Commit dd905838 authored by Jérome Perrin's avatar Jérome Perrin Committed by Arnaud Fontaine

patches/Restricted: fix access check for type

On python2, attributes of new style classes (classes, not instances)
were not properly validated. On python3, attributes of classes were not.
parent 15aabfb2
...@@ -124,8 +124,14 @@ class TypeAccessChecker: ...@@ -124,8 +124,14 @@ class TypeAccessChecker:
as "a method which returing a method" because we can not know what is the as "a method which returing a method" because we can not know what is the
type until it is actually called. So the three ways are simulated the type until it is actually called. So the three ways are simulated the
function returned by this method. function returned by this method.
We don't return a simple function, but a class instance with a __bool__ method
to accomodate the two cases where this is called by SecurityManager.validate when
checking access on the class (then only the bool is used) or by guarded_getattr
when checking access on the instance (the __call__ is used).
""" """
def factory(inst, name): class _AccessChecker:
def __call__(self, inst, name):
""" """
Check function used with ContainerAssertions checked by cAccessControl. Check function used with ContainerAssertions checked by cAccessControl.
""" """
...@@ -143,7 +149,12 @@ class TypeAccessChecker: ...@@ -143,7 +149,12 @@ class TypeAccessChecker:
# fallback to default security # fallback to default security
aq_acquire(inst, name, aq_validate, getSecurityManager().validate) aq_acquire(inst, name, aq_validate, getSecurityManager().validate)
return v return v
return factory
def __bool__(self):
return False
__nonzero__ = __bool__ # six.PY2
return _AccessChecker()
def __bool__(self): def __bool__(self):
# If Containers(type(x)) is true, ZopeGuard checks will short circuit, # If Containers(type(x)) is true, ZopeGuard checks will short circuit,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment