[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/demo/pagelet/ Fix
permission for pagelets
Roger Ineichen
roger at projekt01.ch
Thu Mar 17 21:04:46 EST 2005
Log message for revision 29538:
Fix permission for pagelets
Changed:
U Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml
U Zope3/trunk/src/zope/app/demo/pagelet/ftests.py
-=-
Modified: Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml 2005-03-18 02:04:28 UTC (rev 29537)
+++ Zope3/trunk/src/zope/app/demo/pagelet/browser/configure.zcml 2005-03-18 02:04:46 UTC (rev 29538)
@@ -71,16 +71,18 @@
weight="0"
/>
+ <!-- This pagelet is just visible with zope.ManageContent permission -->
<pagelet
name="demo_pagelet_macro2"
layer="zope.publisher.interfaces.browser.IBrowserRequest"
slot="..interfaces.IDemoSlot"
template="demo_pagelet.pt"
for="..interfaces.IPageletContent"
- permission="zope.View"
+ permission="zope.ManageContent"
weight="1"
/>
+ <!-- This pagelet is just visible with zope.ManageContent permission -->
<pagelet
name="demo_pagedata_pagelet_macro"
layer="zope.publisher.interfaces.browser.IBrowserRequest"
Modified: Zope3/trunk/src/zope/app/demo/pagelet/ftests.py
===================================================================
--- Zope3/trunk/src/zope/app/demo/pagelet/ftests.py 2005-03-18 02:04:28 UTC (rev 29537)
+++ Zope3/trunk/src/zope/app/demo/pagelet/ftests.py 2005-03-18 02:04:46 UTC (rev 29538)
@@ -43,18 +43,31 @@
self.assertEqual(response.getHeader('Location'),
'http://localhost/@@contents.html')
- # check the content of the pagelet
+ # check the content of the pagelet without permission
+ # we should not get the pagelet content
response = self.publish('/pagelet/@@index.html')
self.assertEqual(response.getStatus(), 200)
body = ' '.join(response.getBody().split())
- self.assert_(body.find('<div>aTitle</div>') >= 0)
- self.assert_(body.find('<span>global demo variable</span>') >= 0)
- self.assert_(body.find('<h4>Pagelet: demo_pagelet.pt</h4>') >= 0)
- self.assert_(body.find('<h4>Pagelet: demo_pagedata_pagelet.pt</h4>')
- >= 0)
- self.assert_(body.find('<span>DemoPageData title</span>') >= 0)
+ self.assert_(body.find('<div>aTitle</div>') != -1)
+ # This pagelet is visible because of the zope.View permission
+ self.assert_(body.find('Macro: demo_pagelet_macro') != -1)
+
+ # we don't have zope.ManageContent permission where is required
+ self.assert_(body.find('demo_pagelet_macro2') == -1)
+ # check the content of the pagelet with permission
+ # now we should see the content of the pagelet
+ response = self.publish('/pagelet/@@index.html', basic='mgr:mgrpw')
+ self.assertEqual(response.getStatus(), 200)
+ body = ' '.join(response.getBody().split())
+ self.assert_(body.find('<div>aTitle</div>') != -1)
+
+ # As zope.Manager we see both pagelets
+ self.assert_(body.find('Macro: demo_pagelet_macro') != -1)
+ self.assert_(body.find('demo_pagelet_macro2') == -1)
+
+
def test_suite():
return unittest.TestSuite((
unittest.makeSuite(TestPageletContent),
More information about the Zope3-Checkins
mailing list