[Zope-Checkins] SVN: Zope/trunk/ - update to DocumentTemplate 2.13.1

2010-07-15 Thread Jens Vagelpohl 
Log message for revision 114771:
  - update to DocumentTemplate 2.13.1 
(https://bugs.launchpad.net/zope2/+bug/143273)
  

Changed:
  U   Zope/trunk/doc/CHANGES.rst
  U   Zope/trunk/versions.cfg

-=-
Modified: Zope/trunk/doc/CHANGES.rst
===
--- Zope/trunk/doc/CHANGES.rst  2010-07-15 11:34:29 UTC (rev 114770)
+++ Zope/trunk/doc/CHANGES.rst  2010-07-15 12:02:49 UTC (rev 114771)
@@ -44,6 +44,7 @@
 - Updated packages:
 
   - ZODB3 = 3.10.0b2
+  - DocumentTemplate = 2.13.1
 
 2.13.0a2 (2010-07-13)
 -

Modified: Zope/trunk/versions.cfg
===
--- Zope/trunk/versions.cfg 2010-07-15 11:34:29 UTC (rev 114770)
+++ Zope/trunk/versions.cfg 2010-07-15 12:02:49 UTC (rev 114771)
@@ -8,7 +8,7 @@
 AccessControl = 2.13.1
 Acquisition = 2.13.3
 DateTime = 2.12.4
-DocumentTemplate = 2.13.0
+DocumentTemplate = 2.13.1
 ExtensionClass = 2.13.2
 initgroups = 2.13.0
 Missing = 2.13.1

___
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] SVN: Zope/branches/2.12/ make sure that the browser:view directive doesn't clobber security declarations for attributes which are not included in allowed_attributes or allowed_interfac

2010-07-15 Thread David Glick 
Log message for revision 114789:
  make sure that the browser:view directive doesn't clobber security 
declarations for attributes which are not included in allowed_attributes or 
allowed_interface but which already have security declarations in a base 
class's security info. This is needed to provide access to, e.g., 
restrictedTraverse on views that subclass Traversable

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
  U   Zope/branches/2.12/src/Products/Five/browser/tests/pages.py
  U   Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
  U   Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml
  U   Zope/branches/2.12/src/Products/Five/security.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===
--- Zope/branches/2.12/doc/CHANGES.rst  2010-07-15 19:52:12 UTC (rev 114788)
+++ Zope/branches/2.12/doc/CHANGES.rst  2010-07-16 05:56:26 UTC (rev 114789)
@@ -11,6 +11,12 @@
 Bugs Fixed
 ++
 
+- Fix support for non-public permission attributes in the
+  browser:view directive so that attributes which are not included in
+  allowed_interface or allowed_attributes but which have declarations from a
+  base class's security info don't get their security overwritten to be
+  private.
+
 - LP #143755: Also catch TypeError when trying to determine an 
   indexable value for an object in PluginIndexes.common.UnIndex
 

Modified: Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
===
--- Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py   
2010-07-15 19:52:12 UTC (rev 114788)
+++ Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py   
2010-07-16 05:56:26 UTC (rev 114789)
@@ -315,7 +315,7 @@
 _context.action(
 discriminator = ('five:protectName', newclass, attr),
 callable = protectName,
-args = (newclass, attr, CheckerPrivateId)
+args = (newclass, attr, CheckerPrivateId, False)
 )
 
 # Protect the class

Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.py
===
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.py 2010-07-15 
19:52:12 UTC (rev 114788)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.py 2010-07-16 
05:56:26 UTC (rev 114789)
@@ -17,6 +17,7 @@
 
 from Products.Five import BrowserView
 from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
+from OFS.SimpleItem import SimpleItem
 
 class SimpleView(BrowserView):
 More docstring. Please Zope
@@ -40,6 +41,11 @@
 def __call__(self):
 return uI was __call__()'ed
 
+class PermissionView(BrowserView, SimpleItem):
+
+def __call__(self):
+return uI was __call__()'ed
+
 class CallTemplate(BrowserView):
 
 __call__ = ViewPageTemplateFile('falcon.pt')

Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
===
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
2010-07-15 19:52:12 UTC (rev 114788)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.txt
2010-07-16 05:56:26 UTC (rev 114789)
@@ -275,6 +275,13 @@
aq_parent(aq_inner(context))
   Folder at /test_folder_1_ 
 
+Make sure that methods which are not included in the allowed interface or
+attributes, but which already had security declarations from a base class,
+don't get those declarations overridden to be private. (The roles for
+restrictedTraverse should be None, indicating it is public.)
+
+   view.restrictedTraverse__roles__
+
 High-level security
 ---
 

Modified: Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml
===
--- Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml   
2010-07-15 19:52:12 UTC (rev 114788)
+++ Zope/branches/2.12/src/Products/Five/browser/tests/pages.zcml   
2010-07-16 05:56:26 UTC (rev 114789)
@@ -237,7 +237,7 @@
   browser:view
   name=permission_view
   for=Products.Five.tests.testing.simplecontent.ISimpleContent
-  class=.pages.CallView
+  class=.pages.PermissionView
   permission=zope2.ViewManagementScreens
   /
   

Modified: Zope/branches/2.12/src/Products/Five/security.py
===
--- Zope/branches/2.12/src/Products/Five/security.py2010-07-15 19:52:12 UTC 
(rev 114788)
+++ Zope/branches/2.12/src/Products/Five/security.py2010-07-16 05:56:26 UTC 
(rev 114789)
@@ -127,12 +127,15 @@
 setattr(klass, '__security__', security)
 return security
 
-def protectName(klass, name, permission_id):
+def protectName(klass, name, permission_id,