[Checkins] SVN: Products.CMFCore/branches/2.1/Products/CMFCore/ - CatalogTool: If proxy roles are set on a script that uses the catalog

Jens Vagelpohl jens at dataflake.org
Thu Sep 25 16:33:25 EDT 2008 

Log message for revision 91487:
  - CatalogTool: If proxy roles are set on a script that uses the catalog
    and those proxy roles have been unset using the ZMI, which results
    in an empty tuple as proxy roles, then the catalog would not correctly
    determine what the current user is allowed to see.
    (https://bugs.launchpad.net/zope-cmf/+bug/161729)
  

Changed:
  U   Products.CMFCore/branches/2.1/Products/CMFCore/CHANGES.txt
  U   Products.CMFCore/branches/2.1/Products/CMFCore/CatalogTool.py
  U   Products.CMFCore/branches/2.1/Products/CMFCore/tests/test_CatalogTool.py

-=-
Modified: Products.CMFCore/branches/2.1/Products/CMFCore/CHANGES.txt
===================================================================
--- Products.CMFCore/branches/2.1/Products/CMFCore/CHANGES.txt	2008-09-25 20:30:28 UTC (rev 91486)
+++ Products.CMFCore/branches/2.1/Products/CMFCore/CHANGES.txt	2008-09-25 20:33:24 UTC (rev 91487)
@@ -4,6 +4,12 @@
 2.1.3-beta (unreleased)
 -----------------------
 
+- CatalogTool: If proxy roles are set on a script that uses the catalog
+  and those proxy roles have been unset using the ZMI, which results
+  in an empty tuple as proxy roles, then the catalog would not correctly
+  determine what the current user is allowed to see.
+  (https://bugs.launchpad.net/zope-cmf/+bug/161729)
+
 - Properties export/import: Get the string encoding for property 
   imports from the import context and fall back to UTF-8, which 
   mirrors the behavior for exports. This fixes property export/import 

Modified: Products.CMFCore/branches/2.1/Products/CMFCore/CatalogTool.py
===================================================================
--- Products.CMFCore/branches/2.1/Products/CMFCore/CatalogTool.py	2008-09-25 20:30:28 UTC (rev 91486)
+++ Products.CMFCore/branches/2.1/Products/CMFCore/CatalogTool.py	2008-09-25 20:33:24 UTC (rev 91487)
@@ -149,7 +149,7 @@
         if sm.calledByExecutable():
             eo = sm._context.stack[-1]
             proxy_roles = getattr(eo, '_proxy_roles', None)
-            if proxy_roles is not None:
+            if proxy_roles:
                 effective_roles = proxy_roles
         result = list( effective_roles )
         result.append( 'Anonymous' )

Modified: Products.CMFCore/branches/2.1/Products/CMFCore/tests/test_CatalogTool.py
===================================================================
--- Products.CMFCore/branches/2.1/Products/CMFCore/tests/test_CatalogTool.py	2008-09-25 20:30:28 UTC (rev 91486)
+++ Products.CMFCore/branches/2.1/Products/CMFCore/tests/test_CatalogTool.py	2008-09-25 20:33:24 UTC (rev 91487)
@@ -18,6 +18,7 @@
 import unittest
 import Testing
 
+from AccessControl.SecurityManagement import getSecurityManager
 from AccessControl.SecurityManagement import newSecurityManager
 from DateTime import DateTime
 
@@ -417,7 +418,38 @@
                          'fails): %s entries after refreshCatalog'
                          % (len(ctool._catalog.searchResults()),))
 
+    def test_listAllowedRolesAndUsers_proxyroles(self):
+        # https://bugs.launchpad.net/zope-cmf/+bug/161729
+        catalog = self._makeOne()
+        self.loginWithRoles('Blob')
+        user = getSecurityManager().getUser()
 
+        # First case, no proxy roles set at all
+        arus = catalog._listAllowedRolesAndUsers(user)
+        self.assertEquals(len(arus), 3)
+        self.failUnless('Anonymous' in arus)
+        self.failUnless('Blob' in arus)
+        self.failUnless('user:%s' % user.getId() in arus)
+
+        # Second case, a proxy role is set
+        self.setupProxyRoles('Waggle')
+        arus = catalog._listAllowedRolesAndUsers(user)
+        self.assertEquals(len(arus), 3)
+        self.failUnless('Anonymous' in arus)
+        self.failUnless('Waggle' in arus)
+        self.failUnless('user:%s' % user.getId() in arus)
+
+        # Third case, proxy roles are an empty tuple. This happens if
+        # proxy roles are unset using the ZMI. The behavior should 
+        # mirror the first case with no proxy role setting at all.
+        self.setupProxyRoles()
+        arus = catalog._listAllowedRolesAndUsers(user)
+        self.assertEquals(len(arus), 3)
+        self.failUnless('Anonymous' in arus)
+        self.failUnless('Blob' in arus)
+        self.failUnless('user:%s' % user.getId() in arus)       
+
+
 def test_suite():
     return unittest.TestSuite((
         unittest.makeSuite(IndexableObjectWrapperTests),

More information about the Checkins mailing list