Log message for revision 30108:
  Added an _unrestrictedGetObject method to catalog brains.
  
  

Changed:
  U   Zope/trunk/doc/CHANGES.txt
  U   Zope/trunk/lib/python/Products/ZCatalog/CatalogBrains.py
  U   Zope/trunk/lib/python/Products/ZCatalog/tests/testCatalog.py

-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt  2005-04-22 15:48:42 UTC (rev 30107)
+++ Zope/trunk/doc/CHANGES.txt  2005-04-22 16:21:14 UTC (rev 30108)
@@ -30,6 +30,9 @@
       - Added lazy: TAL expression and fixed defer: expression for python
         expression
 
+      - ZCatalog.CatalogBrains: An _unrestrictedGetObject method has
+        been added.
+
     Bugs fixed
   
       - Collector #1754: Fixed import of 'transaction' in
@@ -59,7 +62,7 @@
         cannot access (raising Unauthorized).  Sites which rely on the old
         behavior can restore setting a new zope.conf option,
         'catalog-getObject-raises', to "off".
-        
+
         This compatibility option will be removed in Zope 2.10.
 
       - PluginIndexes: the ZCatalog's "Indexes" tab now show the number of

Modified: Zope/trunk/lib/python/Products/ZCatalog/CatalogBrains.py
===================================================================
--- Zope/trunk/lib/python/Products/ZCatalog/CatalogBrains.py    2005-04-22 
15:48:42 UTC (rev 30107)
+++ Zope/trunk/lib/python/Products/ZCatalog/CatalogBrains.py    2005-04-22 
16:21:14 UTC (rev 30108)
@@ -14,12 +14,10 @@
 __version__ = "$Revision$"[11:-2]
 
 import Acquisition, Record
-from zExceptions import NotFound
-from zExceptions import Unauthorized
 from ZODB.POSException import ConflictError
 
-# Switch for new behavior, raise NotFound instead of returning None.
-# Use 'catalog-getOb-raises off' in zope.conf to restore old behavior.
+# Switch for new behavior, raise exception instead of returning None.
+# Use 'catalog-getObject-raises off' in zope.conf to restore old behavior.
 GETOBJECT_RAISES = True
 
 class AbstractCatalogBrain(Record.Record, Acquisition.Implicit):
@@ -45,6 +43,20 @@
         #     avoid bare except band-aids and find a real solution.
         return self.REQUEST.physicalPathToURL(self.getPath(), relative)
 
+    def _unrestrictedGetObject(self):
+        """Return the object for this record
+
+        Same as getObject, but does not do security checks.
+        """
+        try:
+            return self.aq_parent.unrestrictedTraverse(self.getPath())
+        except ConflictError:
+            raise
+        except:
+            if GETOBJECT_RAISES:
+                raise
+            return None
+
     def getObject(self, REQUEST=None):
         """Return the object for this record
 

Modified: Zope/trunk/lib/python/Products/ZCatalog/tests/testCatalog.py
===================================================================
--- Zope/trunk/lib/python/Products/ZCatalog/tests/testCatalog.py        
2005-04-22 15:48:42 UTC (rev 30107)
+++ Zope/trunk/lib/python/Products/ZCatalog/tests/testCatalog.py        
2005-04-22 16:21:14 UTC (rev 30108)
@@ -626,7 +626,7 @@
         self.assertEqual(brain.getObject().getId(), 'ob')
 
     def test_getObject_missing_raises_NotFound(self):
-        # Check that if the object is missing None is returned
+        # Check that if the object is missing we raise
         from zExceptions import NotFound
         self._init_getObject_flag(True)
         root = self.root
@@ -699,7 +699,65 @@
         self.failIf(ob is None)
         self.assertEqual(ob.getId(), 'ob')
 
+    # Now test _unrestrictedGetObject
 
+    def test_unrestrictedGetObject_found(self):
+        # Check normal traversal
+        root = self.root
+        catalog = root.catalog
+        root.ob = Folder('ob')
+        catalog.catalog_object(root.ob)
+        brain = catalog.searchResults()[0]
+        self.assertEqual(brain.getPath(), '/ob')
+        self.assertEqual(brain._unrestrictedGetObject().getId(), 'ob')
+
+    def test_unrestrictedGetObject_restricted(self):
+        # Check that if the object's security does not allow traversal,
+        # it's still is returned
+        root = self.root
+        catalog = root.catalog
+        root.fold = Folder('fold')
+        root.fold.ob = Folder('ob')
+        catalog.catalog_object(root.fold.ob)
+        brain = catalog.searchResults()[0]
+        # allow all accesses
+        pickySecurityManager = PickySecurityManager()
+        setSecurityManager(pickySecurityManager)
+        self.assertEqual(brain._unrestrictedGetObject().getId(), 'ob')
+        # disallow just 'ob' access
+        pickySecurityManager = PickySecurityManager(['ob'])
+        setSecurityManager(pickySecurityManager)
+        self.assertEqual(brain._unrestrictedGetObject().getId(), 'ob')
+        # disallow just 'fold' access
+        pickySecurityManager = PickySecurityManager(['fold'])
+        setSecurityManager(pickySecurityManager)
+        self.assertEqual(brain._unrestrictedGetObject().getId(), 'ob')
+
+    def test_unrestrictedGetObject_missing_raises_NotFound(self):
+        # Check that if the object is missing we raise
+        from zExceptions import NotFound
+        self._init_getObject_flag(True)
+        root = self.root
+        catalog = root.catalog
+        root.ob = Folder('ob')
+        catalog.catalog_object(root.ob)
+        brain = catalog.searchResults()[0]
+        del root.ob
+        self.assertRaises((NotFound, AttributeError, KeyError),
+                          brain._unrestrictedGetObject)
+
+    def test_unrestrictedGetObject_missing_returns_None(self):
+        # Check that if the object is missing None is returned
+        self._init_getObject_flag(False)
+        root = self.root
+        catalog = root.catalog
+        root.ob = Folder('ob')
+        catalog.catalog_object(root.ob)
+        brain = catalog.searchResults()[0]
+        del root.ob
+        self.assertEqual(brain._unrestrictedGetObject(), None)
+
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest( unittest.makeSuite( TestAddDelColumn ) )

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to