[Zope-Checkins] CVS: Zope3/lib/python/Zope/PageTemplate - Expressions.py:1.1.2.7

Fred L. Drake, Jr. fdrake@acm.org
Wed, 27 Feb 2002 17:49:56 -0500


Update of /cvs-repository/Zope3/lib/python/Zope/PageTemplate
In directory cvs.zope.org:/tmp/cvs-serv22541

Modified Files:
      Tag: Zope-3x-branch
	Expressions.py 
Log Message:
Update to use the Zope3 security infrastructure instead of the old-style APIs.

=== Zope3/lib/python/Zope/PageTemplate/Expressions.py 1.1.2.6 => 1.1.2.7 ===
      TALESError, Undefined, Default
 
-def aq_base(ob):
-    return ob
 
 _engine = None
 def getEngine():
@@ -42,26 +40,19 @@
     reg('defer', DeferExpr)
 
 if 0 and sys.modules.has_key('Zope'):
-    import AccessControl
-    from AccessControl import getSecurityManager, Unauthorized
-    if hasattr(AccessControl, 'full_read_guard'):
-        from ZRPythonExpr import PythonExpr, _SecureModuleImporter, \
-             call_with_ns
-    else:
-        from ZPythonExpr import PythonExpr, _SecureModuleImporter, \
-             call_with_ns
+    from Zope.App.Security.SecurityManagement import getSecurityManager
+    from Zope.Exceptions import Unauthorized
+    from ZRPythonExpr import PythonExpr, _SecureModuleImporter#, call_with_ns
     SecureModuleImporter = _SecureModuleImporter()
 else:
     from PythonExpr import getSecurityManager, PythonExpr
-    try:
-        from zExceptions import Unauthorized
-    except ImportError:
-        Unauthorized = "Unauthorized"
-    def call_with_ns(f, ns, arg=1):
-        if arg==2:
-            return f(None, ns)
-        else:
-            return f(ns)
+    from Zope.Exceptions import Unauthorized
+
+##     def call_with_ns(f, ns, arg=1):
+##         if arg == 2:
+##             return f(None, ns)
+##         else:
+##             return f(ns)
 
     class SecureModuleImporter:
         def __getitem__(self, module):
@@ -75,21 +66,17 @@
     Calls the object, possibly a document template, or just returns it if
     not callable.  (From DT_Util.py)
     """
-    if hasattr(ob, '__render_with_namespace__'):
-        ob = call_with_ns(ob.__render_with_namespace__, ns)
-    else:
-        base = aq_base(ob)
-        if callable(base):
-            try:
-                if getattr(base, 'isDocTemp', 0):
-                    ob = call_with_ns(ob, ns, 2)
-                else:
-                    ob = ob()
-            except AttributeError, n:
-                if str(n) != '__call__':
-                    raise
+##     if hasattr(ob, '__render_with_namespace__'):
+##         ob = call_with_ns(ob.__render_with_namespace__, ns)
+##     elif hasattr(ob, "__call__"):
+    if hasattr(ob, "__call__"):
+        # We don't use callable(ob) since ExtensionClass-based content
+        # will return true even if they don't define a __call__()
+        # method; this is the same false positive as classic-classes.
+        ob = ob()
     return ob
 
+
 class PathExpr:
     def __init__(self, name, expr, engine):
         self._s = expr
@@ -240,7 +227,7 @@
 
 
 def restrictedTraverse(self, path, securityManager,
-                       get=getattr, has=hasattr, N=None, M=[]):
+                       get=getattr, has=hasattr, N=None, M=object()):
 
     i = 0
     if not path[0]:
@@ -263,49 +250,35 @@
             # Never allowed in a URL.
             raise AttributeError, name
 
-        if name=='..':
+        if name == '..':
             o = get(object, 'aq_parent', M)
             if o is not M:
-                if not validate(object, object, name, o):
-                    raise Unauthorized, name
-                object=o
+                validate(name, o)
+                object = o
                 continue
 
-        t=get(object, '__bobo_traverse__', N)
+        t = get(object, '__bobo_traverse__', N)
         if t is not N:
-            o=t(REQUEST, name)
-                    
-            container = None
-            if has(o, 'im_self'):
-                container = o.im_self
-            elif (has(get(object, 'aq_base', object), name)
-                and get(object, name) == o):
-                container = object
-            if not validate(object, container, name, o):
-                raise Unauthorized, name
+            o = t(REQUEST, name)
+
+##             container = None
+##             if has(o, 'im_self'):
+##                 container = o.im_self
+##             elif (has(get(object, 'aq_base', object), name)
+##                 and get(object, name) == o):
+##                 container = object
+            validate(name, o)
         else:
-            o=get(object, name, M)
+            o = get(object, name, M)
             if o is not M:
                 # Check security.
-                if has(object, 'aq_acquire'):
-                    object.aq_acquire(
-                        name, validate2, validate)
-                else:
-                    if not validate(object, object, name, o):
-                        raise Unauthorized, name
+                validate(name, o)
             else:
                 try:
-                    o=object[name]
+                    o = object[name]
                 except (AttributeError, TypeError):
                     raise AttributeError, name
-                if not validate(object, object, name, o):
-                    raise Unauthorized, name
+                validate(name, o)
         object = o
 
     return object
-
-
-def validate2(orig, inst, name, v, real_validate):
-    if not real_validate(orig, inst, name, v):
-        raise Unauthorized, name
-    return 1