[Zope3-checkins]
SVN: Zope3/branches/ZopeX3-3.0/src/zope/app/component/
Added "trusted" option for defining trusted subscribers.
Jim Fulton
jim at zope.com
Fri Aug 20 13:02:07 EDT 2004
Log message for revision 27189:
Added "trusted" option for defining trusted subscribers.
Deprecated zope.security.trustedRemoveSecurityProxy and
zope.security.getProxiedObject. Use zope.security.removeSecurityProxy
instead. (This should also be used rather than removeAllProxies.)
Changed:
U Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py
U Zope3/branches/ZopeX3-3.0/src/zope/app/component/metadirectives.py
U Zope3/branches/ZopeX3-3.0/src/zope/app/component/tests/test_directives.py
-=-
Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py 2004-08-20 17:02:03 UTC (rev 27188)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/component/metaconfigure.py 2004-08-20 17:02:06 UTC (rev 27189)
@@ -73,7 +73,8 @@
return ob
-def subscriber(_context, factory, for_, provides=None, permission=None):
+def subscriber(_context, factory, for_, provides=None, permission=None,
+ trusted=False):
factory = [factory]
if permission is not None:
@@ -98,6 +99,9 @@
ob = f(ob)
return ob
+ if trusted:
+ factory = TrustedAdapterFactory(factory)
+
_context.action(
discriminator = None,
callable = handler,
Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/component/metadirectives.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/component/metadirectives.py 2004-08-20 17:02:03 UTC (rev 27188)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/component/metadirectives.py 2004-08-20 17:02:06 UTC (rev 27189)
@@ -232,6 +232,20 @@
required=False
)
+ trusted = zope.configuration.fields.Bool(
+ title=u"Trusted",
+ description=u"""Make the subscriber a trusted subscriber
+
+ Trusted subscribers have unfettered access to the objects they
+ adapt. If asked to adapt security-proxied objects, then,
+ rather than getting an unproxied subscriber of security-proxied
+ objects, you get a security-proxied subscriber of unproxied
+ objects.
+ """,
+ required=False,
+ default=False,
+ )
+
class IUtilityDirective(IBasicComponentInformation):
"""Register a utility"""
Modified: Zope3/branches/ZopeX3-3.0/src/zope/app/component/tests/test_directives.py
===================================================================
--- Zope3/branches/ZopeX3-3.0/src/zope/app/component/tests/test_directives.py 2004-08-20 17:02:03 UTC (rev 27188)
+++ Zope3/branches/ZopeX3-3.0/src/zope/app/component/tests/test_directives.py 2004-08-20 17:02:06 UTC (rev 27189)
@@ -28,7 +28,7 @@
from zope.configuration.xmlconfig import xmlconfig, XMLConfig
from zope.configuration.exceptions import ConfigurationError
-from zope.proxy import getProxiedObject
+from zope.security.proxy import removeSecurityProxy
from zope.security.proxy import getTestProxyItems
import zope.app.component
@@ -124,6 +124,47 @@
self.assertEqual(a3.__class__, A3)
self.assertEqual(a3.context, (content, a1))
+ def testTrustedSubscriber(self):
+ from zope.app.component.tests.adapter import A1, A2, A3, I3
+ from zope.app.component.tests.adapter import IS
+ from zope.component.tests.components import Content
+
+ xmlconfig(StringIO(template % (
+ """
+ <subscriber
+ provides="zope.app.component.tests.adapter.IS"
+ factory="zope.app.component.tests.adapter.A3"
+ for="zope.component.tests.components.IContent
+ zope.app.component.tests.adapter.I1"
+ trusted="yes"
+ />
+ """
+ )))
+
+ # With an unproxied object, business as usual
+ content = Content()
+ a1 = A1()
+ subscribers = zapi.subscribers((content, a1), IS)
+
+ a3 = subscribers[0]
+
+ self.assertEqual(a3.__class__, A3)
+ self.assertEqual(a3.context, (content, a1))
+
+ # Now with a proxied object:
+ from zope.security.checker import ProxyFactory
+ p = ProxyFactory(content)
+
+ # we get a proxied subscriber:
+ a3 = zapi.subscribers((p, a1), IS)[0]
+ from zope.security.proxy import Proxy
+ self.assertEqual(type(a3), Proxy)
+
+
+ # around an unproxied object:
+ from zope.security.proxy import removeSecurityProxy
+ self.assert_(removeSecurityProxy(a3).context[0] is content)
+
def testSubscriber_w_no_provides(self):
from zope.app.component.tests.adapter import A1, A2, Handler, I3
from zope.component.tests.components import Content
@@ -211,7 +252,7 @@
"""
)))
- # With an unproxied object, busoness as usual
+ # With an unproxied object, business as usual
ob = Content()
self.assertEqual(type(I1(ob)), type(A1()))
@@ -225,9 +266,9 @@
self.assertEqual(type(a), Proxy)
# around an unproxied object:
- from zope.security.proxy import getProxiedObject
- a = getProxiedObject(a)
- a.context[0] is ob
+ from zope.security.proxy import removeSecurityProxy
+ a = removeSecurityProxy(a)
+ self.assert_(a.context[0] is ob)
@@ -398,7 +439,7 @@
adapter = ProxyFactory(IApp(Content()))
items = [item[0] for item in getTestProxyItems(adapter)]
self.assertEqual(items, ['a', 'f'])
- self.assertEqual(getProxiedObject(adapter).__class__, Comp)
+ self.assertEqual(removeSecurityProxy(adapter).__class__, Comp)
def testAdapterUndefinedPermission(self):
config = StringIO(template % (
@@ -490,7 +531,7 @@
utility = ProxyFactory(zapi.getUtility(IApp))
items = [item[0] for item in getTestProxyItems(utility)]
self.assertEqual(items, ['a', 'f'])
- self.assertEqual(getProxiedObject(utility), comp)
+ self.assertEqual(removeSecurityProxy(utility), comp)
def testUtilityUndefinedPermission(self):
config = StringIO(template % (
More information about the Zope3-Checkins
mailing list