[Zope3-checkins] CVS: Zope3/src/zope/app/contentdirective/tests - test_directives.py:1.4

Marius Gedminas mgedmin@codeworks.lt
Fri, 10 Jan 2003 09:06:30 -0500 

Update of /cvs-repository/Zope3/src/zope/app/contentdirective/tests
In directory cvs.zope.org:/tmp/cvs-serv27546/tests

Modified Files:
	test_directives.py 
Log Message:
Bug: <factory> configuration directive with permission="zope.Public" was
equivalent to one with no permission at all, and thus not accessible from
untrusted code.

Added a unit test to reproduce this and a bug fix.  Could someone familiar with
the code check it?  SteveA had some reservations about whether the directive
itself should perform security wrapping.



=== Zope3/src/zope/app/contentdirective/tests/test_directives.py 1.3 => 1.4 ===
--- Zope3/src/zope/app/contentdirective/tests/test_directives.py:1.3	Mon Dec 30 22:35:07 2002
+++ Zope3/src/zope/app/contentdirective/tests/test_directives.py	Fri Jan 10 09:06:28 2003
@@ -25,10 +25,12 @@
 from zope.configuration.xmlconfig import ZopeXMLConfigurationError
 from zope.app.tests.placelesssetup import PlacelessSetup
 from zope.security.management import newSecurityManager, system_user
+from zope.security.proxy import Proxy
 import zope.configuration
 import zope.app.security
 import zope.app.contentdirective
 from zope.app.security.exceptions import UndefinedPermissionError
+from zope.component import getService
 
 # explicitly import ExampleClass and IExample using full paths
 # so that they are the same objects as resolve will get.
@@ -140,6 +142,25 @@
             """)
         self.assertRaises(UndefinedPermissionError, xmlconfig, f,
                           testing=1)
+
+
+    def testFactoryPublicPermission(self):
+
+        f = configfile("""
+<permission id="zope.Foo" title="Zope Foo Permission" />
+
+<content class="zope.app.contentdirective.tests.exampleclass.ExampleClass">
+    <factory
+      id="Example"
+      permission="zope.Public"
+      title="Example content"
+      description="Example description"
+    />
+</content>
+            """)
+        xmlconfig(f)
+        factory = getService(None, 'Factories').getFactory('Example')
+        self.failUnless(type(factory) is Proxy)
 
 
 def test_suite():