[Checkins] SVN: z3c.dav/trunk/src/z3c/dav/ Add check to see if the request managed to parse the xml body to avoid

Mon May 7 09:35:53 EDT 2007

Log message for revision 75611:
  Add check to see if the request managed to parse the xml body to avoid
  attribute errors.
  
  Plus the resourcetype property should be read only and the proppatch method
  should only get a property's input widget if the property is not read only.
  

Changed:
  U   z3c.dav/trunk/src/z3c/dav/coreproperties.py
  U   z3c.dav/trunk/src/z3c/dav/proppatch.py
  U   z3c.dav/trunk/src/z3c/dav/tests/test_proppatch.py

-=-
Modified: z3c.dav/trunk/src/z3c/dav/coreproperties.py
===================================================================

--- z3c.dav/trunk/src/z3c/dav/coreproperties.py	2007-05-07 11:31:35 UTC (rev 75610)
+++ z3c.dav/trunk/src/z3c/dav/coreproperties.py	2007-05-07 13:35:52 UTC (rev 75611)
@@ -237,7 +237,7 @@
                            This element MUST NOT contain text or mixed content.
                            Any custom child element is considered to be an
                            identifier for a resource type."""),
-        readonly = False)
+        readonly = True)
 
 
 class IDAVSupportedlock(interface.Interface):
@@ -410,12 +410,20 @@
 
 class ResourceTypeAdapter(object):
     """
-      >>> from zope.app.file.file import File
-      >>> file = File('some data for a file', 'text/plain')
-      >>> adapter = ResourceTypeAdapter(file, None)
+
+    All content that doesn't implement the IReadContainer interface, their
+    resourcetype value is None.
+
+      >>> class Resource(object):
+      ...    pass
+      >>> resource = Resource()
+      >>> adapter = ResourceTypeAdapter(resource, None)
       >>> adapter.resourcetype is None
       True
 
+    If a content object implements IReadContainer then it value is a list
+    of types, just 'collection' in this case.
+
       >>> from zope.app.folder.folder import Folder
       >>> folder = Folder()
       >>> adapter = ResourceTypeAdapter(folder, None)

Modified: z3c.dav/trunk/src/z3c/dav/proppatch.py
===================================================================
--- z3c.dav/trunk/src/z3c/dav/proppatch.py	2007-05-07 11:31:35 UTC (rev 75610)
+++ z3c.dav/trunk/src/z3c/dav/proppatch.py	2007-05-07 13:35:52 UTC (rev 75611)
@@ -42,7 +42,8 @@
         self.request = request
 
     def PROPPATCH(self):
-        if self.request.content_type not in ("text/xml", "application/xml"):
+        if self.request.content_type not in ("text/xml", "application/xml") \
+               or self.request.xmlDataSource is None:
             raise z3c.dav.interfaces.BadRequest(
                 self.request,
                 message = "All PROPPATCH requests needs a XML body")
@@ -122,16 +123,16 @@
         davprop, adapter = z3c.dav.properties.getProperty(
             self.context, self.request, prop.tag)
 
-        widget = z3c.dav.properties.getWidget(
-            davprop, adapter, self.request,
-            type = z3c.dav.interfaces.IDAVInputWidget)
-
+        # Not all properties have a IDAVInputWidget defined
         field = davprop.field.bind(adapter)
-
         if field.readonly:
             raise z3c.dav.interfaces.ForbiddenError(
                 self.context, prop.tag, message = u"readonly field")
 
+        widget = z3c.dav.properties.getWidget(
+            davprop, adapter, self.request,
+            type = z3c.dav.interfaces.IDAVInputWidget)
+
         value = widget.getInputValue()
         field.validate(value)
 

Modified: z3c.dav/trunk/src/z3c/dav/tests/test_proppatch.py
===================================================================
--- z3c.dav/trunk/src/z3c/dav/tests/test_proppatch.py	2007-05-07 11:31:35 UTC (rev 75610)
+++ z3c.dav/trunk/src/z3c/dav/tests/test_proppatch.py	2007-05-07 13:35:52 UTC (rev 75611)
@@ -11,7 +11,7 @@
 # FOR A PARTICULAR PURPOSE.
 #
 ##############################################################################
-"""Test WebDAV propfind method.
+"""Test WebDAV proppatch method.
 
 It is easier to do this has a unit test has we have complete control over
 what properties are defined or not.
@@ -31,6 +31,7 @@
 from zope.security.interfaces import Unauthorized
 from zope.lifecycleevent.interfaces import IObjectModifiedEvent
 
+import z3c.dav.coreproperties
 import z3c.dav.proppatch
 import z3c.dav.publisher
 import z3c.dav.interfaces
@@ -146,9 +147,17 @@
 
     def test_noxml(self):
         request = z3c.dav.publisher.WebDAVRequest(StringIO(""), {})
+        request.processInputs()
         propp = PROPPATCHHandler(Resource(), request)
         self.assertRaises(z3c.dav.interfaces.BadRequest, propp.PROPPATCH)
 
+    def test_nodata_but_xmlcontenttype(self):
+        request = z3c.dav.publisher.WebDAVRequest(
+            StringIO(""), {"CONTENT_TYPE": "application/xml"})
+        request.processInputs()
+        propp = PROPPATCHHandler(Resource(), request)
+        self.assertRaises(z3c.dav.interfaces.BadRequest, propp.PROPPATCH)
+
     def test_notxml(self):
         request = z3c.dav.publisher.WebDAVRequest(
             StringIO("content"), {"CONTENT_TYPE": "text/plain",
@@ -426,6 +435,11 @@
         gsm.registerAdapter(DummyResourceURL,
                             (IResource, z3c.dav.interfaces.IWebDAVRequest))
 
+        # PROPPATCH and the resourcetype properties highlighted a bug
+        gsm.registerUtility(z3c.dav.coreproperties.resourcetype,
+                            name = "{DAV:}resourcetype")
+        gsm.registerAdapter(z3c.dav.coreproperties.ResourceTypeAdapter)
+
         self.events = []
         zope.event.subscribers.append(self.eventLog)
 
@@ -462,6 +476,10 @@
                               (IResource,
                                z3c.dav.interfaces.IWebDAVRequest))
 
+        gsm.unregisterUtility(z3c.dav.coreproperties.resourcetype,
+                              name = "{DAV:}resourcetype")
+        gsm.unregisterAdapter(z3c.dav.coreproperties.ResourceTypeAdapter)
+
         self.events = []
         zope.event.subscribers.remove(self.eventLog)
 
@@ -610,7 +628,33 @@
         propp = z3c.dav.proppatch.PROPPATCH(resource, request)
         self.assertRaises(Unauthorized, propp.PROPPATCH)
 
+    def test_set_readonly_resourcetype(self):
+        # When trying to set a value on the `{DAV:}resourcetype` property
+        # we need to first check that the field is readonly as the resourcetype
+        # property has no input widget registered for it.
+        etree = z3c.etree.getEngine()
+        resourcetype = etree.Element("{DAV:}resourcetype")
+        resourcetype.append(etree.Element("{DAV:}collection"))
+        request = TestRequest(set_properties = """<D:resourcetype />""")
+        resource = Resource("Test prop", 10)
 
+        propp = z3c.dav.proppatch.PROPPATCH(resource, request)
+        self.assertRaises(z3c.dav.interfaces.ForbiddenError,
+                          propp.handleSet, resourcetype)
+
+    def test_set_readonly_resourcetype_samevalue(self):
+        # Make sure we get the same error as the previous test but this time
+        # trying to set the resourcetype to same value.
+        etree = z3c.etree.getEngine()
+        resourcetype = etree.Element("{DAV:}resourcetype")
+        request = TestRequest(set_properties = """<D:resourcetype />""")
+        resource = Resource("Test prop", 10)
+
+        propp = z3c.dav.proppatch.PROPPATCH(resource, request)
+        self.assertRaises(z3c.dav.interfaces.ForbiddenError,
+                          propp.handleSet, resourcetype)
+
+
 class DEADProperties(object):
     interface.implements(z3c.dav.interfaces.IOpaquePropertyStorage)
 

