[Checkins] SVN: zope.security/trunk/ Raise NoInteraction when zope.security.checkPermission is called without interaction being active (LP #301565).

Dan Korostelev nadako at gmail.com
Thu Mar 5 06:36:32 EST 2009


Log message for revision 97524:
  Raise NoInteraction when zope.security.checkPermission is called without interaction being active (LP #301565).

Changed:
  U   zope.security/trunk/CHANGES.txt
  U   zope.security/trunk/src/zope/security/management.py
  U   zope.security/trunk/src/zope/security/tests/test_management.py

-=-
Modified: zope.security/trunk/CHANGES.txt
===================================================================
--- zope.security/trunk/CHANGES.txt	2009-03-05 11:21:10 UTC (rev 97523)
+++ zope.security/trunk/CHANGES.txt	2009-03-05 11:36:32 UTC (rev 97524)
@@ -5,6 +5,9 @@
 3.6.1 (unreleased)
 ------------------
 
+- Raise NoInteraction when zope.security.checkPermission is called
+  without interaction being active (LP #301565).
+
 - Don't define security checkers for deprecated set types from the
   "sets" module on Python 2.6. It's discouraged to use them and
   `set` and `frozenset` built-in types should be used instead. 

Modified: zope.security/trunk/src/zope/security/management.py
===================================================================
--- zope.security/trunk/src/zope/security/management.py	2009-03-05 11:21:10 UTC (rev 97523)
+++ zope.security/trunk/src/zope/security/management.py	2009-03-05 11:36:32 UTC (rev 97524)
@@ -137,7 +137,10 @@
     if permission is CheckerPublic or permission is None:
         return True
     if interaction is None:
-        interaction = thread_local.interaction
+        try:
+            interaction = thread_local.interaction
+        except AttributeError:
+            raise zope.security.interfaces.NoInteraction
     return interaction.checkPermission(permission, object)
 
 addCleanUp(endInteraction)

Modified: zope.security/trunk/src/zope/security/tests/test_management.py
===================================================================
--- zope.security/trunk/src/zope/security/tests/test_management.py	2009-03-05 11:21:10 UTC (rev 97523)
+++ zope.security/trunk/src/zope/security/tests/test_management.py	2009-03-05 11:36:32 UTC (rev 97524)
@@ -77,7 +77,8 @@
         from zope.security import checkPermission
         from zope.security.management import setSecurityPolicy
         from zope.security.management import queryInteraction
-        from zope.security.management import newInteraction
+        from zope.security.management import newInteraction, endInteraction
+        from zope.security.interfaces import NoInteraction
 
         permission = 'zope.Test'
         obj = object()
@@ -94,6 +95,9 @@
         newInteraction()
         interaction = queryInteraction()
         self.assertEquals(checkPermission(permission, obj), True)
+        
+        endInteraction()
+        self.assertRaises(NoInteraction, checkPermission, permission, obj)
 
     def test_checkPublicPermission(self):
         from zope.security import checkPermission



More information about the Checkins mailing list