[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/form/ No longer eating ForbiddenAttribute errors.

Garrett Smith garrett at mojave-corp.com
Wed Feb 9 17:08:07 EST 2005 

Log message for revision 29094:
  No longer eating ForbiddenAttribute errors.

Changed:
  U   Zope3/trunk/src/zope/app/form/tests/test_utility.py
  U   Zope3/trunk/src/zope/app/form/utility.py

-=-
Modified: Zope3/trunk/src/zope/app/form/tests/test_utility.py
===================================================================
--- Zope3/trunk/src/zope/app/form/tests/test_utility.py	2005-02-09 21:50:26 UTC (rev 29093)
+++ Zope3/trunk/src/zope/app/form/tests/test_utility.py	2005-02-09 22:08:07 UTC (rev 29094)
@@ -21,6 +21,7 @@
 from zope.component.interfaces import IViewFactory
 from zope.component.exceptions import ComponentLookupError
 from zope.publisher.browser import TestRequest
+from zope.security.interfaces import ForbiddenAttribute
 
 from zope.schema import Field, Int
 from zope.schema.interfaces import IField, IInt
@@ -537,6 +538,44 @@
      
         >>> tearDown()
         """
+
+    def test_forbiddenAttributes(self):
+        """Tests that forbidden attributes cause an error in widget setup.
+
+        >>> setUp()
+
+        If an attribute cannot be read from a source object because it's
+        forbidden, the ForbiddenAttribute error is allowed to pass through
+        to the caller.
+
+        We'll create a field that raises a ForbiddenError itself to simulate
+        what would happen when a proxied object's attribute is accessed without
+        the required permission.
+
+            >>> class AlwaysForbidden(Field):
+            ...     def get(self, source):
+            ...         raise ForbiddenAttribute(source, self.__name__)
+
+        We'll also create a schema using this field:
+
+            >>> class IMySchema(Interface):
+            ...     tryme = AlwaysForbidden()
+
+        When we use setUpEditWidgets to configure a view with IMySchema:
+
+            >>> view = BrowserView('some context', TestRequest())
+            >>> setUpEditWidgets(view, IMySchema)
+            Traceback (most recent call last):
+            ForbiddenAttribute: ('some context', 'tryme')
+
+        The same applies to setUpDisplayWidgets:
+
+            >>> setUpDisplayWidgets(view, IMySchema)
+            Traceback (most recent call last):
+            ForbiddenAttribute: ('some context', 'tryme')
+
+        >>> tearDown()
+        """
         
 class TestFormSetUp(object):
     

Modified: Zope3/trunk/src/zope/app/form/utility.py
===================================================================
--- Zope3/trunk/src/zope/app/form/utility.py	2005-02-09 21:50:26 UTC (rev 29093)
+++ Zope3/trunk/src/zope/app/form/utility.py	2005-02-09 22:08:07 UTC (rev 29094)
@@ -34,6 +34,7 @@
 """
 __docformat__ = 'restructuredtext'
 
+from zope.security.interfaces import ForbiddenAttribute
 from zope.schema import getFieldsInOrder
 from zope.app import zapi
 from zope.app.form.interfaces import IWidget
@@ -185,6 +186,8 @@
             viewType = inputType
         try:
             value = field.get(source)
+        except ForbiddenAttribute:
+            raise
         except AttributeError, v:
             value = no_value
         setUpWidget(view, name, field, viewType, value, prefix,

More information about the Zope3-Checkins mailing list