Commit c29f5cda authored by Vincent Pelletier's avatar Vincent Pelletier

Allow restricted python to use HBTreeFolder2 iterators.

parent 55ad3274
...@@ -33,6 +33,7 @@ from AccessControl import getSecurityManager, ClassSecurityInfo ...@@ -33,6 +33,7 @@ from AccessControl import getSecurityManager, ClassSecurityInfo
from AccessControl.Permissions import access_contents_information, \ from AccessControl.Permissions import access_contents_information, \
view_management_screens view_management_screens
from zLOG import LOG, INFO, ERROR, WARNING from zLOG import LOG, INFO, ERROR, WARNING
from AccessControl.SimpleObjectPolicies import ContainerAssertions
manage_addHBTreeFolder2Form = DTMLFile('folderAdd', globals()) manage_addHBTreeFolder2Form = DTMLFile('folderAdd', globals())
...@@ -109,6 +110,7 @@ class HBTreeObjectIds(object): ...@@ -109,6 +110,7 @@ class HBTreeObjectIds(object):
except StopIteration: except StopIteration:
del self._index, self._ikeys del self._index, self._ikeys
raise IndexError raise IndexError
ContainerAssertions[HBTreeObjectIds] = 1
class HBTreeObjectItems(HBTreeObjectIds): class HBTreeObjectItems(HBTreeObjectIds):
...@@ -119,6 +121,7 @@ class HBTreeObjectItems(HBTreeObjectIds): ...@@ -119,6 +121,7 @@ class HBTreeObjectItems(HBTreeObjectIds):
def __getitem__(self, item): def __getitem__(self, item):
object_id = HBTreeObjectIds.__getitem__(self, item) object_id = HBTreeObjectIds.__getitem__(self, item)
return object_id, self._tree._getOb(object_id) return object_id, self._tree._getOb(object_id)
ContainerAssertions[HBTreeObjectItems] = 1
class HBTreeObjectValues(HBTreeObjectIds): class HBTreeObjectValues(HBTreeObjectIds):
...@@ -128,6 +131,7 @@ class HBTreeObjectValues(HBTreeObjectIds): ...@@ -128,6 +131,7 @@ class HBTreeObjectValues(HBTreeObjectIds):
def __getitem__(self, item): def __getitem__(self, item):
return self._tree._getOb(HBTreeObjectIds.__getitem__(self, item)) return self._tree._getOb(HBTreeObjectIds.__getitem__(self, item))
ContainerAssertions[HBTreeObjectValues] = 1
class HBTreeFolder2Base (Persistent): class HBTreeFolder2Base (Persistent):
......
...@@ -26,6 +26,7 @@ import timeit ...@@ -26,6 +26,7 @@ import timeit
from textwrap import dedent from textwrap import dedent
from Products.ERP5Type.tests.backportUnittest import expectedFailure from Products.ERP5Type.tests.backportUnittest import expectedFailure
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.PythonScripts.PythonScript import PythonScript
class HBTreeFolder2Tests(ERP5TypeTestCase): class HBTreeFolder2Tests(ERP5TypeTestCase):
...@@ -222,6 +223,44 @@ class HBTreeFolder2Tests(ERP5TypeTestCase): ...@@ -222,6 +223,44 @@ class HBTreeFolder2Tests(ERP5TypeTestCase):
id_list.remove(i) id_list.remove(i)
h._delOb(i) h._delOb(i)
def testRestrictedIteration(self):
"""
Check content iterators can be used by restricted python code.
"""
# To let restricted python access methods on folder
marker = object()
saved_class_attributes = {}
for method_id in ('objectIds', 'objectValues', 'objectItems'):
roles_id = method_id + '__roles__'
saved_class_attributes[roles_id] = getattr(HBTreeFolder2, roles_id,
marker)
setattr(HBTreeFolder2, roles_id, None)
try:
h = HBTreeFolder2()
# whatever value, as long as it has an __of__
h._setOb('foo', HBTreeFolder2())
script = PythonScript('script')
script.ZPythonScript_edit('h', dedent("""
for dummy in h.objectIds():
pass
for dummy in h.objectValues():
pass
for dummy in h.objectItems():
pass
"""))
class DummyRequest(object):
# To make Shared.DC.Scripts.Bindings.Bindings._getTraverseSubpath
# happy
other = {}
script.REQUEST = DummyRequest
script(h)
finally:
for roles_id, orig in saved_class_attributes.iteritems():
if orig is marker:
delattr(HBTreeFolder2, roles_id)
else:
setattr(HBTreeFolder2, roles_id, orig)
@expectedFailure @expectedFailure
def _testPerformanceInDepth(self): def _testPerformanceInDepth(self):
""" """
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment