[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/pagelet/ Fix
permission for pagelets
Roger Ineichen
roger at projekt01.ch
Thu Mar 17 21:04:07 EST 2005
Log message for revision 29536:
Fix permission for pagelets
Changed:
U Zope3/trunk/src/zope/app/pagelet/collector.py
U Zope3/trunk/src/zope/app/pagelet/metaconfigure.py
U Zope3/trunk/src/zope/app/pagelet/tests/__init__.py
-=-
Modified: Zope3/trunk/src/zope/app/pagelet/collector.py
===================================================================
--- Zope3/trunk/src/zope/app/pagelet/collector.py 2005-03-17 22:44:37 UTC (rev 29535)
+++ Zope3/trunk/src/zope/app/pagelet/collector.py 2005-03-18 02:04:06 UTC (rev 29536)
@@ -18,7 +18,9 @@
__docformat__ = 'restructuredtext'
from zope.interface import implements
-from zope.interface import directlyProvides
+from zope.proxy import isProxy
+from zope.security import canAccess
+from zope.security.interfaces import Unauthorized
from zope.app import zapi
@@ -30,17 +32,18 @@
class MacrosCollector(object):
"""Replaceable sample implementation of IMacrosCollector.
-
+
Collects pagelets from the site manager.
Pagelet adapters are registred on context, request, view and slot
interfaces. Use your own IMacrosCollector implementation for
to support a layout manager.
Imports:
-
+
>>> from zope.interface import Interface
+ >>> from zope.security.checker import defineChecker
>>> from zope.publisher.browser import TestRequest
- >>> from zope.publisher.interfaces.browser import IBrowserRequest
+ >>> from zope.publisher.interfaces.browser import IDefaultBrowserLayer
>>> from zope.component.interfaces import IView
>>> from zope.app.publisher.browser import BrowserView
>>> from zope.app.pagelet.interfaces import IPagelet
@@ -48,10 +51,10 @@
>>> from zope.app.pagelet.tests import TestPagelet
>>> from zope.app.pagelet.tests import TestContext
>>> from zope.app.pagelet.tests import TestSlot
+ >>> from zope.app.pagelet.tests import testChecker
Setup pagelet:
- >>> ob = TestContext()
>>> name = 'testpagelet'
>>> factory = TestPagelet
@@ -59,13 +62,15 @@
>>> from zope.app.testing import placelesssetup, ztapi
>>> placelesssetup.setUp()
+ >>> defineChecker(factory, testChecker)
>>> gsm = zapi.getGlobalSiteManager()
>>> gsm.provideAdapter(
- ... (Interface, IBrowserRequest, IView, IPageletSlot)
+ ... (Interface, IDefaultBrowserLayer, IView, IPageletSlot)
... , IPagelet, name, factory)
Setup macros collector:
-
+
+ >>> ob = TestContext()
>>> request = TestRequest()
>>> view = BrowserView(ob, request)
>>> slot = TestSlot()
@@ -92,19 +97,20 @@
self.request = request
self.view = view
self.slot = slot
-
+
def macros(self):
macros = []
# collect pagelets
objects = self.context, self.request, self.view, self.slot
- adapters = zapi.getAdapters(objects, IPagelet)
- adapters.sort(lambda x, y: x[1].weight - y[1].weight)
+ pagelets = zapi.getAdapters(objects, IPagelet)
+ pagelets.sort(lambda x, y: x[1].weight - y[1].weight)
- for name, pagelet in adapters:
- # append pagelet macros
- macros.append(pagelet[name])
-
+ for name, pagelet in pagelets:
+ # append pagelet macros if the permission is correct
+ if canAccess(pagelet, '__getitem__'):
+ macros.append(pagelet[name])
+
return macros
@@ -119,12 +125,12 @@
to support a layout manager which can return a macro dependent
on additional rules.
+ Imports:
- Imports:
-
>>> from zope.interface import Interface
+ >>> from zope.security.checker import defineChecker
>>> from zope.publisher.browser import TestRequest
- >>> from zope.publisher.interfaces.browser import IBrowserRequest
+ >>> from zope.publisher.interfaces.browser import IDefaultBrowserLayer
>>> from zope.component.interfaces import IView
>>> from zope.app.publisher.browser import BrowserView
>>> from zope.app.pagelet.interfaces import IPagelet
@@ -132,10 +138,10 @@
>>> from zope.app.pagelet.tests import TestPagelet
>>> from zope.app.pagelet.tests import TestContext
>>> from zope.app.pagelet.tests import TestSlot
+ >>> from zope.app.pagelet.tests import testChecker
Setup pagelet:
- >>> ob = TestContext()
>>> name = 'testpagelet'
>>> factory = TestPagelet
@@ -143,13 +149,15 @@
>>> from zope.app.testing import placelesssetup, ztapi
>>> placelesssetup.setUp()
+ >>> defineChecker(factory, testChecker)
>>> gsm = zapi.getGlobalSiteManager()
>>> gsm.provideAdapter(
- ... (Interface, IBrowserRequest, IView, IPageletSlot)
+ ... (Interface, IDefaultBrowserLayer, IView, IPageletSlot)
... , IPagelet, name, factory)
Setup macros collector:
-
+
+ >>> ob = TestContext()
>>> request = TestRequest()
>>> view = BrowserView(ob, request)
>>> slot = TestSlot()
@@ -182,7 +190,11 @@
# collect a single pagelet which is a pagelet
objects = self.context, self.request, self.view, self.slot
- adapter = zapi.getMultiAdapter(objects, IPagelet, key)
-
- return adapter[key]
-
+ pagelet = zapi.getMultiAdapter(objects, IPagelet, key)
+
+ # rasie Unauthorized exception if we don't have the permission for
+ # calling the pagelet's macro code
+ if canAccess(pagelet, '__getitem__'):
+ return pagelet[key]
+ else:
+ raise Unauthorized(key)
Modified: Zope3/trunk/src/zope/app/pagelet/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/pagelet/metaconfigure.py 2005-03-17 22:44:37 UTC (rev 29535)
+++ Zope3/trunk/src/zope/app/pagelet/metaconfigure.py 2005-03-18 02:04:06 UTC (rev 29536)
@@ -72,7 +72,7 @@
self.view = view
def __getitem__(self, name):
- """Get the macro by name."""
+ """Get the zpt code defined in 'define-macro' by name."""
return self._template.macros[name]
def _getWeight (self):
@@ -89,7 +89,7 @@
required = {}
# set permission checker
- permission = _handle_permission(_context, permission)
+ permission = _handle_permission(permission)
if not name:
raise ConfigurationError("Must specify name.")
@@ -104,12 +104,10 @@
if not os.path.isfile(template):
raise ConfigurationError("No such file", template)
- required['__getitem__'] = permission
-
new_class = PageletClass(template, weight, bases=(simplepagelet, ))
# set permissions
- for n in ('__getitem__', '__call__', 'weight'):
+ for n in ('__getitem__', 'weight'):
required[n] = permission
#register interface
@@ -148,7 +146,7 @@
args = (iface, baseIface)
)
-def _handle_permission(_context, permission):
+def _handle_permission(permission):
if permission == 'zope.Public':
permission = CheckerPublic
return permission
Modified: Zope3/trunk/src/zope/app/pagelet/tests/__init__.py
===================================================================
--- Zope3/trunk/src/zope/app/pagelet/tests/__init__.py 2005-03-17 22:44:37 UTC (rev 29535)
+++ Zope3/trunk/src/zope/app/pagelet/tests/__init__.py 2005-03-18 02:04:06 UTC (rev 29536)
@@ -17,6 +17,7 @@
"""
__docformat__ = 'restructuredtext'
+import sys
from zope.interface import Interface, implements
from zope.security.checker import NamesChecker
@@ -44,7 +45,8 @@
implements(IPagelet)
- _template = ViewPageTemplateFile('testfiles/test_pagelet.pt')
+ frame = sys._getframe(1).f_globals
+ _template = ViewPageTemplateFile('testfiles/test_pagelet.pt', frame)
_weight = 0
def __init__(self, context, request, view, ignored):
@@ -81,4 +83,4 @@
return "A demo string."
-testChecker = NamesChecker(('__getitem__', 'request', 'weight'))
+testChecker = NamesChecker(['__getitem__', '__call__', 'weight'])
More information about the Zope3-Checkins
mailing list