+ def __protectSetSchema(self, schema, permission):
+ warnings.warn("The set_schema option of the <require /> directive is not supported in Zope 2. " + \
+ "Ignored for %s" % str(self.__class), stacklevel=3)
def __mimic(self, _context, class_):
- raise ConfigurationError('like_class parameter not supported.')
+ warnings.warn("The like_class option of the <require /> directive is not supported in Zope 2. " + \
+ "Ignored for %s" % str(self.__class), stacklevel=3)
def __call__(self):
return self.__context.action(
Modified: Zope/trunk/src/Products/Five/tests/test_security.py
===================================================================
--- Zope/trunk/src/Products/Five/tests/test_security.py 2009-04-13 02:25:29 UTC (rev 99144)
+++ Zope/trunk/src/Products/Five/tests/test_security.py 2009-04-13 10:15:12 UTC (rev 99145)
@@ -18,6 +18,7 @@
from zope.interface import implements
from zope.interface import Interface
+from zope.schema import TextLine
from AccessControl.SecurityInfo import ClassSecurityInfo
class ISuperDummy(Interface):
@@ -51,6 +52,16 @@
security.declarePrivate('baz')
security.declareProtected('View management screens', 'keg')
+class IDummy3(Interface):
+ attr = TextLine(title=u"Attribute")
+
+class Dummy3:
+ implements(IDummy3)
+ attr = None
+
+class Dummy4:
+ foo = None
+
def test_security_equivalence():
"""This test demonstrates that the traditional declarative security of
Zope 2 can be replaced by ZCML statements without any loss of
@@ -219,6 +230,56 @@
>>> tearDown()
"""
+def test_set_warnings():
+ """This test demonstrates that set_attributes and set_schema will result
+ in warnings, not errors. This type of protection doesn't make sense in
+ Zope 2, but we want to be able to re-use pure Zope 3 packages that use
+ them without error.
+
+ >>> from zope.app.testing.placelesssetup import setUp, tearDown
+ >>> setUp()
+
+ Before we can make security declarations through ZCML, we need to
+ register the directive and the permission:
+
+ >>> import Products.Five
+ >>> from Products.Five import zcml
+ >>> zcml.load_config('meta.zcml', Products.Five)
+ >>> zcml.load_config('permissions.zcml', Products.Five)
+
+ Now we provide some ZCML declarations for ``Dummy1``:
+
+ >>> configure_zcml = '''
+ ... <configure xmlns="http://namespaces.zope.org/zope">
+ ...
+ ... <class class="Products.Five.tests.test_security.Dummy3">
+ ... <require
+ ... permission="zope2.View"
+ ... interface="Products.Five.tests.test_security.IDummy3"
+ ... />
+ ... <require
+ ... permission="cmf.ModifyPortalContent"
+ ... set_schema="Products.Five.tests.test_security.IDummy3"
+ ... />
+ ... </class>
+ ...
+ ... <class class="Products.Five.tests.test_security.Dummy4">
+ ... <require
+ ... permission="cmf.ModifyPortalContent"
+ ... set_attributes="foo"
+ ... />
+ ... </class>
+ ...
+ ... </configure>
+ ... '''
+
+ Running this should not throw an exception (but will print a warning to
+ stderr)
+
+ >>> zcml.load_string(configure_zcml)
+ >>> tearDown()
+ """
+
def test_checkPermission():
"""
Test checkPermission
More information about the Zope-Checkins
mailing list