Ejemplos de guarded_getitem en Python

Ejemplo n.º 1

Archivo: test_formatter.py Proyecto: vedantc98/Plone-test

 def test_prevents_bad_string_formatting_key(self):
     from AccessControl.safe_formatter import SafeFormatter
     from AccessControl.ZopeGuards import guarded_getitem
     from persistent.list import PersistentList
     # Accessing basic Python types in a basic Python list is fine.
     foo = list(['bar'])
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo), 'bar')
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     # For basic Python types in a non-basic list, we guard the access.
     foo = PersistentList(foo)
     self.assertRaises(Unauthorized, guarded_getitem, foo, 0)
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[0]}').safe_format, foo)
     # though we could allow access if we want:
     foo.__allow_access_to_unprotected_subobjects__ = 1
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo), 'bar')
     # For non-basic items we want run checks too.
     folder = self._create_folder_with_mixed_contents()
     # We can get the public items just fine:
     self.assertEqual(
         SafeFormatter('{0[0]}').safe_format(folder), '<Item public1>')
     self.assertEqual(
         SafeFormatter('{0[2]}').safe_format(folder), '<Item public2>')
     # But not the private item:
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[1]}').safe_format, folder)

Ejemplo n.º 2

Archivo: test_safe_formatter.py Proyecto: zopefoundation/AccessControl

 def test_prevents_bad_string_formatting_key(self):
     from AccessControl.safe_formatter import SafeFormatter
     from AccessControl.ZopeGuards import guarded_getitem
     from persistent.list import PersistentList
     # Accessing basic Python types in a basic Python list is fine.
     foo = list(['bar'])
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo),
                      'bar')
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     # For basic Python types in a non-basic list, we guard the access.
     foo = PersistentList(foo)
     self.assertRaises(Unauthorized, guarded_getitem, foo, 0)
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[0]}').safe_format, foo)
     # though we could allow access if we want:
     foo.__allow_access_to_unprotected_subobjects__ = 1
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo),
                      'bar')
     # For non-basic items we want run checks too.
     folder = self._create_folder_with_mixed_contents()
     # We can get the public items just fine:
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(folder),
                      '<Item public1>')
     self.assertEqual(SafeFormatter('{0[2]}').safe_format(folder),
                      '<Item public2>')
     # But not the private item:
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[1]}').safe_format,
                       folder)

Ejemplo n.º 3

Archivo: Zope.py Proyecto: Andyvs/TrackMonthlyExpenses

    def __getitem__(self,index):
        data=self._data
        try: s=self._seq
        except AttributeError: return data[index]

        i=index
        if i < 0: i=len(self)+i
        if i < 0: raise IndexError, index

        ind=len(data)
        if i < ind: return data[i]
        ind=ind-1

        test=self._test
        e=self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try: v = guarded_getitem(s, e)
                except Unauthorized, vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized, msg, sys.exc_info()[2]
                    skip_this = 1
                else:
                    skip_this = 0

Ejemplo n.º 4

Archivo: Zope.py Proyecto: vedantc98/Plone-test

    def __getitem__(self, index):
        data = self._data
        try:
            s = self._seq
        except AttributeError:
            return data[index]

        i = index
        if i < 0: i = len(self) + i
        if i < 0: raise IndexError, index

        ind = len(data)
        if i < ind: return data[i]
        ind = ind - 1

        test = self._test
        e = self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try:
                    v = guarded_getitem(s, e)
                except Unauthorized, vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized, msg, sys.exc_info()[2]
                    skip_this = 1
                else:
                    skip_this = 0

Ejemplo n.º 5

Archivo: safe_formatter.py Proyecto: shubhamjain0594/AccessControl

    def get_field(self, field_name, args, kwargs):
        """Get the field value using guarded methods."""
        first, rest = formatter_field_name_split(field_name)

        obj = self.get_value(first, args, kwargs)

        # loop through the rest of the field_name, doing
        #  getattr or getitem as needed
        for is_attr, i in rest:
            if is_attr:
                obj = guarded_getattr(obj, i)
            else:
                obj = guarded_getitem(obj, i)

        return obj, first

Ejemplo n.º 6

Archivo: safe_formatter.py Proyecto: zopefoundation/AccessControl

    def get_field(self, field_name, args, kwargs):
        """Get the field value using guarded methods."""
        first, rest = formatter_field_name_split(field_name)

        obj = self.get_value(first, args, kwargs)

        # loop through the rest of the field_name, doing
        #  getattr or getitem as needed
        for is_attr, i in rest:
            if is_attr:
                obj = guarded_getattr(obj, i)
            else:
                obj = guarded_getitem(obj, i)

        return obj, first

Ejemplo n.º 7

Archivo: Zope.py Proyecto: cjwood032/Zope_Walkthrough

    def __getitem__(self, index):
        data = self._data
        try:
            s = self._seq
        except AttributeError:
            return data[index]

        i = index
        if i < 0:
            i = len(self) + i
        if i < 0:
            raise IndexError(index)

        ind = len(data)
        if i < ind:
            return data[i]
        ind = ind - 1

        test = self._test
        e = self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try:
                    v = guarded_getitem(s, e)
                except Unauthorized as vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized(msg)
                    skip_this = 1
                else:
                    skip_this = 0
            except IndexError:
                del self._test
                del self._seq
                del self._eindex
                raise IndexError(index)
            if skip_this:
                continue
            if skip and not getSecurityManager().checkPermission(skip, v):
                continue
            if test is None or test(v):
                data.append(v)
                ind = ind + 1
        self._eindex = e
        return data[i]

Ejemplo n.º 8

Archivo: Zope.py Proyecto: dhavlik/Zope

    def __getitem__(self, index):
        data = self._data
        try:
            s = self._seq
        except AttributeError:
            return data[index]

        i = index
        if i < 0:
            i = len(self) + i
        if i < 0:
            raise IndexError(index)

        ind = len(data)
        if i < ind:
            return data[i]
        ind = ind - 1

        test = self._test
        e = self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try:
                    v = guarded_getitem(s, e)
                except Unauthorized as vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized(msg)
                    skip_this = 1
                else:
                    skip_this = 0
            except IndexError:
                del self._test
                del self._seq
                del self._eindex
                raise IndexError(index)
            if skip_this:
                continue
            if skip and not getSecurityManager().checkPermission(skip, v):
                continue
            if test is None or test(v):
                data.append(v)
                ind = ind + 1
        self._eindex = e
        return data[i]

Ejemplo n.º 9

Archivo: security.py Proyecto: Daetalus/DocumentTemplate

 def guarded_getitem(self, ob, index):
     return guarded_getitem(ob, index)

Ejemplo n.º 10

Archivo: security.py Proyecto: zopefoundation/DocumentTemplate

 def guarded_getitem(self, ob, index):
     return guarded_getitem(ob, index)