Merge r114488 from 2.12 branch

3168d870 · Martin Aspeli · 916bcfd9 · 3168d870 · 3168d870 · 3168d870
Commit 3168d870 authored Jul 10, 2010 by Martin Aspeli
3 changed files
--- a/src/Products/Five/browser/metaconfigure.py
+++ b/src/Products/Five/browser/metaconfigure.py
@@ -201,15 +201,7 @@ class view(zope.browserpage.metaconfigure.view):
                 ):
        if permission is None:
            permission = 'zope.Public'
-        elif permission in ('zope.Public', 'zope2.Public'):
-            # No need to warn about the default case
-            pass
-        else:
-            warnings.warn("The permission option of the <browser:view /> "
-                          "directive is not supported in Zope 2. " + \
-                          "Ignored for %s in %s" %
-                          (str(class_), _context.info), stacklevel=3)
        super(view, self).__init__(
            _context, permission, for_=for_, name=name, layer=layer,
            class_=class_, allowed_interface=allowed_interface,
@@ -314,6 +306,42 @@ class view(zope.browserpage.metaconfigure.view):
                    newclass, (for_, layer), self.provides, name,
                    _context.info),
            )
+        # Security
+        _context.action(
+            discriminator = ('five:protectClass', newclass),
+            callable = protectClass,
+            args = (newclass, permission)
+            )
+        if allowed_attributes:
+            for attr in allowed_attributes:
+                _context.action(
+                    discriminator = ('five:protectName', newclass, attr),
+                    callable = protectName,
+                    args = (newclass, attr, permission)
+                    )
+        # Make everything else private
+        allowed = allowed_attributes or []
+        private_attrs = [name for name in dir(newclass)
+                         if (not name.startswith('_')) and
+                            (name not in allowed) and
+                            ismethod(getattr(newclass, name))]
+        for attr in private_attrs:
+            _context.action(
+                discriminator = ('five:protectName', newclass, attr),
+                callable = protectName,
+                args = (newclass, attr, CheckerPrivateId)
+                )
+        # Protect the class
+        _context.action(
+            discriminator = ('five:initialize:class', newclass),
+            callable = InitializeClass,
+            args = (newclass,)
+            )
 _factory_map = {'image':{'prefix':'ImageResource',
                         'count':0,

--- a/src/Products/Five/browser/tests/pages.txt
+++ b/src/Products/Five/browser/tests/pages.txt
@@ -253,12 +253,34 @@ C methods work the same
  >>> aq_parent(aq_inner(context))
  <Folder at /test_folder_1_> 
+The same applies to a view registered with <browser:view /> instead of
+<browser:page />
+  >>> request = TestRequest()
+  >>> view = getMultiAdapter((self.folder.testoid, request), name=u'permission_view')
+  >>> view.__ac_permissions__
+  (('View management screens', ('',)),)
+  >>> aq_acquire(view, '__roles__')
+  ('Manager',)
+  >>> context = view.context
+  >>> from Acquisition import ImplicitAcquisitionWrapper
+  >>> type(context) == ImplicitAcquisitionWrapper
+  True
+  >>> view.__parent__ == view.context
+  True
+  >>> aq_parent(view) == view.context
+  True
+  >>> context.aq_inner.aq_parent
+  <Folder at /test_folder_1_> 
+  >>> aq_parent(aq_inner(context))
+  <Folder at /test_folder_1_> 
 High-level security
 -------------------
  >>> protected_view_names = [
  ...     'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
-  ...     'condor.html']
+  ...     'condor.html', 'permission_view']
  >>> 
  >>> public_view_names = [
  ...     'public_attribute_page',

--- a/src/Products/Five/browser/tests/pages.zcml
+++ b/src/Products/Five/browser/tests/pages.zcml
@@ -232,7 +232,15 @@
      class=".pages.SimpleView"
      permission="zope2.Public"
      />
+  <!-- A named view with permissions -->
+  <browser:view
+      name="permission_view"
+      for="Products.Five.tests.testing.simplecontent.ISimpleContent"
+      class=".pages.CallView"
+      permission="zope2.ViewManagementScreens"
+      />
  <!-- stuff that we'll override in overrides.zcml -->
  <browser:page
      for="Products.Five.tests.testing.simplecontent.ISimpleContent"