Log message for revision 113898:
  LP #578326: Issue a warning if someone specifies a non-public permission 
attribute in the browser:view directive. This attribute has never been 
supported in Zope 2. This should at least make it obvious where people might 
have been relying on false security assumptions.
  

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/Products/Five/browser/meta.zcml
  U   Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst  2010-06-26 15:33:27 UTC (rev 113897)
+++ Zope/branches/2.12/doc/CHANGES.rst  2010-06-26 15:57:34 UTC (rev 113898)
@@ -11,6 +11,9 @@
 Bugs Fixed
 ++++++++++
 
+- LP #578326: Issue a warning if someone specifies a non-public permission
+  attribute in the browser:view directive. This attribute has never been
+  supported in Zope 2.
 
 
 2.12.8 (2010-06-25)

Modified: Zope/branches/2.12/src/Products/Five/browser/meta.zcml
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/meta.zcml      2010-06-26 
15:33:27 UTC (rev 113897)
+++ Zope/branches/2.12/src/Products/Five/browser/meta.zcml      2010-06-26 
15:57:34 UTC (rev 113898)
@@ -42,7 +42,7 @@
 
     <meta:complexDirective
         name="view"
-        schema="zope.app.publisher.browser.metadirectives.IViewDirective"
+        schema=".metaconfigure.IFiveViewDirective"
         handler=".metaconfigure.view"
         >
 

Modified: Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py
===================================================================
--- Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py       
2010-06-26 15:33:27 UTC (rev 113897)
+++ Zope/branches/2.12/src/Products/Five/browser/metaconfigure.py       
2010-06-26 15:57:34 UTC (rev 113898)
@@ -20,6 +20,7 @@
 """
 import os
 from inspect import ismethod
+import warnings
 
 from zope import component
 from zope.interface import implements
@@ -31,6 +32,7 @@
 from zope.publisher.interfaces.browser import IDefaultBrowserLayer
 from zope.publisher.interfaces.browser import IBrowserPublisher
 from zope.publisher.interfaces.browser import IBrowserRequest
+from zope.security.zcml import Permission
 
 import zope.app.publisher.browser.viewmeta
 from zope.app.publisher.browser.viewmeta import providesCallable
@@ -177,8 +179,44 @@
 
 # view (named view with pages)
 
+from zope.app.publisher.browser.metadirectives import IViewDirective
+
+class IFiveViewDirective(IViewDirective):
+
+    permission = Permission(
+        title=u"Permission",
+        description=u"The permission needed to use the view.",
+        required=False,
+        )
+
+
 class view(zope.app.publisher.browser.viewmeta.view):
 
+    # Let the permission default to zope.Public and not be required
+    # We should support this, as more users are expecting it to work.
+    def __init__(self, _context, for_, permission=None,
+                 name='', layer=IDefaultBrowserLayer, class_=None,
+                 allowed_interface=None, allowed_attributes=None,
+                 menu=None, title=None, provides=Interface,
+                 ):
+        if permission is None:
+            permission = 'zope.Public'
+        elif permission in ('zope.Public', 'zope2.Public'):
+            # No need to warn about the default case
+            pass
+        else:
+            warnings.warn("The permission option of the <browser:view /> "
+                          "directive is not supported in Zope 2. " + \
+                          "Ignored for %s in %s" %
+                          (str(class_), _context.info), stacklevel=3)
+
+        super(view, self).__init__(
+            _context, for_, permission=permission, name=name, layer=layer,
+            class_=class_, allowed_interface=allowed_interface,
+            allowed_attributes=allowed_attributes, menu=menu, title=title,
+            provides=provides)
+
+
     def __call__(self):
         (_context, name, for_, permission, layer, class_,
          allowed_interface, allowed_attributes) = self.args

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to