[Zope-Checkins] SVN: Zope/branches/2.12/src/Products/Five/browser/ Add support for the 'permission' attribute to browser:view
Martin Aspeli
optilude at gmx.net
Sat Jul 10 06:00:41 EDT 2010
Log message for revision 114488:
Add support for the 'permission' attribute to browser:view
Changed:
U Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
U Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
U Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml
-=-
Modified: Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py 2010-07-10 09:36:10 UTC (rev 114487)
+++ Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py 2010-07-10 10:00:41 UTC (rev 114488)
@@ -201,15 +201,7 @@
):
if permission is None:
permission = 'zope.Public'
- elif permission in ('zope.Public', 'zope2.Public'):
- # No need to warn about the default case
- pass
- else:
- warnings.warn("The permission option of the <browser:view /> "
- "directive is not supported in Zope 2. " + \
- "Ignored for %s in %s" %
- (str(class_), _context.info), stacklevel=3)
-
+
super(view, self).__init__(
_context, for_, permission, name=name, layer=layer,
class_=class_, allowed_interface=allowed_interface,
@@ -314,6 +306,42 @@
newclass, (for_, layer), self.provides, name,
_context.info),
)
+
+ # Security
+
+ _context.action(
+ discriminator = ('five:protectClass', newclass),
+ callable = protectClass,
+ args = (newclass, permission)
+ )
+
+ if allowed_attributes:
+ for attr in allowed_attributes:
+ _context.action(
+ discriminator = ('five:protectName', newclass, attr),
+ callable = protectName,
+ args = (newclass, attr, permission)
+ )
+
+ # Make everything else private
+ allowed = allowed_attributes or []
+ private_attrs = [name for name in dir(newclass)
+ if (not name.startswith('_')) and
+ (name not in allowed) and
+ ismethod(getattr(newclass, name))]
+ for attr in private_attrs:
+ _context.action(
+ discriminator = ('five:protectName', newclass, attr),
+ callable = protectName,
+ args = (newclass, attr, CheckerPrivateId)
+ )
+
+ # Protect the class
+ _context.action(
+ discriminator = ('five:initialize:class', newclass),
+ callable = InitializeClass,
+ args = (newclass,)
+ )
_factory_map = {'image':{'prefix':'ImageResource',
'count':0,
Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt 2010-07-10 09:36:10 UTC (rev 114487)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt 2010-07-10 10:00:41 UTC (rev 114488)
@@ -253,12 +253,34 @@
>>> aq_parent(aq_inner(context))
<Folder at /test_folder_1_>
+The same applies to a view registered with <browser:view /> instead of
+<browser:page />
+
+ >>> request = TestRequest()
+ >>> view = getMultiAdapter((self.folder.testoid, request), name=u'permission_view')
+ >>> view.__ac_permissions__
+ (('View management screens', ('',)),)
+ >>> aq_acquire(view, '__roles__')
+ ('Manager',)
+ >>> context = view.context
+ >>> from Acquisition import ImplicitAcquisitionWrapper
+ >>> type(context) == ImplicitAcquisitionWrapper
+ True
+ >>> view.__parent__ == view.context
+ True
+ >>> aq_parent(view) == view.context
+ True
+ >>> context.aq_inner.aq_parent
+ <Folder at /test_folder_1_>
+ >>> aq_parent(aq_inner(context))
+ <Folder at /test_folder_1_>
+
High-level security
-------------------
>>> protected_view_names = [
... 'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
- ... 'condor.html']
+ ... 'condor.html', 'permission_view']
>>>
>>> public_view_names = [
... 'public_attribute_page',
Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml 2010-07-10 09:36:10 UTC (rev 114487)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml 2010-07-10 10:00:41 UTC (rev 114488)
@@ -232,7 +232,15 @@
class=".pages.SimpleView"
permission="zope2.Public"
/>
-
+
+ <!-- A named view with permissions -->
+ <browser:view
+ name="permission_view"
+ for="Products.Five.tests.testing.simplecontent.ISimpleContent"
+ class=".pages.CallView"
+ permission="zope2.ViewManagementScreens"
+ />
+
<!-- stuff that we'll override in overrides.zcml -->
<browser:page
for="Products.Five.tests.testing.simplecontent.ISimpleContent"
More information about the Zope-Checkins
mailing list