Skip to content

Z
Zope
Commit d8573ace authored by Martijn Pieters's avatar Martijn Pieters
Browse files
Options

Fix two snafus: 

- Python 2.3 doesn't support the @decorator syntax
- Owner.py methods weren't protected

Also, python 2.3's doctest module doesn't have any unittest integration,
just remove the test_requestmethod.py glue.
parent bf9432a5
Hide whitespace changes
Inline Side-by-side
Showing with 29 additions and 55 deletions
lib/python/AccessControl/Owned.py
View file @ d8573ace
......@@ -189,6 +189,7 @@ class Owned(ExtensionClass.Base):
self.changeOwnership(security.getUser(), recursive)
RESPONSE.redirect(REQUEST['HTTP_REFERER'])
manage_takeOwnership = postonly(manage_takeOwnership)
def manage_changeOwnershipType(self, explicit=1,
RESPONSE=None, REQUEST=None):
......@@ -209,6 +210,7 @@ class Owned(ExtensionClass.Base):
del self._owner
if RESPONSE is not None: RESPONSE.redirect(REQUEST['HTTP_REFERER'])
manage_changeOwnershipType = postonly(manage_changeOwnershipType)
def _deleteOwnershipAfterAdd(self):
......
lib/python/AccessControl/PermissionMapping.py
View file @ d8573ace
......@@ -57,7 +57,6 @@ class RoleManager:
a({'permission_name': ac_perms[0], 'class_permission': p})
return r
@postonly
def manage_setPermissionMapping(self,
permission_names=[],
class_permissions=[], REQUEST=None):
......@@ -86,6 +85,7 @@ class RoleManager:
return self.manage_access(
REQUEST,
manage_tabs_message='The permission mapping has been updated')
manage_setPermissionMapping = postonly(manage_setPermissionMapping)
def _isBeingUsedAsAMethod(self, REQUEST =None, wannaBe=0):
try:
......
lib/python/AccessControl/Role.py
View file @ d8573ace
......@@ -132,7 +132,6 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
help_topic='Security_Manage-Role.stx',
help_product='OFSP')
@postonly
def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
"""Change the permissions given to the given role.
"""
......@@ -143,13 +142,13 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
p.setRole(role_to_manage, name in permissions)
if REQUEST is not None: return self.manage_access(REQUEST)
manage_role = postonly(manage_role)
manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
management_view='Security',
help_topic='Security_Manage-Acquisition.stx',
help_product='OFSP')
@postonly
def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
"""Change the permissions that acquire.
"""
......@@ -163,13 +162,13 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
else: p.setRoles(tuple(roles))
if REQUEST is not None: return self.manage_access(REQUEST)
manage_acquiredPermissions = postonly(manage_acquiredPermissions)
manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
management_view='Security',
help_topic='Security_Manage-Permission.stx',
help_product='OFSP')
@postonly
def manage_permission(self, permission_to_manage,
roles=[], acquire=0, REQUEST=None):
"""Change the settings for the given permission.
......@@ -192,6 +191,7 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
raise ValueError, (
"The permission <em>%s</em> is invalid." %
escape(permission_to_manage))
manage_permission = postonly(manage_permission)
_normal_manage_access=DTMLFile('dtml/access', globals())
......@@ -206,7 +206,6 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
else:
return apply(self._normal_manage_access,(), kw)
@postonly
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen.
"""
......@@ -237,6 +236,7 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
title ='Success!',
message='Your changes have been saved',
action ='manage_access')
manage_changePermissions = postonly(manage_changePermissions)
def permissionsOfRole(self, role):
"""Used by management screen.
......@@ -354,7 +354,6 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
dict=self.__ac_local_roles__ or {}
return tuple(dict.get(userid, []))
@postonly
def manage_addLocalRoles(self, userid, roles, REQUEST=None):
"""Set local roles for a user."""
if not roles:
......@@ -371,8 +370,8 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
if REQUEST is not None:
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
manage_addLocalRoles = postonly(manage_addLocalRoles)
@postonly
def manage_setLocalRoles(self, userid, roles, REQUEST=None):
"""Set local roles for a user."""
if not roles:
......@@ -385,8 +384,8 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
if REQUEST is not None:
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
manage_setLocalRoles = postonly(manage_setLocalRoles)
@postonly
def manage_delLocalRoles(self, userids, REQUEST=None):
"""Remove all local roles for a user."""
dict=self.__ac_local_roles__
......@@ -399,6 +398,7 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
if REQUEST is not None:
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
manage_delLocalRoles = postonly(manage_delLocalRoles)
#------------------------------------------------------------
......@@ -477,7 +477,6 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
return self.manage_access(REQUEST)
@postonly
def _addRole(self, role, REQUEST=None):
if not role:
return MessageDialog(
......@@ -494,8 +493,8 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
self.__ac_roles__=tuple(data)
if REQUEST is not None:
return self.manage_access(REQUEST)
_addRole = postonly(_addRole)
@postonly
def _delRoles(self, roles, REQUEST=None):
if not roles:
return MessageDialog(
......@@ -509,6 +508,7 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
self.__ac_roles__=tuple(data)
if REQUEST is not None:
return self.manage_access(REQUEST)
_delRoles = postonly(_delRoles)
def _has_user_defined_role(self, role):
return role in self.__ac_roles__
......
lib/python/AccessControl/User.py
View file @ d8573ace
......@@ -528,7 +528,6 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
# Authors of custom user folders don't need to do anything special to
# support these - they will just call the appropriate '_' methods that
# user folder subclasses already implement.
@postonly
def userFolderAddUser(self, name, password, roles, domains,
REQUEST=None, **kw):
"""API method for creating a new user object. Note that not all
......@@ -537,8 +536,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if hasattr(self, '_doAddUser'):
return self._doAddUser(name, password, roles, domains, **kw)
raise NotImplementedError
userFolderAddUser = postonly(userFolderAddUser)
@postonly
def userFolderEditUser(self, name, password, roles, domains,
REQUEST=None, **kw):
"""API method for changing user object attributes. Note that not
......@@ -547,14 +546,15 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if hasattr(self, '_doChangeUser'):
return self._doChangeUser(name, password, roles, domains, **kw)
raise NotImplementedError
userFolderEditUser = postonly(userFolderEditUser)
@postonly
def userFolderDelUsers(self, names, REQUEST=None):
"""API method for deleting one or more user objects. Note that not
all user folder implementations support deletion of user objects."""
if hasattr(self, '_doDelUsers'):
return self._doDelUsers(names)
raise NotImplementedError
userFolderDelUsers = postonly(userFolderDelUsers)
# -----------------------------------
......@@ -791,7 +791,6 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
self, REQUEST, manage_tabs_message=manage_tabs_message,
management_view='Properties')
@postonly
def manage_setUserFolderProperties(self, encrypt_passwords=0,
update_passwords=0,
maxlistusers=DEFAULTMAXLISTUSERS,
......@@ -826,6 +825,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if REQUEST is not None:
return self.manage_userFolderProperties(
REQUEST, manage_tabs_message='Saved changes.')
manage_setUserFolderProperties = postonly(manage_setUserFolderProperties)
def _isPasswordEncrypted(self, pw):
return AuthEncoding.is_encrypted(pw)
......@@ -846,7 +846,6 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
return 1
@postonly
def _addUser(self,name,password,confirm,roles,domains,REQUEST=None):
if not name:
return MessageDialog(
......@@ -881,8 +880,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
action ='manage_main')
self._doAddUser(name, password, roles, domains)
if REQUEST: return self._mainUser(self, REQUEST)
_addUser = postonly(_addUser)
@postonly
def _changeUser(self,name,password,confirm,roles,domains,REQUEST=None):
if password == 'password' and confirm == 'pconfirm':
# Protocol for editUser.dtml to indicate unchanged password
......@@ -919,8 +918,8 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
action ='manage_main')
self._doChangeUser(name, password, roles, domains)
if REQUEST: return self._mainUser(self, REQUEST)
_changeUser = postonly(_changeUser)
@postonly
def _delUsers(self,names,REQUEST=None):
if not names:
return MessageDialog(
......@@ -929,6 +928,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
action ='manage_main')
self._doDelUsers(names)
if REQUEST: return self._mainUser(self, REQUEST)
_delUsers = postonly(_delUsers)
def manage_users(self,submit=None,REQUEST=None,RESPONSE=None):
"""This method handles operations on users for the web based forms
......
lib/python/AccessControl/requestmethod.txt
View file @ d8573ace
......@@ -12,9 +12,9 @@ To limit access to a function or method to POST requests, use the postonly
decorator::
>>> from AccessControl.requestmethod import *
>>> @postonly
... def foo(bar, REQUEST):
>>> def foo(bar, REQUEST):
... return bar
>>> foo = postonly(foo)
When this method is accessed through a request that does not use POST, the
Forbidden exception will be raised::
......@@ -31,9 +31,9 @@ Only when the request was made using POST, will the call succeed::
It doesn't matter if REQUEST is a positional or a keyword parameter::
>>> @postonly
... def foo(bar, REQUEST=None):
>>> def foo(bar, REQUEST=None):
... return bar
>>> foo = postonly(foo)
>>> foo('spam', REQUEST=GET)
Traceback (most recent call last):
...
......@@ -47,9 +47,9 @@ It doesn't matter if REQUEST is a positional or a keyword parameter::
Note that the REQUEST parameter is a requirement for the decorator to operate,
not including it in the callable signature results in an error::
>>> @postonly
... def foo(bar):
>>> def foo(bar):
... return bar
>>> foo = postonly(foo)
Traceback (most recent call last):
...
ValueError: No REQUEST parameter in callable signature
......@@ -60,9 +60,9 @@ original closely, and keyword parameter defaults must be preserved::
>>> import inspect
>>> mutabledefault = dict()
>>> @postonly
... def foo(bar, baz=mutabledefault, REQUEST=None, **kw):
>>> def foo(bar, baz=mutabledefault, REQUEST=None, **kw):
... return bar, baz is mutabledefault, REQUEST
>>> foo = postonly(foo)
>>> inspect.getargspec(foo)[:3]
(['bar', 'baz', 'REQUEST'], None, 'kw')
>>> foo('spam')
......
lib/python/AccessControl/tests/test_requestmethod.py deleted 100644 → 0
View file @ bf9432a5
#############################################################################
#
# Copyright (c) 2007 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
from ZPublisher.HTTPRequest import HTTPRequest
def makerequest(method):
environ = dict(SERVER_NAME='foo', SERVER_PORT='80', REQUEST_METHOD=method)
return HTTPRequest(None, environ, None)
def test_suite():
from doctest import DocFileSuite
return DocFileSuite('../requestmethod.txt',
globs=dict(GET=makerequest('GET'),
POST=makerequest('POST')))
if __name__ == '__main__':
import unittest
unittest.main(defaultTest='test_suite')
lib/python/OFS/DTMLMethod.py
View file @ d8573ace
......@@ -316,7 +316,6 @@ class DTMLMethod(RestrictedDTML, HTML, Acquisition.Implicit, RoleManager,
'do not have proxy roles.\n<!--%s, %s-->' % (self.__name__, u, roles))
@postonly
def manage_proxy(self, roles=(), REQUEST=None):
"Change Proxy Roles"
self._validateProxy(REQUEST, roles)
......@@ -326,6 +325,7 @@ class DTMLMethod(RestrictedDTML, HTML, Acquisition.Implicit, RoleManager,
if REQUEST:
message="Saved changes."
return self.manage_proxyForm(self,REQUEST,manage_tabs_message=message)
manage_proxy = postonly(manage_proxy)
def PrincipiaSearchSource(self):
"Support for searching - the document's contents are searched."
......
lib/python/Products/PythonScripts/PythonScript.py
View file @ d8573ace
......@@ -350,7 +350,6 @@ class PythonScript(Script, Historical, Cacheable):
'manage_proxyForm', 'manage_proxy')
manage_proxyForm = DTMLFile('www/pyScriptProxy', globals())
@postonly
def manage_proxy(self, roles=(), REQUEST=None):
"Change Proxy Roles"
self._validateProxy(roles)
......@@ -361,6 +360,7 @@ class PythonScript(Script, Historical, Cacheable):
title ='Success!',
message='Your changes have been saved',
action ='manage_main')
manage_proxy = postonly(manage_proxy)
security.declareProtected('Change Python Scripts',
'PUT', 'manage_FTPput', 'write',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7