def _setupSecurity(self, policy=None): from AccessControl import SecurityManager from AccessControl.SecurityManagement import noSecurityManager if policy is None: policy = self.oldPolicy noSecurityManager() SecurityManager.setSecurityPolicy(policy)
def testModRDN(self): acl = self.folder.acl_users ae = self.assertEqual for role in ug("user_roles"): acl.manage_addGroup(role) acl.manage_addGroupMapping(role, role) msg = acl.manage_addUser(REQUEST=None, kwargs=manager_user) self.assert_(not msg) mgr_ob = acl.getUser(manager_user.get(acl.getProperty("_login_attr"))) self.assertNotEqual(mgr_ob, None) newSecurityManager({}, mgr_ob) msg = acl.manage_addUser(REQUEST=None, kwargs=user) self.assert_(not msg) user_ob = acl.getUser(ug(acl.getProperty("_login_attr"))) self.assertNotEqual(user_ob, None) user_dn = user_ob.getUserDN() msg = acl.manage_editUser(user_dn, kwargs={"cn": "new"}) user_ob = acl.getUser("new") ae(user_ob.getProperty("cn"), "new") ae(user_ob.getId(), "new") new_dn = "cn=new,%s" % acl.getProperty("users_base") ae(user_ob.getUserDN(), new_dn) for role in ug("user_roles"): self.assert_(role in user_ob.getRoles()) for role in acl.getProperty("_roles"): self.assert_(role in user_ob.getRoles()) noSecurityManager()
def testSwitchONModeration(self): addUsers(self) self.discussion = self.portal.portal_discussion self.request.form['enable_anonymous_commenting'] = 'True' self.request.form['enable_moderation'] = 'True' self.portal.prefs_comments_setup() # Create talkback for document and Add comment to my_doc self.discussion.getDiscussionFor(self.my_doc) self.my_doc.discussion_reply('Reply 1', 'text of reply') # Check moderating discussion # MUST ALLOW for: members of 'DiscussionMnagers' group # MUST REFUSE for: NOT members of 'DiscussionMnagers' group getReplies = self.discussion.getDiscussionFor(self.my_doc).getReplies for u in DM_USERS_IDS: self.logout() self.login(u) self.failUnless(getReplies(), "None discussion item added or " "discussion forbiden for %s user" % u) for u in COMMON_USERS_IDS: self.logout() if not u == 'anonym': self.login(u) noSecurityManager() self.failIf(getReplies(), "Viewing discussion item allow for " "Anonymous user")
def deploy_object(self, obj, context, request, section): """ run a deploy just on one object """ # get content for Anonymous users, not authenticated noSecurityManager() # assigning values self.context = context self.request = request self.section = section self._read_config(section) self._apply_request_modifications() # we want only objects available for anonyous users if not self._available_for_anonymous(obj): return # check if object is a normal page is_page = obj.meta_type in self.page_types try: self._deploy_content(obj, is_page=is_page) except: log.error("error exporting object: %s\n%s" % ("/".join(obj.getPhysicalPath()), traceback.format_exc())) ## find and run additional deployment steps self._applay_extra_deployment_steps(None)
def setupMountFolder(app, quiet=0): transaction.begin() _start = time.time() portal = app.portal if not quiet: ZopeTestCase._print('Installing MountFolder ... ') # login as manager user = app.acl_users.getUserById(portal_owner).__of__(app.acl_users) newSecurityManager(None, user) # add MountFolder if hasattr(aq_base(portal), 'portal_mountfolder'): ZopeTestCase._print('MountFolder already installed ... ') else: installMountFolder(portal) # Initialized MountPoint manage_addMounts(app, (mountfolder_path,)) transaction.commit() # Create portal member portal.portal_registration.addMember(portal_member, 'azerty', ['Member']) portal.portal_registration.addMember(portal_member2, 'azerty', ['Member']) # Log out noSecurityManager() transaction.commit() if not quiet: ZopeTestCase._print('done (%.3fs)\n' % (time.time()-_start,))
def tearDown(self): noSecurityManager() app = self.app if hasattr(app, 'testroot'): app._delObject('testroot') get_transaction().abort() self.app._p_jar.close()
def setUp(self): self.folder = f = Folder() f.laf = AqPageTemplate() f.t = AqPageTemplate() self.policy = UnitTestSecurityPolicy() self.oldPolicy = SecurityManager.setSecurityPolicy( self.policy ) noSecurityManager() # Use the new policy.
def getNodeText(self, jid, node): app = Zope2.app() text = '' try: portal = app.unrestrictedTraverse(self.portal_id, None) if portal is None: raise DSCException( 'Portal with id %s not found' % self.portal_id) setSite(portal) acl_users = getToolByName(portal, 'acl_users') user_id = unescapeNode(JID(jid).user) user = acl_users.getUserById(user_id) if user is None: raise DSCException( 'Invalid user %s' % user_id) newSecurityManager(None, user) ct = getToolByName(portal, 'portal_catalog') uid, html_id = node.split('#') item = ct.unrestrictedSearchResults(UID=uid) if not item: raise DSCException( 'Content with UID %s not found' % uid) item = ICollaborativelyEditable(item[0].getObject()) text = item.getNodeTextFromHtmlID(html_id) finally: noSecurityManager() setSite(None) return text
def tearDown(self): self.app.REQUEST.close() noSecurityManager() transaction.abort() self.app._p_jar.close() Skinnable.SKINDATA = self._oldSkindata self._free_warning_output()
def testBoboTraverseToMethod(self): # Verify it's possible to use __bobo_traverse__ to a method. noSecurityManager() SecurityManager.setSecurityPolicy( self.oldPolicy ) bb = BoboTraversable() self.failUnless( bb.restrictedTraverse('bb_method') is not bb.bb_method)
def test_example1(self): # login noSecurityManager() self.app.aq_chain[-1].id = 'testing' newSecurityManager( None, SimpleUser('Test User','',('Manager',),[]).__of__(self.app) ) try: # setup self.r.form['file']=self.makeFileUpload(diskname='example1.mt') self.app.manage_addProduct['MailTemplates'].addMailTemplate( id='my_mt', mailhost='MailHost', REQUEST=self.r ) self.r.form['file']=self.makeFileUpload(diskname='example1.py') self.app.manage_addProduct['PythonScripts'].manage_addPythonScript( id='test_mt', REQUEST=self.r ) # set expected self.MailHost.setExpected(mfrom='*****@*****.**', mto=('*****@*****.**',), filename='example1.txt') # test self.assertEqual(self.app.test_mt(),'Mail Sent!') self.MailHost.checkSent() finally: # logout noSecurityManager() newSecurityManager( None, SystemUser )
def testDefaultValueWhenNotFound(self): # Test that traversing to a non-existent object returns # the default when provided noSecurityManager() SecurityManager.setSecurityPolicy( self.oldPolicy ) self.assertEqual( self.root.restrictedTraverse('happy/happy', 'joy'), 'joy')
def _install_zope(self, db): """Install a fresh Zope inside the new test DB. Eventually install an application afterwards. """ # Create the "application" newSecurityManager(None, AccessControl.User.system) connection = db.open() root = connection.root() root['Application'] = OFS.Application.Application() app = root['Application'] # Do a savepoint to get a _p_jar on the application transaction.savepoint() # Initialize the "application" try: TestAppInitializer( app, self.products, self.packages, self.users).initialize() self._install_application(makerequest( app, environ={'SERVER_NAME': 'localhost'})) except Exception as error: # There was an error during the application 'setUp'. Abort # the transaction and continue, otherwise test in other # layers might fail because of this failure. transaction.abort() raise error else: # Close transaction.commit() finally: # In any case, close the connection and continue connection.close() noSecurityManager()
def __call__(self): celery = getCelery() if celery.conf.task_always_eager: self.eager = True # dive out of setup, this is not run in a celery task runner self.app = getApp() return self._run() self.app = makerequest(getApp()) self.app.REQUEST['PARENTS'] = [self.app] setRequest(self.app.REQUEST) transaction.begin() try: try: result = self._run() # commit transaction transaction.commit() return result except ConflictError as e: # On ZODB conflicts, retry using celery's mechanism transaction.abort() raise Retry(exc=e) except Exception: logger.warn('Error running task: %s' % traceback.format_exc()) transaction.abort() raise finally: noSecurityManager() setSite(None) self.app._p_jar.close() clearRequest()
def setNodeText(self, jid, node, text): transaction.begin() app = Zope2.app() try: try: portal = app.unrestrictedTraverse(self.portal_id, None) if portal is None: raise DSCException( 'Portal with id %s not found' % self.portal_id) setSite(portal) acl_users = getToolByName(portal, 'acl_users') user_id = JID(jid).user user = acl_users.getUserById(user_id) if user is None: raise DSCException( 'Invalid user %s' % user_id) newSecurityManager(None, user) ct = getToolByName(portal, 'portal_catalog') uid, html_id = node.split('#') item = ct.unrestrictedSearchResults(UID=uid) if not item: raise DSCException( 'Content with UID %s not found' % uid) item = ICollaborativelyEditable(item[0].getObject()) item.setNodeTextFromHtmlID(html_id, text) transaction.commit() except: transaction.abort() raise finally: noSecurityManager() setSite(None) app._p_jar.close() return text
def _authorizeUser( self , user , accessed , container , name , value , roles=_noroles ): """ -> boolean (whether user has roles). o Add the user to the SM's stack, if successful. o Return """ user = aq_base( user ).__of__( self ) newSecurityManager( None, user ) security = getSecurityManager() try: try: if security.validate( accessed , container , name , value , roles ): return 1 except: noSecurityManager() raise except Unauthorized: pass return 0
def test_getSingleCategoryAcquiredMembershipList(self): pc = self.getCategoriesTool() obj = self.portal.person_module.newContent(portal_type='Person') region_url = self.region1 obj.setRegion(region_url) self.assertEquals([region_url], pc.getSingleCategoryMembershipList(obj, 'region')) self.assertEquals([region_url], pc.getSingleCategoryMembershipList(obj, 'region', portal_type='Category')) self.assertEquals([], pc.getSingleCategoryMembershipList(obj, 'region', portal_type='Organisation')) self.assertEquals(['region/%s' % region_url], pc.getSingleCategoryMembershipList(obj, 'region', base=1)) self.assertEquals([region_url], pc.getSingleCategoryMembershipList(obj, 'region', checked_permission='View')) noSecurityManager() self.assertEquals([], pc.getSingleCategoryMembershipList(obj, 'region', checked_permission='Manage portal'))
def testModRDN(self): acl = self.folder.acl_users ae = self.assertEqual for role in ug('user_roles'): acl.manage_addGroup(role) acl.manage_addGroupMapping(role, role) msg = acl.manage_addUser(REQUEST=None, kwargs=manager_user) self.assert_(not msg) mgr_ob = acl.getUser(manager_user.get(acl.getProperty('_login_attr'))) self.assertNotEqual(mgr_ob, None) newSecurityManager({}, mgr_ob) msg = acl.manage_addUser(REQUEST=None, kwargs=user) self.assert_(not msg) user_ob = acl.getUser(ug(acl.getProperty('_login_attr'))) self.assertNotEqual(user_ob, None) user_dn = user_ob.getUserDN() msg = acl.manage_editUser(user_dn, kwargs={'cn' : 'new'}) user_ob = acl.getUser('new') ae(user_ob.getProperty('cn'), 'new') ae(user_ob.getId(), 'new') new_dn = 'cn=new,%s' % acl.getProperty('users_base') ae(user_ob.getUserDN(), new_dn) for role in ug('user_roles'): self.assert_(role in user_ob.getRoles()) for role in acl.getProperty('_roles'): self.assert_(role in user_ob.getRoles()) noSecurityManager()
def publish_view(view, environ={}, user=None): from ZPublisher.WSGIPublisher import publish from AccessControl.SecurityManagement import noSecurityManager name = view.__name__ new_environ = { 'PATH_INFO': '/' + name, '_stdout': StringIO(), } new_environ.update(environ) root = create_fake_root() user = Mock() if not user else user root.__allow_groups__ = Mock(validate=Mock(return_value=user)) request = makerequest(root, new_environ['_stdout'], new_environ).REQUEST view.__doc__ = 'non-empty documentation' setattr(root, name, view) module_info = (Mock(), # before None, #after root, #object 'TESTING', #realm True, #debug_mode Mock(), #err_hook None, #validated_hook Mock()) #tm try: return publish(request, 'Zope2', Mock(return_value=module_info)) finally: noSecurityManager()
def testBoboTraverseToSimpleAttrValue(self): # Verify it's possible to use __bobo_traverse__ to a simple # python value noSecurityManager() SecurityManager.setSecurityPolicy( self.oldPolicy ) bb = BoboTraversable() self.assertEqual(bb.restrictedTraverse('bb_status'), 'screechy')
def tearDown(self): self.app.REQUEST.close() noSecurityManager() transaction.abort() self.app._p_jar.close() Skinnable.SKINDATA = self._oldSkindata cleanUp()
def setupPloneBooking(app, quiet=0): get_transaction().begin() _start = time.time() portal = app.portal if not quiet: ZopeTestCase._print('Installing PloneBooking ... ') # login as manager user = app.acl_users.getUserById(portal_owner).__of__(app.acl_users) newSecurityManager(None, user) # add PloneBooking if hasattr(aq_base(portal), 'portal_booking'): ZopeTestCase._print('PloneBooking already installed ... ') else: installPloneBooking(portal) # Create portal member portal.portal_registration.addMember(portal_member, 'azerty', ['Member']) portal.portal_registration.addMember(portal_member2, 'azerty', ['Member']) # Log out noSecurityManager() get_transaction().commit() if not quiet: ZopeTestCase._print('done (%.3fs)\n' % (time.time()-_start,))
def setUp(self): cleanUp() from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CompositePage.tests.test_tool import PermissiveSecurityPolicy self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy()) noSecurityManager()
def _executeAsUser(context_path, portal_path, uf_path, user_id, func, *args, **kwargs): """Reconstruct environment and execute func.""" transaction = Zope2.zpublisher_transactions_manager # Supports isDoomed transaction.begin() app = Zope2.app() result = None try: try: portal = app.unrestrictedTraverse(portal_path, None) if portal is None: raise BadRequest( 'Portal path %s not found' % '/'.join(portal_path)) setSite(portal) if uf_path: acl_users = app.unrestrictedTraverse(uf_path, None) if acl_users is None: raise BadRequest( 'Userfolder path %s not found' % '/'.join(uf_path)) user = acl_users.getUserById(user_id) if user is None: raise BadRequest('User %s not found' % user_id) newSecurityManager(None, user) context = portal.unrestrictedTraverse(context_path, None) if context is None: raise BadRequest( 'Context path %s not found' % '/'.join(context_path)) # Create a request to work with import sys from ZPublisher.HTTPResponse import HTTPResponse from ZPublisher.HTTPRequest import HTTPRequest response = HTTPResponse(stdout=sys.stdout) env = {'SERVER_NAME':'fake_server', 'SERVER_PORT':'80', 'REQUEST_METHOD':'GET'} request = HTTPRequest(sys.stdin, env, response) # Set values from original request original_request = kwargs.get('original_request') if original_request: for k,v in original_request.items(): request.set(k, v) context.REQUEST = request result = func(context, *args, **kwargs) del context.REQUEST #Avoid "can't pickle file objects" transaction.commit() except: transaction.abort() raise finally: noSecurityManager() setSite(None) app._p_jar.close() return result
def deploy(self, context, request, section, last_triggered=None): """ Deploy whole site as static content. """ # get content for Anonymous users, not authenticated noSecurityManager() # assigning values self.context = context self.request = request self.section = section self._read_config(section) self._apply_request_modifications() # when last deployment took place modification_date = self._parse_date(last_triggered) ## Deploy registry files if self.deploy_registry_files: self._deploy_registry_files('portal_css', 'styles', 'styles') self._deploy_registry_files('portal_javascripts', 'scripts', 'scripts') self._deploy_registry_files('portal_kss', 'kss', 'kineticstylesheets') # Deploy plone_skins files (if any) self._deploy_skinstool_files(self.skinstool_files) # Deploy additional files and pages self._deploy_views(self.additional_files, is_page=False) self._deploy_views(self.additional_pages, is_page=True) ## Deploy Plone Site if self.deploy_plonesite: self._deploy_site(self.context) ## Deploy folders and pages catalog = getToolByName(self.context, 'portal_catalog') brains = catalog(meta_type=self.page_types + self.file_types, modified={'query': [modification_date, ], 'range': 'min'}, effectiveRange = DateTime(), Language = 'all', ) for brain in brains: if not brain.review_state or brain.review_state in self.deployable_review_states: obj = brain.getObject() # we want only objects available for anonyous users if not self._available_for_anonymous(obj): continue # check extra deployment conditions if not self._extra_deployment_conditions_passed(obj, modification_date): continue # check if object is a normal page is_page = brain.meta_type in self.page_types self._deploy_content(obj, is_page=is_page) ## find and run additional deployment steps self._applay_extra_deployment_steps(modification_date) # update last triggered date info settings = IStaticDeployment(self.context) settings.last_triggered = unicode(DateTime().strftime('%Y/%m/%d %H:%M:%S'))
def tearDown(self): from AccessControl.SecurityManagement import noSecurityManager if self._finally is not None: self._finally() noSecurityManager() PlacelessSetup.tearDown(self)
def tearDown(self): from AccessControl.SecurityManagement import noSecurityManager if self._finally is not None: self._finally() noSecurityManager() cleanUp()
def testTraverseThroughBoboTraverse(self): # Verify it's possible to use __bobo_traverse__ with the # Zope security policy. noSecurityManager() SecurityManager.setSecurityPolicy( self.oldPolicy ) bb = BoboTraversable() self.failUnlessRaises(KeyError, bb.restrictedTraverse, 'notfound') bb.restrictedTraverse('bb_subitem')
def init_zasync(): noSecurityManager() initializer = component.queryUtility(IInitAsync) if initializer is not None: initializer.init() startup.noSecurityManager = noSecurityManager
def tearDown(self): from AccessControl.SecurityInfo import _moduleSecurity from AccessControl.SecurityInfo import _appliedModuleSecurity noSecurityManager() _moduleSecurity.clear() _moduleSecurity.update(self._ms_before) _appliedModuleSecurity.clear() _appliedModuleSecurity.update(self._ams_before)
def startup(): patch_persistent() global app # Import products OFS.Application.import_products() configuration = getConfiguration() # Open the database dbtab = configuration.dbtab try: # Try to use custom storage try: m = imp.find_module('custom_zodb', [configuration.testinghome]) except Exception: m = imp.find_module('custom_zodb', [configuration.instancehome]) except Exception: # if there is no custom_zodb, use the config file specified databases DB = dbtab.getDatabase('/', is_root=1) else: m = imp.load_module('Zope2.custom_zodb', m[0], m[1], m[2]) sys.modules['Zope2.custom_zodb'] = m # Get the database and join it to the dbtab multidatabase # FIXME: this uses internal datastructures of dbtab databases = getattr(dbtab, 'databases', {}) if hasattr(m, 'DB'): DB = m.DB databases.update(getattr(DB, 'databases', {})) DB.databases = databases else: DB = ZODB.DB(m.Storage, databases=databases) # Force a connection to every configured database, to ensure all of them # can indeed be opened. This avoids surprises during runtime when traversal # to some database mountpoint fails as the underlying storage cannot be # opened at all if dbtab is not None: for mount, name in dbtab.listMountPaths(): _db = dbtab.getDatabase(mount) _conn = _db.open() _conn.close() del _conn del _db notify(DatabaseOpened(DB)) Zope2.DB = DB Zope2.opened.append(DB) from . import ClassFactory DB.classFactory = ClassFactory.ClassFactory # "Log on" as system user newSecurityManager(None, AccessControl.User.system) # Set up the CA load_zcml() # Set up the "app" object that automagically opens # connections app = App.ZApplication.ZApplicationWrapper(DB, 'Application', OFS.Application.Application) Zope2.bobo_application = app # Initialize the app object application = app() OFS.Application.initialize(application) application._p_jar.close() # "Log off" as system user noSecurityManager() global startup_time startup_time = asctime() notify(DatabaseOpenedWithRoot(DB))
def tearDown(self): import transaction from AccessControl.SecurityManagement import noSecurityManager noSecurityManager() transaction.abort()
def tearDown(self): from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManager import setSecurityPolicy setSecurityPolicy(self.old_policy) noSecurityManager() cleanUp()
def tearDown(self): from AccessControl.SecurityManagement import noSecurityManager from zope.testing.cleanup import cleanUp cleanUp() noSecurityManager()
def tearDown(self): super(HTMLTests, self).tearDown() SecurityManager.setSecurityPolicy(self.oldPolicy) noSecurityManager() # Reset to old policy.
def tearDown(self): noSecurityManager()
def logout(self): '''Logs out.''' noSecurityManager()
def tearDown(self): noSecurityManager() transaction.abort() self.app._p_jar.close()
def startup(): from App.PersistentExtra import patchPersistent import Globals # to set / fetch data patchPersistent() global app # Import products OFS.Application.import_products() configuration = getConfiguration() # Open the database dbtab = configuration.dbtab try: # Try to use custom storage try: m = imp.find_module('custom_zodb', [configuration.testinghome]) except: m = imp.find_module('custom_zodb', [configuration.instancehome]) except Exception: # if there is no custom_zodb, use the config file specified databases DB = dbtab.getDatabase('/', is_root=1) else: m = imp.load_module('Zope2.custom_zodb', m[0], m[1], m[2]) sys.modules['Zope2.custom_zodb'] = m # Get the database and join it to the dbtab multidatabase # FIXME: this uses internal datastructures of dbtab databases = getattr(dbtab, 'databases', {}) if hasattr(m, 'DB'): DB = m.DB databases.update(getattr(DB, 'databases', {})) DB.databases = databases else: DB = ZODB.DB(m.Storage, databases=databases) notify(DatabaseOpened(DB)) Globals.BobobaseName = DB.getName() if DB.getActivityMonitor() is None: from ZODB.ActivityMonitor import ActivityMonitor DB.setActivityMonitor(ActivityMonitor()) Globals.DB = DB Zope2.DB = DB # Hook for providing multiple transaction object manager undo support: Globals.UndoManager = DB Globals.opened.append(DB) import ClassFactory DB.classFactory = ClassFactory.ClassFactory # "Log on" as system user newSecurityManager(None, AccessControl.User.system) # Set up the CA load_zcml() # Set up the "app" object that automagically opens # connections app = App.ZApplication.ZApplicationWrapper(DB, 'Application', OFS.Application.Application, ()) Zope2.bobo_application = app # Initialize the app object application = app() OFS.Application.initialize(application) if Globals.DevelopmentMode: # Set up auto-refresh. from App.RefreshFuncs import setupAutoRefresh setupAutoRefresh(application._p_jar) application._p_jar.close() # "Log off" as system user noSecurityManager() global startup_time startup_time = asctime() notify(DatabaseOpenedWithRoot(DB)) Zope2.zpublisher_transactions_manager = TransactionsManager() Zope2.zpublisher_exception_hook = zpublisher_exception_hook Zope2.zpublisher_validated_hook = validated_hook Zope2.__bobo_before__ = noSecurityManager
def tearDown(self): from AccessControl.SecurityManagement import noSecurityManager noSecurityManager()
def setUp(self): from AccessControl.SecurityManagement import noSecurityManager noSecurityManager()
def tearDown(self): noSecurityManager() RequestTest.tearDown(self)
mimetype = obj.getContentType() content = StringIO(str(fss_storage.get(f_tp, obj))) # Cleaning the storage fss_storage.unset(f_tp, obj) field.set(obj, content) field.setContentType(obj, mimetype) field.setFilename(obj, obj.id) log('Transaction commit and Data.fs synchronism.') transaction.commit() app._p_jar.sync() noSecurityManager() transaction.savepoint(1) log('Transaction commit and Data.fs synchronism.') transaction.commit() app._p_jar.sync() log('Completed at', datetime.now().isoformat()) if __name__ == '__main__': sys.excepthook = do_debugger main() else: pdb.set_trace()
def setUp(self): noSecurityManager()
def tearDown(self): self.req.close() noSecurityManager()
def tearDown(self): noSecurityManager() zope.component.testing.tearDown()
def tearDown(self): transaction.abort() ZopeTestCase.close(self.app) noSecurityManager() setSecurityPolicy(self._oldPolicy)
def tearDown(self): app = self.app if hasattr(app, 'testroot'): app._delObject('testroot') self.app._p_jar.close() noSecurityManager()
def test_isConstructionAllowed_wo_Security(self): from AccessControl.SecurityManagement import noSecurityManager noSecurityManager() self.assertFalse(self.ti.isConstructionAllowed(self.f))
def tearDown(self): ZCatalogBase.tearDown(self) noSecurityManager()
def immediateLogout(self): """ Log the current user out immediately. Used by logout.py so that we do not have to do a redirect to show the logged out status. """ noSecurityManager()
def _scrubSecurity(self): noSecurityManager() if self._old_policy is not None: SecurityManager.setSecurityPolicy(self._old_policy)
def tearDown( self ): noSecurityManager() getConfiguration().debug_mode = self.saved_cfg_debug_mode super(ObjectManagerTests, self).tearDown()
def tearDown(self): noSecurityManager() setSecurityPolicy(self._oldPolicy)
def tearDown(self): if self._oldSecurityPolicy is not None: setSecurityPolicy(self._oldSecurityPolicy) noSecurityManager()
def logout(self): noSecurityManager()
def tearDown( self ): transaction.abort() self.connection.close() noSecurityManager() setSecurityPolicy(self._oldPolicy)
def addOrder(self): """Add a new Order and return the order id. """ session = self.context.REQUEST.SESSION # check for cart cart_view = getMultiAdapter((self.context, self.context.REQUEST), name=u'cart_view') cart_data = cart_view.cart_items() # check for customer data customer_data = session.get(SESSION_ADDRESS_KEY, {}) if not customer_data: raise MissingCustomerInformation # check for shipping address shipping_data = session.get(SESSION_SHIPPING_KEY, {}) if not shipping_data: raise MissingShippingAddress # check for review data review_data = session.get(SESSION_REVIEW_KEY, {}) # The comment was previously in the customer data step. If we move it # to the customer data set we can avoid changing all templates. customer_data.update(review_data) # check for order confirmation if not session.get('order_confirmation', None): raise MissingOrderConfirmation # check for payment processor payment_processor_step_groups = getAdapters( (self.context, self.request, self), IPaymentProcessorStepGroup) selected_pp_step_group = self.shop_config.payment_processor_step_group for name, step_group_adapter in payment_processor_step_groups: if name == selected_pp_step_group: payment_processor_steps = step_group_adapter.steps if not len(payment_processor_steps) == 0 \ and not session.get('payment_processor_choice', None): raise MissingPaymentProcessor # change security context to owner user = self.context.getWrappedOwner() newSecurityManager(self.context.REQUEST, user) order_storage = self.order_storage order_id = order_storage.createOrder(status=ONLINE_PENDING_KEY, date=datetime.now(), customer_data=customer_data, shipping_data=shipping_data, total=cart_view.cart_total(), cart_data=cart_data) order_storage.flush() noSecurityManager() return order_id
def publish( request, module_name, after_list, debug=0, # Optimize: call_object=call_object, missing_name=missing_name, dont_publish_class=dont_publish_class, mapply=mapply, ): (bobo_before, bobo_after, object, realm, debug_mode, err_hook, validated_hook, transactions_manager) = get_module_info(module_name) parents = None response = None try: notify(pubevents.PubStart(request)) # TODO pass request here once BaseRequest implements IParticipation newInteraction() request.processInputs() request_get = request.get response = request.response # First check for "cancel" redirect: if request_get('SUBMIT', '').strip().lower() == 'cancel': cancel = request_get('CANCEL_ACTION', '') if cancel: # Relative URLs aren't part of the spec, but are accepted by # some browsers. for part, base in zip( urlparse(cancel)[:3], urlparse(request['BASE1'])[:3]): if not part: continue if not part.startswith(base): cancel = '' break if cancel: raise Redirect(cancel) after_list[0] = bobo_after if debug_mode: response.debug_mode = debug_mode if realm and not request.get('REMOTE_USER', None): response.realm = realm noSecurityManager() if bobo_before is not None: bobo_before() # Get the path list. # According to RFC1738 a trailing space in the path is valid. path = request_get('PATH_INFO') request['PARENTS'] = parents = [object] if transactions_manager: transactions_manager.begin() object = request.traverse(path, validated_hook=validated_hook) if IBrowserPage.providedBy(object): request.postProcessInputs() notify(pubevents.PubAfterTraversal(request)) if transactions_manager: recordMetaData(object, request) ok_exception = None try: result = mapply(object, request.args, request, call_object, 1, missing_name, dont_publish_class, request, bind=1) except (HTTPOk, HTTPRedirection) as exc: ok_exception = exc else: if result is not response: response.setBody(result) notify(pubevents.PubBeforeCommit(request)) if transactions_manager: transactions_manager.commit() notify(pubevents.PubSuccess(request)) endInteraction() if ok_exception: raise ok_exception return response except: # save in order to give 'PubFailure' the original exception info exc_info = sys.exc_info() # DM: provide nicer error message for FTP sm = None if response is not None: sm = getattr(response, "setMessage", None) if sm is not None: from asyncore import compact_traceback cl, val = sys.exc_info()[:2] sm('%s: %s %s' % (getattr(cl, '__name__', cl), val, debug_mode and compact_traceback()[-1] or '')) # debug is just used by tests (has nothing to do with debug_mode!) if not debug and err_hook is not None: retry = False if parents: parents = parents[0] try: try: return err_hook( parents, request, sys.exc_info()[0], sys.exc_info()[1], sys.exc_info()[2], ) except Retry: if not request.supports_retry(): return err_hook( parents, request, sys.exc_info()[0], sys.exc_info()[1], sys.exc_info()[2], ) retry = True finally: # Note: 'abort's can fail. # Nevertheless, we want end request handling. try: try: notify( pubevents.PubBeforeAbort(request, exc_info, retry)) finally: if transactions_manager: transactions_manager.abort() finally: endInteraction() notify(pubevents.PubFailure(request, exc_info, retry)) # Only reachable if Retry is raised and request supports retry. newrequest = request.retry() request.close() # Free resources held by the request. # Set the default layer/skin on the newly generated request if ISkinnable.providedBy(newrequest): setDefaultSkin(newrequest) try: return publish(newrequest, module_name, after_list, debug) finally: newrequest.close() else: # Note: 'abort's can fail. # Nevertheless, we want end request handling. try: try: notify(pubevents.PubBeforeAbort(request, exc_info, False)) finally: if transactions_manager: transactions_manager.abort() finally: endInteraction() notify(pubevents.PubFailure(request, exc_info, False)) raise
def logout(): noSecurityManager()