[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/demo/pagelet/ Fix permission for pagelets

Roger Ineichen roger at projekt01.ch
Thu Mar 17 21:04:46 EST 2005 

Log message for revision 29538:
  Fix permission for pagelets

Changed:
  U   Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml
  U   Zope3/trunk/src/zope/app/demo/pagelet/ftests.py

-=-
Modified: Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml	2005-03-18 02:04:28 UTC (rev 29537)
+++ Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml	2005-03-18 02:04:46 UTC (rev 29538)
@@ -71,16 +71,18 @@
       weight="0"
       />
 
+  <!-- This pagelet is just visible with zope.ManageContent permission -->
   <pagelet
       name="demo_pagelet_macro2"
       layer="zope.publisher.interfaces.browser.IBrowserRequest"
       slot="..interfaces.IDemoSlot"
       template="demo_pagelet.pt"
       for="..interfaces.IPageletContent"
-      permission="zope.View"
+      permission="zope.ManageContent"
       weight="1"
       />
 
+  <!-- This pagelet is just visible with zope.ManageContent permission -->
   <pagelet
       name="demo_pagedata_pagelet_macro"
       layer="zope.publisher.interfaces.browser.IBrowserRequest"

Modified: Zope3/trunk/src/zope/app/demo/pagelet/ftests.py
===================================================================
--- Zope3/trunk/src/zope/app/demo/pagelet/ftests.py	2005-03-18 02:04:28 UTC (rev 29537)
+++ Zope3/trunk/src/zope/app/demo/pagelet/ftests.py	2005-03-18 02:04:46 UTC (rev 29538)
@@ -43,18 +43,31 @@
         self.assertEqual(response.getHeader('Location'),
             'http://localhost/@@contents.html')
 
-        # check the content of the pagelet
+        # check the content of the pagelet without permission
+        # we should not get the pagelet content
         response = self.publish('/pagelet/@@index.html')
         self.assertEqual(response.getStatus(), 200)
         body = ' '.join(response.getBody().split())
-        self.assert_(body.find('<div>aTitle</div>') >= 0)
-        self.assert_(body.find('<span>global demo variable</span>') >= 0)
-        self.assert_(body.find('<h4>Pagelet: demo_pagelet.pt</h4>') >= 0)
-        self.assert_(body.find('<h4>Pagelet: demo_pagedata_pagelet.pt</h4>')
-            >= 0)
-        self.assert_(body.find('<span>DemoPageData title</span>') >= 0)
+        self.assert_(body.find('<div>aTitle</div>') != -1)
 
+        # This pagelet is visible because of the zope.View permission
+        self.assert_(body.find('Macro: demo_pagelet_macro') != -1)
+        
+        # we don't have zope.ManageContent permission where is required
+        self.assert_(body.find('demo_pagelet_macro2') == -1)
 
+        # check the content of the pagelet with permission
+        # now we should see the content of the pagelet
+        response = self.publish('/pagelet/@@index.html', basic='mgr:mgrpw')
+        self.assertEqual(response.getStatus(), 200)
+        body = ' '.join(response.getBody().split())
+        self.assert_(body.find('<div>aTitle</div>') != -1)
+
+        # As zope.Manager we see both pagelets
+        self.assert_(body.find('Macro: demo_pagelet_macro') != -1)
+        self.assert_(body.find('demo_pagelet_macro2') == -1)
+
+
 def test_suite():
     return unittest.TestSuite((
         unittest.makeSuite(TestPageletContent),

More information about the Zope3-Checkins mailing list