[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/exception/browser/ Make unauthorized exception view smarter.

Gary Poster gary at zope.com
Fri Jan 6 15:04:45 EST 2006 

Log message for revision 41171:
  Make unauthorized exception view smarter.
  
  See http://mail.zope.org/pipermail/zope3-dev/2006-January/017376.html
  
  

Changed:
  U   Zope3/trunk/src/zope/app/exception/browser/configure.zcml
  U   Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py
  U   Zope3/trunk/src/zope/app/exception/browser/unauthorized.pt
  U   Zope3/trunk/src/zope/app/exception/browser/unauthorized.py

-=-
Modified: Zope3/trunk/src/zope/app/exception/browser/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/exception/browser/configure.zcml	2006-01-06 18:17:32 UTC (rev 41170)
+++ Zope3/trunk/src/zope/app/exception/browser/configure.zcml	2006-01-06 20:04:44 UTC (rev 41171)
@@ -22,10 +22,11 @@
       for="zope.security.interfaces.IUnauthorized"
       name="index.html"
       permission="zope.Public"
-      template="unauthorized.pt"
       class=".unauthorized.Unauthorized"
       />
 
+  <zope:adapter factory=".unauthorized.default_template" name="default" />
+
   <page
       for="zope.app.exception.interfaces.IUserError"
       name="index.html"

Modified: Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py
===================================================================
--- Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py	2006-01-06 18:17:32 UTC (rev 41170)
+++ Zope3/trunk/src/zope/app/exception/browser/tests/test_unauthorized.py	2006-01-06 20:04:44 UTC (rev 41171)
@@ -16,23 +16,17 @@
 $Id$
 """
 from unittest import TestCase, main, makeSuite
-from zope.interface import implements
+from zope import component, interface
+import zope.formlib.namedtemplate
 from zope.publisher.browser import TestRequest
+import zope.publisher.interfaces.browser
 from zope.app.testing import ztapi
 from zope.app.security.interfaces import IAuthentication, IPrincipal
 from zope.app.exception.browser.unauthorized import Unauthorized
 from zope.app.testing.placelesssetup import PlacelessSetup
 
-class Unauthorized(Unauthorized):
-    """Unusually done by ZCML."""
-
-    def __init__(self, context, request):
-        self.context = context
-        self.request = request
-
-
 class DummyPrincipal(object):
-    implements(IPrincipal)  # this is a lie
+    interface.implements(IPrincipal)  # this is a lie
 
     def __init__(self, id):
         self.id = id
@@ -41,16 +35,27 @@
         return self.id
 
 class DummyAuthUtility(object):
-    implements(IAuthentication)  # this is a lie
+    interface.implements(IAuthentication)  # this is a lie
 
+    status = None
+
     def unauthorized(self, principal_id, request):
         self.principal_id = principal_id
         self.request = request
+        if self.status is not None:
+            self.request.response.setStatus(self.status)
 
+class DummyTemplate (object):
 
-class DummyPrincipalSource(object):
-    pass
+    def __init__(self, context):
+        self.context = context
 
+    component.adapts(Unauthorized)
+    interface.implements(zope.formlib.namedtemplate.INamedTemplate)
+
+    def __call__(self):
+        return 'You are not authorized'
+
 class Test(PlacelessSetup, TestCase):
 
     def setUp(self):
@@ -62,6 +67,7 @@
         super(Test, self).tearDown()
 
     def testUnauthorized(self):
+        component.provideAdapter(DummyTemplate, name="default")
         exception = Exception()
         try:
             raise exception
@@ -70,8 +76,11 @@
         request = TestRequest()
         request.setPrincipal(DummyPrincipal(23))
         u = Unauthorized(exception, request)
-        u.issueChallenge()
+        res = u()
 
+        # Make sure that we rendered the expected template
+        self.assertEqual("You are not authorized", res)
+
         # Make sure the response status was set
         self.assertEqual(request.response.getStatus(), 403)
 
@@ -79,21 +88,26 @@
         self.failUnless(self.auth.request is request)
         self.assertEqual(self.auth.principal_id, 23)
 
-    def testPluggableAuthUtility(self):
-        exception = Exception()
+    def testRedirect(self):
+        exception= Exception()
         try:
             raise exception
         except:
             pass
         request = TestRequest()
-        psrc = DummyPrincipalSource()
         request.setPrincipal(DummyPrincipal(23))
         u = Unauthorized(exception, request)
-        u.issueChallenge()
+        
+        self.auth.status = 303
+        
+        res = u()
 
-        # Make sure the response status was set
-        self.assertEqual(request.response.getStatus(), 403)
+        # Make sure that the template was not rendered
+        self.assert_(res is None)
 
+        # Make sure the auth's redirect is honored
+        self.assertEqual(request.response.getStatus(), 303)
+
         # Make sure the auth utility was called
         self.failUnless(self.auth.request is request)
         self.assertEqual(self.auth.principal_id, 23)

Modified: Zope3/trunk/src/zope/app/exception/browser/unauthorized.pt
===================================================================
--- Zope3/trunk/src/zope/app/exception/browser/unauthorized.pt	2006-01-06 18:17:32 UTC (rev 41170)
+++ Zope3/trunk/src/zope/app/exception/browser/unauthorized.pt	2006-01-06 20:04:44 UTC (rev 41171)
@@ -1,6 +1,4 @@
-<tal:Make_sure_we_process_the_authorization_challenge_first
-  condition="view/issueChallenge"
-  /><html metal:use-macro="context/@@standard_macros/page"
+<html metal:use-macro="context/@@standard_macros/page"
     i18n:domain="zope">
 <body i18n:domain="zope">
 

Modified: Zope3/trunk/src/zope/app/exception/browser/unauthorized.py
===================================================================
--- Zope3/trunk/src/zope/app/exception/browser/unauthorized.py	2006-01-06 18:17:32 UTC (rev 41170)
+++ Zope3/trunk/src/zope/app/exception/browser/unauthorized.py	2006-01-06 20:04:44 UTC (rev 41171)
@@ -18,14 +18,23 @@
 __docformat__ = 'restructuredtext'
 
 from zope.app import zapi
+from zope.formlib import page
+from zope.formlib import namedtemplate
+from zope.app.pagetemplate import ViewPageTemplateFile
 
+class Unauthorized(page.Page):
 
-class Unauthorized(object):
-
-    def issueChallenge(self):
+    def __call__(self):
         # Set the error status to 403 (Forbidden) in the case when we don't
         # challenge the user
         self.request.response.setStatus(403)
         principal = self.request.principal
         auth = zapi.principals()
         auth.unauthorized(principal.id, self.request)
+        if self.request.response.getStatus() not in (302, 303):
+            return self.template()
+
+    template = namedtemplate.NamedTemplate('default')
+
+default_template = namedtemplate.NamedTemplateImplementation(
+    ViewPageTemplateFile('unauthorized.pt'), Unauthorized)

More information about the Zope3-Checkins mailing list