[Zope-Checkins] SVN: Zope/branches/2.12/src/Products/Five/browser/ Add support for the 'permission' attribute to browser:view

Martin Aspeli optilude at gmx.net
Sat Jul 10 06:00:41 EDT 2010


Log message for revision 114488:
  Add support for the 'permission' attribute to browser:view

Changed:
  U   Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
  U   Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
  U   Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml

-=-
Modified: Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py	2010-07-10 09:36:10 UTC (rev 114487)
+++ Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py	2010-07-10 10:00:41 UTC (rev 114488)
@@ -201,15 +201,7 @@
                  ):
         if permission is None:
             permission = 'zope.Public'
-        elif permission in ('zope.Public', 'zope2.Public'):
-            # No need to warn about the default case
-            pass
-        else:
-            warnings.warn("The permission option of the <browser:view /> "
-                          "directive is not supported in Zope 2. " + \
-                          "Ignored for %s in %s" %
-                          (str(class_), _context.info), stacklevel=3)
-
+        
         super(view, self).__init__(
             _context, for_, permission, name=name, layer=layer,
             class_=class_, allowed_interface=allowed_interface,
@@ -314,6 +306,42 @@
                     newclass, (for_, layer), self.provides, name,
                     _context.info),
             )
+        
+        # Security
+        
+        _context.action(
+            discriminator = ('five:protectClass', newclass),
+            callable = protectClass,
+            args = (newclass, permission)
+            )
+        
+        if allowed_attributes:
+            for attr in allowed_attributes:
+                _context.action(
+                    discriminator = ('five:protectName', newclass, attr),
+                    callable = protectName,
+                    args = (newclass, attr, permission)
+                    )
+        
+        # Make everything else private
+        allowed = allowed_attributes or []
+        private_attrs = [name for name in dir(newclass)
+                         if (not name.startswith('_')) and
+                            (name not in allowed) and
+                            ismethod(getattr(newclass, name))]
+        for attr in private_attrs:
+            _context.action(
+                discriminator = ('five:protectName', newclass, attr),
+                callable = protectName,
+                args = (newclass, attr, CheckerPrivateId)
+                )
+        
+        # Protect the class
+        _context.action(
+            discriminator = ('five:initialize:class', newclass),
+            callable = InitializeClass,
+            args = (newclass,)
+            )
 
 _factory_map = {'image':{'prefix':'ImageResource',
                          'count':0,

Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt	2010-07-10 09:36:10 UTC (rev 114487)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt	2010-07-10 10:00:41 UTC (rev 114488)
@@ -253,12 +253,34 @@
   >>> aq_parent(aq_inner(context))
   <Folder at /test_folder_1_> 
 
+The same applies to a view registered with <browser:view /> instead of
+<browser:page />
+
+  >>> request = TestRequest()
+  >>> view = getMultiAdapter((self.folder.testoid, request), name=u'permission_view')
+  >>> view.__ac_permissions__
+  (('View management screens', ('',)),)
+  >>> aq_acquire(view, '__roles__')
+  ('Manager',)
+  >>> context = view.context
+  >>> from Acquisition import ImplicitAcquisitionWrapper
+  >>> type(context) == ImplicitAcquisitionWrapper
+  True
+  >>> view.__parent__ == view.context
+  True
+  >>> aq_parent(view) == view.context
+  True
+  >>> context.aq_inner.aq_parent
+  <Folder at /test_folder_1_> 
+  >>> aq_parent(aq_inner(context))
+  <Folder at /test_folder_1_> 
+
 High-level security
 -------------------
 
   >>> protected_view_names = [
   ...     'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
-  ...     'condor.html']
+  ...     'condor.html', 'permission_view']
   >>> 
   >>> public_view_names = [
   ...     'public_attribute_page',

Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml	2010-07-10 09:36:10 UTC (rev 114487)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml	2010-07-10 10:00:41 UTC (rev 114488)
@@ -232,7 +232,15 @@
       class=".pages.SimpleView"
       permission="zope2.Public"
       />
-
+  
+  <!-- A named view with permissions -->
+  <browser:view
+      name="permission_view"
+      for="Products.Five.tests.testing.simplecontent.ISimpleContent"
+      class=".pages.CallView"
+      permission="zope2.ViewManagementScreens"
+      />
+  
   <!-- stuff that we'll override in overrides.zcml -->
   <browser:page
       for="Products.Five.tests.testing.simplecontent.ISimpleContent"



More information about the Zope-Checkins mailing list