Merge fix for #2072 into trunk

ae79aa21 · Alec Mitchell · 26faf842 · ae79aa21 · ae79aa21
Commit ae79aa21 authored Apr 21, 2006 by Alec Mitchell
Hide whitespace changes
Inline Side-by-side

Showing with 77 additions and 2 deletions

lib/python/OFS/Traversable.py lib/python/OFS/Traversable.py +14 -2

lib/python/OFS/tests/testTraverse.py lib/python/OFS/tests/testTraverse.py +63 -0

No files found.
--- a/lib/python/OFS/Traversable.py
+++ b/lib/python/OFS/Traversable.py
@@ -206,8 +206,20 @@ class Traversable:
                        else:
                            # Can't determine container
                            container = _none
-                        if not securityManager.validate(
-                            obj, container, name, next):
+                        try:
+                            validated = securityManager.validate(
+                                                   obj, container, name, next)
+                        except Unauthorized:
+                            # If next is a simple unwrapped property, it's
+                            # parentage is indeterminate, but it may have been
+                            # acquired safely.  In this case validate will
+                            # raise an error, and we can explicitly check that
+                            # our value was acquired safely.
+                            validated = 0
+                            if container is _none and \
+                                   guarded_getattr(obj, name, marker) is next:
+                                validated = 1
+                        if not validated:
                            raise Unauthorized, name
                else:
                    if restricted:

--- a/lib/python/OFS/tests/testTraverse.py
+++ b/lib/python/OFS/tests/testTraverse.py
@@ -22,6 +22,7 @@ import cStringIO
 import transaction
 import ZODB, Acquisition, transaction
 from AccessControl import SecurityManager, Unauthorized
+from AccessControl.Permissions import access_contents_information
 from AccessControl.SecurityManagement import newSecurityManager
 from AccessControl.SecurityManagement import noSecurityManager
 from Acquisition import aq_base
@@ -102,6 +103,16 @@ class BoboTraversable(SimpleItem):
    bb_status = 'screechy'


+class BoboTraversableWithAcquisition(SimpleItem):
+    """
+       A BoboTraversable class which may use acquisition to find objects.
+       This is similar to how the __bobo_traverse__ added by Five behaves).
+    """
+
+    def __bobo_traverse__(self, request, name):
+        return Acquisition.aq_get(self, name)
+
+
 def makeConnection():
    import ZODB
    from ZODB.DemoStorage import DemoStorage
@@ -235,6 +246,58 @@ class TestTraverse( unittest.TestCase ):
        self.failUnless(
            bb.restrictedTraverse('manufactured') is 42)

+    def testBoboTraverseToAcquiredObject(self):
+        # Verify it's possible to use a __bobo_traverse__ which retrieves
+        # objects by acquisition
+        noSecurityManager()
+        SecurityManager.setSecurityPolicy( self.oldPolicy )
+        bb = BoboTraversableWithAcquisition()
+        bb = bb.__of__(self.root)
+        self.assertEqual(
+            bb.restrictedTraverse('folder1'), bb.folder1)
+        self.assertEqual(
+            Acquisition.aq_inner(bb.restrictedTraverse('folder1')),
+            self.root.folder1)
+
+    def testBoboTraverseToAcquiredProtectedObject(self):
+        # Verify it's possible to use a __bobo_traverse__ which retrieves
+        # objects by acquisition
+        noSecurityManager()
+        SecurityManager.setSecurityPolicy( self.oldPolicy )
+        folder = self.root.folder1
+        # restrict the ability to access the retrieved object itself
+        folder.manage_permission(access_contents_information, [], 0)
+        bb = BoboTraversableWithAcquisition()
+        bb = bb.__of__(self.root)
+        self.failUnlessRaises(Unauthorized,
+                              self.root.folder1.restrictedTraverse, 'folder1')
+
+    def testBoboTraverseToAcquiredAttribute(self):
+        # Verify it's possible to use __bobo_traverse__ to an acquired
+        # attribute
+        noSecurityManager()
+        SecurityManager.setSecurityPolicy( self.oldPolicy )
+        folder = self.root.folder1
+        folder.stuff = 'stuff here'
+        bb = BoboTraversableWithAcquisition()
+        bb = bb.__of__(folder)
+        self.assertEqual(
+            bb.restrictedTraverse('stuff'), 'stuff here')
+
+    def testBoboTraverseToAcquiredProtectedAttribute(self):
+        # Verify that using __bobo_traverse__ to get an acquired but
+        # protected attribute results in Unauthorized
+        noSecurityManager()
+        SecurityManager.setSecurityPolicy( self.oldPolicy )
+        folder = self.root.folder1
+        # We protect the the attribute by restricting access to the parent
+        folder.manage_permission(access_contents_information, [], 0)
+        folder.stuff = 'stuff here'
+        bb = BoboTraversableWithAcquisition()
+        bb = bb.__of__(folder)
+        self.failUnlessRaises(Unauthorized,
+                              self.root.folder1.restrictedTraverse, 'stuff')
+
    def testAcquiredAttributeDenial(self):
        # Verify that restrictedTraverse raises the right kind of exception
        # on denial of access to an acquired attribute.  If it raises