Log message for revision 71815: Merge from 1.4 branch: Log message for revision 71811: Add an ftest that demonstrates zope.security.management.checkPermission() works in Zope 2. This is the reproduceability test case for http://www.zope.org/Collectors/Zope/2190. Log message for revision 71813: Also test for a permission that anonymous doesn't have. Also, added support for the securityPolicy directive which will now be used by Zope 2.
Changed: U Products.Five/branches/1.5/CHANGES.txt U Products.Five/branches/1.5/INSTALL.txt A Products.Five/branches/1.5/browser/tests/test_zope3security.py A Products.Five/branches/1.5/browser/tests/zope3security.py U Products.Five/branches/1.5/meta.zcml U Products.Five/branches/1.5/version.txt -=- Modified: Products.Five/branches/1.5/CHANGES.txt =================================================================== --- Products.Five/branches/1.5/CHANGES.txt 2007-01-08 16:15:34 UTC (rev 71814) +++ Products.Five/branches/1.5/CHANGES.txt 2007-01-08 16:16:26 UTC (rev 71815) @@ -5,6 +5,9 @@ Five 1.5.2 (unreleased) ======================= +* Added support for the <securityPolicy /> ZCML directive known from + Zope 3. + * View methods which aren't explicitly declared as allowed must be marked private explicitly to avoid being web publishable. Modified: Products.Five/branches/1.5/INSTALL.txt =================================================================== --- Products.Five/branches/1.5/INSTALL.txt 2007-01-08 16:15:34 UTC (rev 71814) +++ Products.Five/branches/1.5/INSTALL.txt 2007-01-08 16:16:26 UTC (rev 71815) @@ -1,10 +1,10 @@ How to install Five =================== -Requirements for Five 1.5 -------------------------- +Requirements for Five 1.5.2 +--------------------------- -* Zope 2.10 with Python 2.4.1+ +* Zope 2.10.2 with Python 2.4.3+ Note that Five 1.5 is already part of Zope 2.10. You can still install a newer Five version in your instance, if you like. It will Copied: Products.Five/branches/1.5/browser/tests/test_zope3security.py (from rev 71811, Products.Five/branches/1.4/browser/tests/test_zope3security.py) =================================================================== --- Products.Five/branches/1.4/browser/tests/test_zope3security.py 2007-01-08 15:27:41 UTC (rev 71811) +++ Products.Five/branches/1.5/browser/tests/test_zope3security.py 2007-01-08 16:16:26 UTC (rev 71815) @@ -0,0 +1,65 @@ +import os, sys +if __name__ == '__main__': + execfile(os.path.join(sys.path[0], 'framework.py')) + +def test_check_permission(): + """Code (in Zope 3) often uses + zope.security.management.checkPermission to determine whether the + current user has a certain permission in a given context. Five + inserts its own interaction that assures that such calls still + work. + + >>> configure_zcml = ''' + ... <configure + ... xmlns="http://namespaces.zope.org/zope" + ... xmlns:browser="http://namespaces.zope.org/browser"> + ... <securityPolicy + ... component="Products.Five.security.FiveSecurityPolicy" /> + ... <configure package="Products.Five.browser.tests"> + ... <browser:page + ... for="OFS.interfaces.IFolder" + ... class=".zope3security.Zope3SecurityView" + ... name="zope3security.html" + ... permission="zope2.View" + ... /> + ... </configure> + ... </configure>''' + + >>> import Products.Five + >>> from Products.Five import zcml + >>> zcml.load_config("configure.zcml", Products.Five) + >>> zcml.load_string(configure_zcml) + + In order to be able to traverse to the PageTemplate view, we need + a traversable object: + + >>> from Products.Five.tests.testing import manage_addFiveTraversableFolder + >>> manage_addFiveTraversableFolder(self.folder, 'testoid', 'Testoid') + + Now we access a page that uses + zope.security.management.checkPermission(). We see it works as + expected: + + >>> from Products.Five.testbrowser import Browser + >>> browser = Browser() + >>> browser.open('http://localhost/test_folder_1_/testoid/@@zope3security.html?permission=zope2.View') + >>> print browser.contents + Yes, you have the 'zope2.View' permission. + >>> browser.open('http://localhost/test_folder_1_/testoid/@@zope3security.html?permission=zope2.DeleteObjects') + >>> print browser.contents + No, you don't have the 'zope2.DeleteObjects' permission. + + Clean up: + + >>> from zope.app.testing.placelesssetup import tearDown + >>> tearDown() + + """ + +def test_suite(): + from Testing.ZopeTestCase import FunctionalDocTestSuite + from zope.testing.doctest import ELLIPSIS + return FunctionalDocTestSuite(optionflags=ELLIPSIS) + +if __name__ == '__main__': + framework() Copied: Products.Five/branches/1.5/browser/tests/zope3security.py (from rev 71811, Products.Five/branches/1.4/browser/tests/zope3security.py) =================================================================== --- Products.Five/branches/1.4/browser/tests/zope3security.py 2007-01-08 15:27:41 UTC (rev 71811) +++ Products.Five/branches/1.5/browser/tests/zope3security.py 2007-01-08 16:16:26 UTC (rev 71815) @@ -0,0 +1,10 @@ +from Products.Five import BrowserView +from zope.security.management import checkPermission + +class Zope3SecurityView(BrowserView): + + def __call__(self, permission): + if checkPermission(permission, self.context): + return "Yes, you have the %r permission." % permission + else: + return "No, you don't have the %r permission." % permission Modified: Products.Five/branches/1.5/meta.zcml =================================================================== --- Products.Five/branches/1.5/meta.zcml 2007-01-08 16:15:34 UTC (rev 71814) +++ Products.Five/branches/1.5/meta.zcml 2007-01-08 16:16:26 UTC (rev 71815) @@ -82,12 +82,19 @@ handler="zope.app.schema.metaconfigure.vocabulary" /> + <!-- BBB 2006/02/24, to be removed after 12 months --> <meta:directive name="defaultLayer" schema="zope.app.component.metadirectives.IDefaultLayerDirective" handler="zope.app.component.metaconfigure.defaultLayer" /> + <meta:directive + name="securityPolicy" + schema="zope.security.zcml.ISecurityPolicyDirective" + handler="zope.security.zcml.securityPolicy" + /> + </meta:directives> <meta:directives namespace="http://namespaces.zope.org/five"> Modified: Products.Five/branches/1.5/version.txt =================================================================== --- Products.Five/branches/1.5/version.txt 2007-01-08 16:15:34 UTC (rev 71814) +++ Products.Five/branches/1.5/version.txt 2007-01-08 16:16:26 UTC (rev 71815) @@ -1 +1 @@ -Five 1.5.1 +Five 1.5.2 _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins