[Checkins] SVN: AccessControl/trunk/ Merged c117566 from Zope 2.12 branch
Hanno Schlichting
hannosch at hannosch.eu
Fri Oct 15 07:08:14 EDT 2010
Log message for revision 117567:
Merged c117566 from Zope 2.12 branch
Changed:
U AccessControl/trunk/CHANGES.txt
U AccessControl/trunk/src/AccessControl/ZopeGuards.py
U AccessControl/trunk/src/AccessControl/tests/testModuleSecurity.py
-=-
Modified: AccessControl/trunk/CHANGES.txt
===================================================================
--- AccessControl/trunk/CHANGES.txt 2010-10-15 11:06:10 UTC (rev 117566)
+++ AccessControl/trunk/CHANGES.txt 2010-10-15 11:08:13 UTC (rev 117567)
@@ -4,6 +4,8 @@
2.13.4 (unreleased)
-------------------
+- LP #659968: Added support for level argument to the ``__import__`` function
+ as introduced in Python 2.5. Currently only level=0 is supported.
2.13.3 (2010-08-28)
-------------------
Modified: AccessControl/trunk/src/AccessControl/ZopeGuards.py
===================================================================
--- AccessControl/trunk/src/AccessControl/ZopeGuards.py 2010-10-15 11:06:10 UTC (rev 117566)
+++ AccessControl/trunk/src/AccessControl/ZopeGuards.py 2010-10-15 11:08:13 UTC (rev 117567)
@@ -283,20 +283,26 @@
return zip(*safe_seqs)
safe_builtins['zip'] = guarded_zip
-def guarded_import(mname, globals=None, locals=None, fromlist=None):
+def guarded_import(mname, globals=None, locals=None, fromlist=None,
+ level=0):
if fromlist is None:
fromlist = ()
if '*' in fromlist:
- raise Unauthorized, "'from %s import *' is not allowed"
+ raise Unauthorized("'from %s import *' is not allowed")
if globals is None:
globals = {}
if locals is None:
locals = {}
+ # Refs https://bugs.launchpad.net/zope2/+bug/659968
+ if level != 0:
+ raise Unauthorized("Using import with a level specification isn't "
+ "supported by AccessControl: %s" % mname)
+
mnameparts = mname.split('.')
validate = getSecurityManager().validate
module = load_module(None, None, mnameparts, validate, globals, locals)
if module is None:
- raise Unauthorized, "import of '%s' is unauthorized" % mname
+ raise Unauthorized("import of '%s' is unauthorized" % mname)
if fromlist is None:
fromlist = ()
for name in fromlist:
Modified: AccessControl/trunk/src/AccessControl/tests/testModuleSecurity.py
===================================================================
--- AccessControl/trunk/src/AccessControl/tests/testModuleSecurity.py 2010-10-15 11:06:10 UTC (rev 117566)
+++ AccessControl/trunk/src/AccessControl/tests/testModuleSecurity.py 2010-10-15 11:08:13 UTC (rev 117567)
@@ -32,15 +32,15 @@
if module in sys.modules:
del sys.modules[module]
- def assertUnauth(self, module, fromlist):
+ def assertUnauth(self, module, fromlist, level=0):
from zExceptions import Unauthorized
from AccessControl.ZopeGuards import guarded_import
- self.assertRaises(Unauthorized,
- guarded_import, module, fromlist=fromlist)
+ self.assertRaises(Unauthorized, guarded_import, module,
+ fromlist=fromlist, level=level)
- def assertAuth(self, module, fromlist):
+ def assertAuth(self, module, fromlist, level=0):
from AccessControl.ZopeGuards import guarded_import
- guarded_import(module, fromlist=fromlist)
+ guarded_import(module, fromlist=fromlist, level=level)
def testPrivateModule(self):
self.assertUnauth('AccessControl.tests.private_module', ())
@@ -76,5 +76,12 @@
guarded_import, 'AccessControl.tests.nonesuch', ())
self.failUnless('AccessControl.tests.nonesuch' in MS)
+ def test_level_zero(self):
+ self.assertAuth('AccessControl.tests.public_module', (), level=0)
+
+ def test_level_nonzero(self):
+ self.assertUnauth('AccessControl.tests.public_module', (), level=1)
+
+
def test_suite():
return unittest.makeSuite(ModuleSecurityTests)
More information about the checkins
mailing list