[Checkins] SVN: zope.browserresource/trunk/ Add an ability to forbid publishing of some files in the resource directory. Now, by default, directory resources won't publish ".svn" subdirectory.

Dan Korostelev nadako at gmail.com
Thu Sep 24 05:41:26 EDT 2009 

Log message for revision 104477:
  Add an ability to forbid publishing of some files in the resource directory. Now, by default, directory resources won't publish ".svn" subdirectory.

Changed:
  U   zope.browserresource/trunk/CHANGES.txt
  U   zope.browserresource/trunk/setup.py
  U   zope.browserresource/trunk/src/zope/browserresource/directory.py
  U   zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py

-=-
Modified: zope.browserresource/trunk/CHANGES.txt
===================================================================
--- zope.browserresource/trunk/CHANGES.txt	2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/CHANGES.txt	2009-09-24 09:41:25 UTC (rev 104477)
@@ -2,10 +2,14 @@
 CHANGES
 =======
 
-3.9.1 (unreleased)
-==================
+3.10.0 (unreleased)
+===================
 
-- ...
+- Add an ability to forbid publishing of some files in the resource directory,
+  this is done by fnmatch'ing the wildcards in the ``forbidden_names``class
+  attribute of ``DirectoryResource``. By default, the ``.svn`` is in that
+  attribute, so directories won't publish subversion system directory that can
+  contain private information. 
 
 3.9.0 (2009-08-27)
 ==================

Modified: zope.browserresource/trunk/setup.py
===================================================================
--- zope.browserresource/trunk/setup.py	2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/setup.py	2009-09-24 09:41:25 UTC (rev 104477)
@@ -19,7 +19,7 @@
                     open('CHANGES.txt').read())
 
 setup(name='zope.browserresource',
-      version = '3.9.1dev',
+      version = '3.10.0dev',
       url='http://pypi.python.org/pypi/zope.browserresource/',
       author='Zope Corporation and Contributors',
       author_email='zope-dev at zope.org',

Modified: zope.browserresource/trunk/src/zope/browserresource/directory.py
===================================================================
--- zope.browserresource/trunk/src/zope/browserresource/directory.py	2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/src/zope/browserresource/directory.py	2009-09-24 09:41:25 UTC (rev 104477)
@@ -23,6 +23,7 @@
 
 $Id$
 """
+import fnmatch
 import os
 
 from zope.component import queryUtility
@@ -55,6 +56,7 @@
 
     default_factory = FileResourceFactory
     directory_factory = None # this will be assigned later in the module
+    forbidden_names = ('.svn', )
 
     def publishTraverse(self, request, name):
         '''See interface IBrowserPublisher'''
@@ -71,6 +73,14 @@
         return res
 
     def get(self, name, default=_marker):
+
+        for pat in self.forbidden_names:
+            if fnmatch.fnmatch(name, pat):
+                if default is _marker:
+                    raise NotFound(None, name)
+                else:
+                    return default
+        
         path = self.context.path
         filename = os.path.join(path, name)
         isfile = os.path.isfile(filename)

Modified: zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py
===================================================================
--- zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py	2009-09-24 08:41:58 UTC (rev 104476)
+++ zope.browserresource/trunk/src/zope/browserresource/tests/test_directory.py	2009-09-24 09:41:25 UTC (rev 104477)
@@ -16,6 +16,8 @@
 $Id$
 """
 import os
+import tempfile
+import shutil
 from unittest import TestCase, main, makeSuite
 
 from zope.publisher.interfaces import NotFound
@@ -81,6 +83,27 @@
         self.assertRaises(KeyError, resource.__getitem__, 'doesnotexist')
         file = resource['test.txt']
 
+    def testForbiddenNames(self):
+        request = TestRequest()
+        old_forbidden_names = DirectoryResource.forbidden_names
+        path = tempfile.mkdtemp()
+        try:
+            os.mkdir(os.path.join(path, '.svn'))
+            open(os.path.join(path, 'test.txt'), 'w').write('')
+
+            factory = DirectoryResourceFactory(path, checker, 'testfiles')
+            resource = factory(request)
+
+            self.assertEquals(resource.get('.svn', None), None)
+            self.assertNotEquals(resource.get('test.txt', None), None)
+
+            DirectoryResource.forbidden_names = ('*.txt', )
+            self.assertEquals(resource.get('test.txt', None), None)
+            self.assertNotEquals(resource.get('.svn', None), None)
+        finally:
+            shutil.rmtree(path)
+            DirectoryResource.forbidden_names = old_forbidden_names
+
     def testProxy(self):
         path = os.path.join(test_directory, 'testfiles')
         request = TestRequest()

More information about the checkins mailing list