[Checkins] SVN: grokcore.view/trunk/s Bring over an ftest that tests security declaration on views.

Tue Jul 22 15:10:39 EDT 2008

Log message for revision 88728:
  Bring over an ftest that tests security declaration on views.
  
  Added 'Public' permission to grokcore.view (temporarily until grokcore.security
  emerges)
  

Changed:
  U   grokcore.view/trunk/setup.py
  U   grokcore.view/trunk/src/grokcore/view/__init__.py
  U   grokcore.view/trunk/src/grokcore/view/components.py
  U   grokcore.view/trunk/src/grokcore/view/ftesting.zcml
  A   grokcore.view/trunk/src/grokcore/view/ftests/view/require.py

-=-
Modified: grokcore.view/trunk/setup.py
===================================================================

--- grokcore.view/trunk/setup.py	2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/setup.py	2008-07-22 19:10:37 UTC (rev 88728)
@@ -39,6 +39,7 @@
           'zope.testbrowser',
           'zope.securitypolicy',
           'zope.app.zcmlfiles',
+          'zope.app.authentication',
       ],
       entry_points="""
       # -*- Entry points: -*-

Modified: grokcore.view/trunk/src/grokcore/view/__init__.py
===================================================================
--- grokcore.view/trunk/src/grokcore/view/__init__.py	2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/src/grokcore/view/__init__.py	2008-07-22 19:10:37 UTC (rev 88728)
@@ -2,7 +2,7 @@
 
 from grokcore.view.directive import layer, view, require, template, templatedir
 from grokcore.view.util import url
-from grokcore.view.components import View, Permission, GrokForm, Skin
+from grokcore.view.components import View, Permission, Public, GrokForm, Skin
 from grokcore.view.components import PageTemplate, PageTemplateFile
 from grokcore.view.components import IGrokLayer
 

Modified: grokcore.view/trunk/src/grokcore/view/components.py
===================================================================
--- grokcore.view/trunk/src/grokcore/view/components.py	2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/src/grokcore/view/components.py	2008-07-22 19:10:37 UTC (rev 88728)
@@ -21,6 +21,9 @@
     pass
 
 
+Public = 'zope.Public'
+
+
 class Skin(object):
     pass
 

Modified: grokcore.view/trunk/src/grokcore/view/ftesting.zcml
===================================================================
--- grokcore.view/trunk/src/grokcore/view/ftesting.zcml	2008-07-22 19:07:53 UTC (rev 88727)
+++ grokcore.view/trunk/src/grokcore/view/ftesting.zcml	2008-07-22 19:10:37 UTC (rev 88728)
@@ -24,6 +24,7 @@
   <include package="zope.app.publication" /-->
 
   <include package="zope.app.zcmlfiles" />
+  <include package="zope.app.authentication" />
   <grok:grok package="grokcore.view.ftests" />
 
   <securityPolicy

Copied: grokcore.view/trunk/src/grokcore/view/ftests/view/require.py (from rev 88673, grok/branches/grokcore.xxx/src/grok/ftests/security/require.py)
===================================================================
--- grokcore.view/trunk/src/grokcore/view/ftests/view/require.py	                        (rev 0)
+++ grokcore.view/trunk/src/grokcore/view/ftests/view/require.py	2008-07-22 19:10:37 UTC (rev 88728)
@@ -0,0 +1,45 @@
+"""
+Viewing a protected view with insufficient privileges will yield
+Unauthorized:
+
+  >>> from zope.testbrowser.testing import Browser
+  >>> browser = Browser()
+  >>> browser.open("http://localhost/@@painting")
+  Traceback (most recent call last):
+  HTTPError: HTTP Error 401: Unauthorized
+
+When we log in (e.g. as a manager), we can access the view just fine:
+
+  >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+  >>> browser.handleErrors = False
+  >>> browser.open("http://localhost/@@painting")
+  >>> print browser.contents
+  What a beautiful painting.
+
+A view protected with 'zope.Public' is always accessible:
+
+  >>> browser = Browser()
+  >>> browser.open("http://localhost/@@publicnudity")
+  >>> print browser.contents
+  Everybody can see this.
+"""
+
+import grokcore.view as grok
+import zope.interface
+
+class ViewPainting(grok.Permission):
+    grok.name('cave.ViewPainting')
+
+class Painting(grok.View):
+    grok.context(zope.interface.Interface)
+    grok.require(ViewPainting)
+
+    def render(self):
+        return 'What a beautiful painting.'
+
+class PublicNudity(grok.View):
+    grok.context(zope.interface.Interface)
+    grok.require(grok.Public)
+
+    def render(self):
+        return 'Everybody can see this.'

