[Zope3-checkins] CVS: Zope3/lib/python/Zope/App/Publisher/Browser - FileResource.py:1.7 ViewMeta.py:1.6
Steve Alexander
steve@cat-box.net
Mon, 28 Oct 2002 13:41:49 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Publisher/Browser
In directory cvs.zope.org:/tmp/cvs-serv10546/python/Zope/App/Publisher/Browser
Modified Files:
FileResource.py ViewMeta.py
Log Message:
Fixed collector issue http://collector.zope.org/Zope3-dev/78
Resources and pages of named views are now wrapped with security
proxies at the factory.
Updated tests to remove proxies from views etc. when the test is not
concerned with security.
=== Zope3/lib/python/Zope/App/Publisher/Browser/FileResource.py 1.6 => 1.7 ===
--- Zope3/lib/python/Zope/App/Publisher/Browser/FileResource.py:1.6 Wed Jul 17 19:18:05 2002
+++ Zope3/lib/python/Zope/App/Publisher/Browser/FileResource.py Mon Oct 28 13:41:18 2002
@@ -27,6 +27,8 @@
from Zope.App.Publisher.Browser.Resource import Resource
from Zope.Misc.DateTimeParse import time as timeFromDateTimeString
+from Zope.Security.Proxy import ProxyFactory
+
class FileResource(BrowserView, Resource):
__implements__ = IBrowserResource, IBrowserPublisher
@@ -119,7 +121,7 @@
self.__file = File(path)
def __call__(self, request):
- return FileResource(self.__file, request)
+ return ProxyFactory(FileResource(self.__file, request))
class ImageResourceFactory:
@@ -127,4 +129,4 @@
self.__file = Image(path)
def __call__(self, request):
- return FileResource(self.__file, request)
+ return ProxyFactory(FileResource(self.__file, request))
=== Zope3/lib/python/Zope/App/Publisher/Browser/ViewMeta.py 1.5 => 1.6 ===
--- Zope3/lib/python/Zope/App/Publisher/Browser/ViewMeta.py:1.5 Tue Oct 22 15:17:23 2002
+++ Zope3/lib/python/Zope/App/Publisher/Browser/ViewMeta.py Mon Oct 28 13:41:18 2002
@@ -102,6 +102,12 @@
if self.__default is None:
self.__default = name
+ # Call super(view, self).page() in order to get the side
+ # effects. (At the time of writing, this is to increment
+ # self.pages by one.)
+ # Throw away the result, as all the pages are accessed by
+ # traversing the PageTraverser subclass.
+ super(view, self).page(_context, name, attribute)
return ()
factory = self.factory
@@ -199,7 +205,7 @@
# needs to be rewrapped
view.__Security_checker__ = checker
- return view
+ return Proxy(view, checker)
factory[-1] = proxyView
@@ -224,20 +230,23 @@
(klass.__implements__, PageTraverser.__implements__),
}
for name in self.__pages:
- attribute, permission, template = self.__pages[name]
+ attribute, permission, template = self.__pages[name]
+
+ # We need to set the default permission on pages if the pages
+ # don't already have a permission explicitly set
+ permission = permission or self.permission
if permission == 'Zope.Public':
permission = CheckerPublic
- if attribute:
- require[attribute] = permission
- else:
+ if not attribute:
attribute = name
- require[attribute] = permission
+
+ require[attribute] = permission
if template:
klassdict[attribute] = ViewPageTemplateFile(template)
- klassdict['_PageTraverser__pages'][name] = attribute
+ klassdict['_PageTraverser__pages'][name] = attribute, permission
klass = type(klass.__name__,
(klass, PageTraverser, object),
@@ -245,6 +254,12 @@
factory[-1] = klass
self.factory = factory
+ permission_for_browser_publisher = self.permission
+ if permission_for_browser_publisher == 'Zope.Public':
+ permission_for_browser_publisher = CheckerPublic
+ for name in IBrowserPublisher.names(all=1):
+ require[name] = permission_for_browser_publisher
+
return super(view, self).__call__(require=require)
@@ -253,7 +268,10 @@
__implements__ = IBrowserPublisher
def publishTraverse(self, request, name):
- return getattr(self, self._PageTraverser__pages[name])
+ attribute, permission = self._PageTraverser__pages[name]
+ return Proxy(getattr(self, attribute),
+ NamesChecker(__call__=permission)
+ )
def browserDefault(self, request):
return self, (self._PageTraverser__default, )