[Erp5-report] r21057 - in /erp5/trunk/products/ERP5Type: Accessor/ tests/
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed May 21 14:46:09 CEST 2008
Author: aurel
Date: Wed May 21 14:46:02 2008
New Revision: 21057
URL: http://svn.erp5.org?rev=21057&view=rev
Log:
revert the commit about security on accessor as it seems not to work
with all zope2.8 versions
Modified:
erp5/trunk/products/ERP5Type/Accessor/Accessor.py
erp5/trunk/products/ERP5Type/tests/testERP5Type.py
Modified: erp5/trunk/products/ERP5Type/Accessor/Accessor.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/Accessor/Accessor.py?rev=21057&r1=21056&r2=21057&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/Accessor/Accessor.py (original)
+++ erp5/trunk/products/ERP5Type/Accessor/Accessor.py Wed May 21 14:46:02 2008
@@ -65,16 +65,3 @@
# Returns a reindexing alias
from Alias import ReindexAlias
return ReindexAlias(id, self.__name__)
-
-try:
- from ZODB.Transaction import Transaction
- # Zope 2.7 do not patch
-except ImportError:
- # Zope 2.8, patch
- class __roles__:
- @staticmethod
- def rolesForPermissionOn(ob):
- return getattr(ob.im_self, '%s__roles__' % ob.__name__)
-
- Accessor.__roles__ = __roles__
-
Modified: erp5/trunk/products/ERP5Type/tests/testERP5Type.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/tests/testERP5Type.py?rev=21057&r1=21056&r2=21057&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/tests/testERP5Type.py (original)
+++ erp5/trunk/products/ERP5Type/tests/testERP5Type.py Wed May 21 14:46:02 2008
@@ -2095,136 +2095,6 @@
finally:
removeZODBPythonScript(script_container, script_id)
- def test_DefaultSecurityOnAccessors(self):
- # Test accessors are protected correctly
- try:
- from ZODB.Transaction import Transaction
- return
- # Zope 2.7 do not test
- except ImportError:
- pass
-
- self._addProperty('Person',
- ''' { 'id': 'foo_bar',
- 'type': 'string',
- 'mode': 'w', }''')
- obj = self.getPersonModule().newContent(portal_type='Person')
-
- self.assertTrue(guarded_hasattr(obj, 'setFooBar'))
- self.assertTrue(guarded_hasattr(obj, 'getFooBar'))
-
- # setter is protected by default with modify portal content
- obj.manage_permission(Permissions.ModifyPortalContent, [], 0)
- self.assertFalse(guarded_hasattr(obj, 'setFooBar'))
- self.assertTrue(guarded_hasattr(obj, 'getFooBar'))
-
- # getter is protected with Access content information
- obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1)
- obj.manage_permission(Permissions.AccessContentsInformation, [], 0)
- self.assertTrue(guarded_hasattr(obj, 'setFooBar'))
- self.assertFalse(guarded_hasattr(obj, 'getFooBar'))
-
- def test_DefaultSecurityOnListAccessors(self):
- try:
- from ZODB.Transaction import Transaction
- return
- # Zope 2.7 do not test
- except ImportError:
- pass
-
- # Test list accessors are protected correctly
- self._addProperty('Person',
- ''' { 'id': 'foo_bar',
- 'type': 'lines',
- 'mode': 'w', }''')
- obj = self.getPersonModule().newContent(portal_type='Person')
- self.assertTrue(guarded_hasattr(obj, 'setFooBarList'))
- self.assertTrue(guarded_hasattr(obj, 'getFooBarList'))
-
- # setter is protected by default with modify portal content
- obj.manage_permission(Permissions.ModifyPortalContent, [], 0)
- self.assertFalse(guarded_hasattr(obj, 'setFooBarList'))
- self.assertTrue(guarded_hasattr(obj, 'getFooBarList'))
-
- # getter is protected with Access content information
- obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1)
- obj.manage_permission(Permissions.AccessContentsInformation, [], 0)
- self.assertTrue(guarded_hasattr(obj, 'setFooBarList'))
- self.assertFalse(guarded_hasattr(obj, 'getFooBarList'))
-
- def test_DefaultSecurityOnCategoryAccessors(self):
- try:
- from ZODB.Transaction import Transaction
- return
- # Zope 2.7 do not test
- except ImportError:
- pass
-
- # Test category accessors are protected correctly
- obj = self.getPersonModule().newContent(portal_type='Person')
- self.assertTrue(guarded_hasattr(obj, 'setRegion'))
- self.assertTrue(guarded_hasattr(obj, 'setRegionValue'))
- self.assertTrue(guarded_hasattr(obj, 'setRegionList'))
- self.assertTrue(guarded_hasattr(obj, 'setRegionValueList'))
- self.assertTrue(guarded_hasattr(obj, 'getRegion'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionValue'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionList'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionValueList'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionRelatedValueList'))
-
- # setter is protected by default with modify portal content
- obj.manage_permission(Permissions.ModifyPortalContent, [], 0)
- self.assertFalse(guarded_hasattr(obj, 'setRegion'))
- self.assertFalse(guarded_hasattr(obj, 'setRegionValue'))
- self.assertFalse(guarded_hasattr(obj, 'setRegionList'))
- self.assertFalse(guarded_hasattr(obj, 'setRegionValueList'))
- self.assertTrue(guarded_hasattr(obj, 'getRegion'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionValue'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionList'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionValueList'))
- self.assertTrue(guarded_hasattr(obj, 'getRegionRelatedValueList'))
-
- # getter is protected with Access content information
- obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1)
- obj.manage_permission(Permissions.AccessContentsInformation, [], 0)
- self.assertTrue(guarded_hasattr(obj, 'setRegion'))
- self.assertTrue(guarded_hasattr(obj, 'setRegionValue'))
- self.assertTrue(guarded_hasattr(obj, 'setRegionList'))
- self.assertTrue(guarded_hasattr(obj, 'setRegionValueList'))
- self.assertFalse(guarded_hasattr(obj, 'getRegion'))
- self.assertFalse(guarded_hasattr(obj, 'getRegionValue'))
- self.assertFalse(guarded_hasattr(obj, 'getRegionList'))
- self.assertFalse(guarded_hasattr(obj, 'getRegionValueList'))
- self.assertFalse(guarded_hasattr(obj, 'getRegionRelatedValueList'))
-
- def test_PropertySheetSecurityOnAccessors(self):
- try:
- from ZODB.Transaction import Transaction
- return
- # Zope 2.7 do not test
- except ImportError:
- pass
-
- # Test accessors are protected correctly when you specify the permission
- # in the property sheet.
- self._addProperty('Person',
- ''' { 'id': 'foo_bar',
- 'write_permission' : 'Set own password',
- 'read_permission' : 'Manage users',
- 'type': 'string',
- 'mode': 'w', }''')
- obj = self.getPersonModule().newContent(portal_type='Person')
- self.assertTrue(guarded_hasattr(obj, 'setFooBar'))
- self.assertTrue(guarded_hasattr(obj, 'getFooBar'))
-
- obj.manage_permission('Set own password', [], 0)
- self.assertFalse(guarded_hasattr(obj, 'setFooBar'))
- self.assertTrue(guarded_hasattr(obj, 'getFooBar'))
-
- obj.manage_permission('Set own password', ['Manager'], 1)
- obj.manage_permission('Manage users', [], 0)
- self.assertTrue(guarded_hasattr(obj, 'setFooBar'))
- self.assertFalse(guarded_hasattr(obj, 'getFooBar'))
def test_suite():
suite = unittest.TestSuite()
More information about the Erp5-report
mailing list