[Checkins] SVN: grok/branches/sylvain-testlayers/src/grok/ftests/security/preserve_permissions.py Fix security test where we verify non-Grok views aren't opened.

Martijn Faassen faassen at startifact.com
Tue Apr 27 10:55:29 EDT 2010 

Log message for revision 111484:
  Fix security test where we verify non-Grok views aren't opened.
  

Changed:
  U   grok/branches/sylvain-testlayers/src/grok/ftests/security/preserve_permissions.py

-=-
Modified: grok/branches/sylvain-testlayers/src/grok/ftests/security/preserve_permissions.py
===================================================================
--- grok/branches/sylvain-testlayers/src/grok/ftests/security/preserve_permissions.py	2010-04-27 14:19:36 UTC (rev 111483)
+++ grok/branches/sylvain-testlayers/src/grok/ftests/security/preserve_permissions.py	2010-04-27 14:55:28 UTC (rev 111484)
@@ -3,6 +3,29 @@
 Permissions already set by non-grok components are preserved by the
 Grok publisher.
 
+Let's first define a ``@@contents.html`` that is protected by a Zope
+permission, ``zope.ManageContent``::
+
+  >>> from zope.publisher.browser import BrowserPage
+  >>> class Contents(BrowserPage):
+  ...   def __init__(self, context, request):
+  ...     self.context = context
+  ...     self.request = request
+  ...   def __call__(self):
+  ...     return "Contents called"
+  >>> from zope import component
+  >>> from zope.interface import Interface
+  >>> from zope.publisher.interfaces.browser import IBrowserRequest
+  >>> component.provideAdapter(Contents,
+  ...   adapts=(Interface, IBrowserRequest),
+  ...   provides=Interface,
+  ...   name='contents.html')
+  >>> from zope.security.checker import Checker, defineChecker
+  >>> required = {}
+  >>> required['__call__'] = 'zope.ManageContent'
+  >>> required['browserDefault'] = 'zope.ManageContent'
+  >>> defineChecker(Contents, Checker(required))
+  
 The `@@contents.html` view of folders is protected by
 `zope.ManageContent` and should not be visible to unauthenticated
 users. Instead we are asked to authenticate ourselves::
@@ -12,31 +35,14 @@
   ... ''')
   HTTP/1.0 401 Unauthorized
   ...
-  WWW-Authenticate: basic realm="Zope"
-  ...
 
-This is also the case for views on the Grok application object::
+Let's test this in the context of a Grok application:
 
   >>> grok.testing.grok(__name__)
   >>> from grok.ftests.security.preserve_permissions import App
   >>> root = getRootFolder()
   >>> root['app'] = App()
-  >>> print http(r'''
-  ... GET /app/++etc++site HTTP/1.1
-  ... ''')
-  HTTP/1.0 401 Unauthorized
-  ...
-  WWW-Authenticate: basic realm="Zope"
-  ...
 
-We can allow our application to be viewed by the Zope standard
-``contents.html`` view for site folders. For this we make it provide
-`ISiteManagementFolder`::
-
-  >>> from zope.site.interfaces import ISiteManagementFolder
-  >>> from zope.interface import alsoProvides
-  >>> alsoProvides(root['app'], ISiteManagementFolder)
-
 Now there is a ``contents.html`` view available for our application,
 which is protected by default::

More information about the checkins mailing list