Update AccessControl package to deal with various forms of Unicode and add...

Update AccessControl package to deal with various forms of Unicode and add some tests to make sure. This fixes Collector #1034.

Update AccessControl package to deal with various forms of Unicode and add...
Update AccessControl package to deal with various forms of Unicode and add some tests to make sure. This fixes Collector #1034.
291c4c73 · Chris McDonough · 586ead91 · 291c4c73 · 291c4c73 · 291c4c73
Commit 291c4c73 authored Oct 24, 2003 by Chris McDonough
4 changed files
--- a/lib/python/AccessControl/PermissionRole.py
+++ b/lib/python/AccessControl/PermissionRole.py
@@ -13,8 +13,8 @@
 __doc__='''Objects that implement Permission-based roles.
-$Id: PermissionRole.py,v 1.18 2003/06/10 15:39:04 shane Exp $'''
+$Id: PermissionRole.py,v 1.19 2003/10/24 01:21:48 chrism Exp $'''
-__version__='$Revision: 1.18 $'[11:-2]
+__version__='$Revision: 1.19 $'[11:-2]
 _use_python_impl = 0
 import os
@@ -85,7 +85,8 @@ if _use_python_impl:
        """Implement permission-based roles
        """
-        def __of__(self, parent,tt=type(()),st=type(''),getattr=getattr):
+        def __of__(self, parent,tt=type(()),st=type(''),ut=type(u''),
+                   getattr=getattr):
            obj=parent
            n=self._p
            r=None
@@ -102,7 +103,7 @@ if _use_python_impl:
                        if r is None: return roles
                        return r+list(roles)
-                    if t is st:
+                    if t in (st, ut):
                        # We found roles set to a name.  Start over
                        # with the new permission name.  If the permission
                        # name is '', then treat as private!

--- a/lib/python/AccessControl/ZopeSecurityPolicy.py
+++ b/lib/python/AccessControl/ZopeSecurityPolicy.py
@@ -13,8 +13,8 @@
 __doc__='''Define Zope\'s default security policy
-$Id: ZopeSecurityPolicy.py,v 1.23 2003/06/10 15:39:04 shane Exp $'''
+$Id: ZopeSecurityPolicy.py,v 1.24 2003/10/24 01:21:48 chrism Exp $'''
-__version__='$Revision: 1.23 $'[11:-2]
+__version__='$Revision: 1.24 $'[11:-2]
 _use_python_impl = 0
@@ -33,7 +33,7 @@ else:
 if _use_python_impl:
-    from types import StringType
+    from types import StringType, UnicodeType
    import SimpleObjectPolicies
    from AccessControl import Unauthorized
@@ -193,6 +193,6 @@ if _use_python_impl:
        def checkPermission(self, permission, object, context):
            # XXX proxy roles and executable owner are not checked
            roles=rolesForPermissionOn(permission, object)
-            if type(roles) is StringType:
+            if type(roles) in (StringType, UnicodeType):
                roles=[roles]
            return context.user.allowed(object, roles)
--- a/lib/python/AccessControl/cAccessControl.c
+++ b/lib/python/AccessControl/cAccessControl.c
@@ -36,7 +36,7 @@
  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
  DAMAGE.
-  $Id: cAccessControl.c,v 1.21 2003/09/11 16:00:42 jeremy Exp $
+  $Id: cAccessControl.c,v 1.22 2003/10/24 01:21:48 chrism Exp $
  If you have questions regarding this software,
  contact:
@@ -758,13 +758,14 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
          return NULL;
 	/*| # Provide special rules for acquisition attributes
-	**| if type(name) is StringType:
+	**| if type(name) in (StringType, UnicodeType):
 	**|     if name[:3] == 'aq_' and name not in valid_aq_:
 	**|	   raise Unauthorized(name, value)
 	*/ 
-	if (PyString_Check(name)) {		/* XXX what about unicode? */
+	if ( PyString_Check(name) || PyUnicode_Check(name) ) {
-		sname = PyString_AS_STRING(name);
+	    sname = PyString_AsString(name); 
+	    if (sname != NULL) {
 		if (*sname == 'a' && sname[1]=='q' && sname[2]=='_') {
 			if (strcmp(sname,"aq_parent")   != 0 &&
                            strcmp(sname,"aq_inner") != 0 &&
@@ -775,6 +776,7 @@ static PyObject *ZopeSecurityPolicy_validate(PyObject *self, PyObject *args) {
 		            }
 	        }
 	    }
+	}
 	Py_XINCREF(roles);	/* Convert the borrowed ref to a real one */
@@ -1145,11 +1147,11 @@ static PyObject *ZopeSecurityPolicy_checkPermission(PyObject *self,
 	if (roles == NULL)
          return NULL;
-	/*| if type(roles) is StringType:
+	/*| if type(roles) in (StringType, UnicodeType):
 	**|	roles = [roles]
 	*/
-	if (PyString_Check(roles)) {
+	if ( PyString_Check(roles) || PyUnicode_Check(roles) ) {
          PyObject *r;
          r = PyList_New(1);
@@ -1294,21 +1296,22 @@ SecurityManager_dealloc(SecurityManager *self)
 static PyObject *
 SecurityManager_getattro(SecurityManager *self, PyObject *name)
 {
-  if (PyString_Check(name) && PyString_AS_STRING(name)[0]=='_')
+  if ( (PyString_Check(name) || PyUnicode_Check(name) ) && 
+       PyString_AsString(name)[0]=='_' )
    {
-      if (strcmp(PyString_AS_STRING(name), "_thread_id")==0 
+      if (strcmp(PyString_AsString(name), "_thread_id")==0 
          && self->thread_id)
        {
          Py_INCREF(self->thread_id);
          return self->thread_id;
        }
-      else if (strcmp(PyString_AS_STRING(name), "_context")==0 
+      else if (strcmp(PyString_AsString(name), "_context")==0 
               && self->context)
        {
          Py_INCREF(self->context);
          return self->context;
        }
-      else if (strcmp(PyString_AS_STRING(name), "_policy")==0 
+      else if (strcmp(PyString_AsString(name), "_policy")==0 
               && self->policy)
        {
          Py_INCREF(self->policy);
@@ -1322,21 +1325,22 @@ SecurityManager_getattro(SecurityManager *self, PyObject *name)
 static int 
 SecurityManager_setattro(SecurityManager *self, PyObject *name, PyObject *v)
 {
-  if (v && PyString_Check(name) && PyString_AS_STRING(name)[0]=='_')
+  if ( (PyString_Check(name) || PyUnicode_Check(name) ) && 
+       PyString_AsString(name)[0]=='_' )
    {
-      if (strcmp(PyString_AS_STRING(name), "_thread_id")==0)
+      if (strcmp(PyString_AsString(name), "_thread_id")==0)
        {
          Py_INCREF(v);
          ASSIGN(self->thread_id, v);
          return 0;
        }
-      else if (strcmp(PyString_AS_STRING(name), "_context")==0)
+      else if (strcmp(PyString_AsString(name), "_context")==0)
        {
          Py_INCREF(v);
          ASSIGN(self->context, v);
          return 0;
        }
-      else if (strcmp(PyString_AS_STRING(name), "_policy")==0)
+      else if (strcmp(PyString_AsString(name), "_policy")==0)
        {
          Py_INCREF(v);
          ASSIGN(self->policy, v);
@@ -1485,7 +1489,7 @@ static void PermissionRole_dealloc(PermissionRole *self) {
 static PyObject *PermissionRole_getattro(PermissionRole *self, PyObject *name) {
  	PyObject  *result= NULL;
-  	char      *name_s= PyString_AsString(name);
+        char      *name_s = PyString_AsString(name);
 	/* see whether we know the attribute */
 	/* we support both the old "_d" (from the Python implementation)
@@ -1595,13 +1599,13 @@ static PyObject *imPermissionRole_of(imPermissionRole *self, PyObject *args) {
 			}
 		/*|
-		**|       if t is StringType:
+		**|       if t in (StringType, UnicodeType):
 		**|          # We found roles set to a name.  Start over
 		**|	     # with the new permission name.  If the permission
 		**|	     # name is '', then treat as private!
 		*/
-			if (PyString_Check(roles)) {
+			if (PyString_Check(roles) || PyUnicode_Check(roles)) {
 		/*|
 		**|          if roles:
@@ -1911,7 +1915,8 @@ guarded_getattr(PyObject *inst, PyObject *name, PyObject *default_,
  int i;
  /* if name[:1] != '_': */
-  if (PyString_Check(name) && PyString_AS_STRING(name)[0] != '_')
+  if ( (PyString_Check(name) || PyUnicode_Check(name)) && 
+       PyString_AsString(name)[0] != '_')
    {
      /*
@@ -2078,7 +2083,7 @@ void initcAccessControl(void) {
 	module = Py_InitModule3("cAccessControl",
 		cAccessControl_methods,
-		"$Id: cAccessControl.c,v 1.21 2003/09/11 16:00:42 jeremy Exp $\n");
+		"$Id: cAccessControl.c,v 1.22 2003/10/24 01:21:48 chrism Exp $\n");
 	aq_init(); /* For Python <= 2.1.1, aq_init() should be after
                      Py_InitModule(). */

--- a/lib/python/AccessControl/tests/testZopeSecurityPolicy.py
+++ b/lib/python/AccessControl/tests/testZopeSecurityPolicy.py
@@ -13,8 +13,8 @@
 """Tests of ZopeSecurityPolicy
 """
-__rcs_id__='$Id: testZopeSecurityPolicy.py,v 1.6 2003/06/10 15:39:04 shane Exp $'
+__rcs_id__='$Id: testZopeSecurityPolicy.py,v 1.7 2003/10/24 01:21:49 chrism Exp $'
-__version__='$Revision: 1.6 $'[11:-2]
+__version__='$Revision: 1.7 $'[11:-2]
 import os, sys, unittest
@@ -207,6 +207,14 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
        c.attr = PublicMethod()
        self.assertPolicyAllows(c, 'attr')
+    def testUnicodeAttributeLookups(self):
+        item = self.item
+        r_item = self.a.r_item
+        self.assertPolicyAllows(item, u'public_prop')
+        self.assertPolicyDenies(r_item, u'private_prop')
+        self.assertPolicyAllows(item, u'public_m')
+        self.assertPolicyDenies(item, u'dangerous_m')
    def testRolesForPermission(self):
        # Test of policy.checkPermission().
        r_item = self.a.r_item
@@ -217,6 +225,15 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
        v = self.policy.checkPermission('View', r_item, o_context)
        self.assert_(v, '_View_Permission should grant access to theowner')
+    def testUnicodeRolesForPermission(self):
+        r_item = self.a.r_item
+        context = self.context
+        v = self.policy.checkPermission(u'View', r_item, context)
+        self.assert_(not v, '_View_Permission should deny access to user')
+        o_context = SecurityContext(self.uf.getUserById('theowner'))
+        v = self.policy.checkPermission(u'View', r_item, o_context)
+        self.assert_(v, '_View_Permission should grant access to theowner')
    def testAqNames(self):
        policy = self.policy
        names = {
@@ -252,7 +269,7 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
 def test_suite():
    suite = unittest.TestSuite()
-    suite.addTest(unittest.makeSuite(ZopeSecurityPolicyTests))
+    suite.addTest(unittest.makeSuite(ZopeSecurityPolicyTests, 'test'))
    return suite
 def main():