[Checkins] SVN: five.pt/trunk/src/five/pt/ allow access to RepeatItem as well

Leonardo Rochael Almeida leorochael at gmail.com
Tue Sep 20 09:57:55 EST 2011 

Log message for revision 122856:
  allow access to RepeatItem as well

Changed:
  U   five.pt/trunk/src/five/pt/patches.py
  U   five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py

-=-
Modified: five.pt/trunk/src/five/pt/patches.py
===================================================================
--- five.pt/trunk/src/five/pt/patches.py	2011-09-20 12:46:23 UTC (rev 122855)
+++ five.pt/trunk/src/five/pt/patches.py	2011-09-20 14:57:54 UTC (rev 122856)
@@ -19,6 +19,7 @@
 from chameleon.tales import StringExpr
 from chameleon.tales import NotExpr
 from chameleon.tal import RepeatDict
+from chameleon.tal import RepeatItem
 
 from z3c.pt.expressions import PythonExpr
 
@@ -30,13 +31,17 @@
 from .expressions import UntrustedPythonExpr
 
 
-# Declare Chameleon's repeat dictionary public
-RepeatDict.security = ClassSecurityInfo()
-RepeatDict.security.declareObjectPublic()
-RepeatDict.__allow_access_to_unprotected_subobjects__ = True
+# Declare Chameleon's repeat objects public
+_public_classes = [
+    RepeatDict,
+    RepeatItem,
+]
+for cls in _public_classes:
+    cls.security = ClassSecurityInfo()
+    cls.security.declareObjectPublic()
+    cls.__allow_access_to_unprotected_subobjects__ = True
+    InitializeClass(cls)
 
-InitializeClass(RepeatDict)
-
 # Zope 2 Page Template expressions
 _secure_expression_types = {
     'python': UntrustedPythonExpr,

Modified: five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py
===================================================================
--- five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py	2011-09-20 12:46:23 UTC (rev 122855)
+++ five.pt/trunk/src/five/pt/tests/test_persistenttemplate.py	2011-09-20 14:57:54 UTC (rev 122856)
@@ -181,7 +181,22 @@
         template = self._makeOne('foo', repeat_object)
         # this should not raise an Unauthorized error
         self.assertEquals(template().strip().split(), u'0 1 2'.split())
+        # XXX-leorochael: the rest of this test is not actually
+        # testing the security access, but I couldn't find a simpler
+        # way to test if the RepeatItem instance itself allows public
+        # access, and there are convoluted situations in production
+        # that need RepeatItem to be declared public.
+        src = """
+          <tal:b repeat="x python: range(1)"
+                 content="python: options['do'](repeat)" />
+        """.strip()
+        def do(repeat):
+            subobject_acces = '__allow_access_to_unprotected_subobjects__'
+            self.assertTrue(getattr(repeat['x'], subobject_acces, False))
 
+        template = self._makeOne('bar', src)
+        template(do=do)
+
     def test_path_function(self):
         # check that the "path" function inside a python expression works
         self.folder.method = 'post'

More information about the checkins mailing list