def _setupSecurity(self, policy=None):
from AccessControl import SecurityManager
from AccessControl.SecurityManagement import noSecurityManager
if policy is None:
policy = self.oldPolicy
noSecurityManager()
SecurityManager.setSecurityPolicy(policy)
def testModRDN(self):
acl = self.folder.acl_users
ae = self.assertEqual
for role in ug("user_roles"):
acl.manage_addGroup(role)
acl.manage_addGroupMapping(role, role)
msg = acl.manage_addUser(REQUEST=None, kwargs=manager_user)
self.assert_(not msg)
mgr_ob = acl.getUser(manager_user.get(acl.getProperty("_login_attr")))
self.assertNotEqual(mgr_ob, None)
newSecurityManager({}, mgr_ob)
msg = acl.manage_addUser(REQUEST=None, kwargs=user)
self.assert_(not msg)
user_ob = acl.getUser(ug(acl.getProperty("_login_attr")))
self.assertNotEqual(user_ob, None)
user_dn = user_ob.getUserDN()
msg = acl.manage_editUser(user_dn, kwargs={"cn": "new"})
user_ob = acl.getUser("new")
ae(user_ob.getProperty("cn"), "new")
ae(user_ob.getId(), "new")
new_dn = "cn=new,%s" % acl.getProperty("users_base")
ae(user_ob.getUserDN(), new_dn)
for role in ug("user_roles"):
self.assert_(role in user_ob.getRoles())
for role in acl.getProperty("_roles"):
self.assert_(role in user_ob.getRoles())
noSecurityManager()
def testSwitchONModeration(self):
addUsers(self)
self.discussion = self.portal.portal_discussion
self.request.form['enable_anonymous_commenting'] = 'True'
self.request.form['enable_moderation'] = 'True'
self.portal.prefs_comments_setup()
# Create talkback for document and Add comment to my_doc
self.discussion.getDiscussionFor(self.my_doc)
self.my_doc.discussion_reply('Reply 1', 'text of reply')
# Check moderating discussion
# MUST ALLOW for: members of 'DiscussionMnagers' group
# MUST REFUSE for: NOT members of 'DiscussionMnagers' group
getReplies = self.discussion.getDiscussionFor(self.my_doc).getReplies
for u in DM_USERS_IDS:
self.logout()
self.login(u)
self.failUnless(getReplies(), "None discussion item added or "
"discussion forbiden for %s user" % u)
for u in COMMON_USERS_IDS:
self.logout()
if not u == 'anonym':
self.login(u)
noSecurityManager()
self.failIf(getReplies(), "Viewing discussion item allow for "
"Anonymous user")
def deploy_object(self, obj, context, request, section):
"""
run a deploy just on one object
"""
# get content for Anonymous users, not authenticated
noSecurityManager()
# assigning values
self.context = context
self.request = request
self.section = section
self._read_config(section)
self._apply_request_modifications()
# we want only objects available for anonyous users
if not self._available_for_anonymous(obj):
return
# check if object is a normal page
is_page = obj.meta_type in self.page_types
try:
self._deploy_content(obj, is_page=is_page)
except:
log.error("error exporting object: %s\n%s" % ("/".join(obj.getPhysicalPath()), traceback.format_exc()))
## find and run additional deployment steps
self._applay_extra_deployment_steps(None)
def setupMountFolder(app, quiet=0):
transaction.begin()
_start = time.time()
portal = app.portal
if not quiet: ZopeTestCase._print('Installing MountFolder ... ')
# login as manager
user = app.acl_users.getUserById(portal_owner).__of__(app.acl_users)
newSecurityManager(None, user)
# add MountFolder
if hasattr(aq_base(portal), 'portal_mountfolder'):
ZopeTestCase._print('MountFolder already installed ... ')
else:
installMountFolder(portal)
# Initialized MountPoint
manage_addMounts(app, (mountfolder_path,))
transaction.commit()
# Create portal member
portal.portal_registration.addMember(portal_member, 'azerty', ['Member'])
portal.portal_registration.addMember(portal_member2, 'azerty', ['Member'])
# Log out
noSecurityManager()
transaction.commit()
if not quiet: ZopeTestCase._print('done (%.3fs)\n' % (time.time()-_start,))
def tearDown(self):
noSecurityManager()
app = self.app
if hasattr(app, 'testroot'):
app._delObject('testroot')
get_transaction().abort()
self.app._p_jar.close()
def setUp(self):
self.folder = f = Folder()
f.laf = AqPageTemplate()
f.t = AqPageTemplate()
self.policy = UnitTestSecurityPolicy()
self.oldPolicy = SecurityManager.setSecurityPolicy( self.policy )
noSecurityManager() # Use the new policy.
def getNodeText(self, jid, node):
app = Zope2.app()
text = ''
try:
portal = app.unrestrictedTraverse(self.portal_id, None)
if portal is None:
raise DSCException(
'Portal with id %s not found' % self.portal_id)
setSite(portal)
acl_users = getToolByName(portal, 'acl_users')
user_id = unescapeNode(JID(jid).user)
user = acl_users.getUserById(user_id)
if user is None:
raise DSCException(
'Invalid user %s' % user_id)
newSecurityManager(None, user)
ct = getToolByName(portal, 'portal_catalog')
uid, html_id = node.split('#')
item = ct.unrestrictedSearchResults(UID=uid)
if not item:
raise DSCException(
'Content with UID %s not found' % uid)
item = ICollaborativelyEditable(item[0].getObject())
text = item.getNodeTextFromHtmlID(html_id)
finally:
noSecurityManager()
setSite(None)
return text
def tearDown(self):
self.app.REQUEST.close()
noSecurityManager()
transaction.abort()
self.app._p_jar.close()
Skinnable.SKINDATA = self._oldSkindata
self._free_warning_output()
def testBoboTraverseToMethod(self):
# Verify it's possible to use __bobo_traverse__ to a method.
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversable()
self.failUnless(
bb.restrictedTraverse('bb_method') is not bb.bb_method)
def test_example1(self):
# login
noSecurityManager()
self.app.aq_chain[-1].id = 'testing'
newSecurityManager(
None,
SimpleUser('Test User','',('Manager',),[]).__of__(self.app)
)
try:
# setup
self.r.form['file']=self.makeFileUpload(diskname='example1.mt')
self.app.manage_addProduct['MailTemplates'].addMailTemplate(
id='my_mt',
mailhost='MailHost',
REQUEST=self.r
)
self.r.form['file']=self.makeFileUpload(diskname='example1.py')
self.app.manage_addProduct['PythonScripts'].manage_addPythonScript(
id='test_mt',
REQUEST=self.r
)
# set expected
self.MailHost.setExpected(mfrom='*****@*****.**',
mto=('*****@*****.**',),
filename='example1.txt')
# test
self.assertEqual(self.app.test_mt(),'Mail Sent!')
self.MailHost.checkSent()
finally:
# logout
noSecurityManager()
newSecurityManager( None, SystemUser )
def testDefaultValueWhenNotFound(self):
# Test that traversing to a non-existent object returns
# the default when provided
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
self.assertEqual(
self.root.restrictedTraverse('happy/happy', 'joy'), 'joy')
def _install_zope(self, db):
"""Install a fresh Zope inside the new test DB. Eventually
install an application afterwards.
"""
# Create the "application"
newSecurityManager(None, AccessControl.User.system)
connection = db.open()
root = connection.root()
root['Application'] = OFS.Application.Application()
app = root['Application']
# Do a savepoint to get a _p_jar on the application
transaction.savepoint()
# Initialize the "application"
try:
TestAppInitializer(
app, self.products, self.packages, self.users).initialize()
self._install_application(makerequest(
app, environ={'SERVER_NAME': 'localhost'}))
except Exception as error:
# There was an error during the application 'setUp'. Abort
# the transaction and continue, otherwise test in other
# layers might fail because of this failure.
transaction.abort()
raise error
else:
# Close
transaction.commit()
finally:
# In any case, close the connection and continue
connection.close()
noSecurityManager()
def __call__(self):
celery = getCelery()
if celery.conf.task_always_eager:
self.eager = True
# dive out of setup, this is not run in a celery task runner
self.app = getApp()
return self._run()
self.app = makerequest(getApp())
self.app.REQUEST['PARENTS'] = [self.app]
setRequest(self.app.REQUEST)
transaction.begin()
try:
try:
result = self._run()
# commit transaction
transaction.commit()
return result
except ConflictError as e:
# On ZODB conflicts, retry using celery's mechanism
transaction.abort()
raise Retry(exc=e)
except Exception:
logger.warn('Error running task: %s' % traceback.format_exc())
transaction.abort()
raise
finally:
noSecurityManager()
setSite(None)
self.app._p_jar.close()
clearRequest()
def setNodeText(self, jid, node, text):
transaction.begin()
app = Zope2.app()
try:
try:
portal = app.unrestrictedTraverse(self.portal_id, None)
if portal is None:
raise DSCException(
'Portal with id %s not found' % self.portal_id)
setSite(portal)
acl_users = getToolByName(portal, 'acl_users')
user_id = JID(jid).user
user = acl_users.getUserById(user_id)
if user is None:
raise DSCException(
'Invalid user %s' % user_id)
newSecurityManager(None, user)
ct = getToolByName(portal, 'portal_catalog')
uid, html_id = node.split('#')
item = ct.unrestrictedSearchResults(UID=uid)
if not item:
raise DSCException(
'Content with UID %s not found' % uid)
item = ICollaborativelyEditable(item[0].getObject())
item.setNodeTextFromHtmlID(html_id, text)
transaction.commit()
except:
transaction.abort()
raise
finally:
noSecurityManager()
setSite(None)
app._p_jar.close()
return text
def _authorizeUser( self
, user
, accessed
, container
, name
, value
, roles=_noroles
):
""" -> boolean (whether user has roles).
o Add the user to the SM's stack, if successful.
o Return
"""
user = aq_base( user ).__of__( self )
newSecurityManager( None, user )
security = getSecurityManager()
try:
try:
if security.validate( accessed
, container
, name
, value
, roles
):
return 1
except:
noSecurityManager()
raise
except Unauthorized:
pass
return 0
def test_getSingleCategoryAcquiredMembershipList(self):
pc = self.getCategoriesTool()
obj = self.portal.person_module.newContent(portal_type='Person')
region_url = self.region1
obj.setRegion(region_url)
self.assertEquals([region_url],
pc.getSingleCategoryMembershipList(obj, 'region'))
self.assertEquals([region_url],
pc.getSingleCategoryMembershipList(obj, 'region',
portal_type='Category'))
self.assertEquals([],
pc.getSingleCategoryMembershipList(obj, 'region',
portal_type='Organisation'))
self.assertEquals(['region/%s' % region_url],
pc.getSingleCategoryMembershipList(obj, 'region', base=1))
self.assertEquals([region_url],
pc.getSingleCategoryMembershipList(obj, 'region',
checked_permission='View'))
noSecurityManager()
self.assertEquals([],
pc.getSingleCategoryMembershipList(obj, 'region',
checked_permission='Manage portal'))
def testModRDN(self):
acl = self.folder.acl_users
ae = self.assertEqual
for role in ug('user_roles'):
acl.manage_addGroup(role)
acl.manage_addGroupMapping(role, role)
msg = acl.manage_addUser(REQUEST=None, kwargs=manager_user)
self.assert_(not msg)
mgr_ob = acl.getUser(manager_user.get(acl.getProperty('_login_attr')))
self.assertNotEqual(mgr_ob, None)
newSecurityManager({}, mgr_ob)
msg = acl.manage_addUser(REQUEST=None, kwargs=user)
self.assert_(not msg)
user_ob = acl.getUser(ug(acl.getProperty('_login_attr')))
self.assertNotEqual(user_ob, None)
user_dn = user_ob.getUserDN()
msg = acl.manage_editUser(user_dn, kwargs={'cn' : 'new'})
user_ob = acl.getUser('new')
ae(user_ob.getProperty('cn'), 'new')
ae(user_ob.getId(), 'new')
new_dn = 'cn=new,%s' % acl.getProperty('users_base')
ae(user_ob.getUserDN(), new_dn)
for role in ug('user_roles'):
self.assert_(role in user_ob.getRoles())
for role in acl.getProperty('_roles'):
self.assert_(role in user_ob.getRoles())
noSecurityManager()
def publish_view(view, environ={}, user=None):
from ZPublisher.WSGIPublisher import publish
from AccessControl.SecurityManagement import noSecurityManager
name = view.__name__
new_environ = {
'PATH_INFO': '/' + name,
'_stdout': StringIO(),
}
new_environ.update(environ)
root = create_fake_root()
user = Mock() if not user else user
root.__allow_groups__ = Mock(validate=Mock(return_value=user))
request = makerequest(root, new_environ['_stdout'], new_environ).REQUEST
view.__doc__ = 'non-empty documentation'
setattr(root, name, view)
module_info = (Mock(), # before
None, #after
root, #object
'TESTING', #realm
True, #debug_mode
Mock(), #err_hook
None, #validated_hook
Mock()) #tm
try:
return publish(request, 'Zope2', Mock(return_value=module_info))
finally:
noSecurityManager()
def testBoboTraverseToSimpleAttrValue(self):
# Verify it's possible to use __bobo_traverse__ to a simple
# python value
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversable()
self.assertEqual(bb.restrictedTraverse('bb_status'), 'screechy')
def tearDown(self):
self.app.REQUEST.close()
noSecurityManager()
transaction.abort()
self.app._p_jar.close()
Skinnable.SKINDATA = self._oldSkindata
cleanUp()
def setupPloneBooking(app, quiet=0):
get_transaction().begin()
_start = time.time()
portal = app.portal
if not quiet: ZopeTestCase._print('Installing PloneBooking ... ')
# login as manager
user = app.acl_users.getUserById(portal_owner).__of__(app.acl_users)
newSecurityManager(None, user)
# add PloneBooking
if hasattr(aq_base(portal), 'portal_booking'):
ZopeTestCase._print('PloneBooking already installed ... ')
else:
installPloneBooking(portal)
# Create portal member
portal.portal_registration.addMember(portal_member, 'azerty', ['Member'])
portal.portal_registration.addMember(portal_member2, 'azerty', ['Member'])
# Log out
noSecurityManager()
get_transaction().commit()
if not quiet: ZopeTestCase._print('done (%.3fs)\n' % (time.time()-_start,))
def setUp(self):
cleanUp()
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CompositePage.tests.test_tool import PermissiveSecurityPolicy
self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy())
noSecurityManager()
def _executeAsUser(context_path, portal_path, uf_path, user_id, func, *args,
**kwargs):
"""Reconstruct environment and execute func."""
transaction = Zope2.zpublisher_transactions_manager # Supports isDoomed
transaction.begin()
app = Zope2.app()
result = None
try:
try:
portal = app.unrestrictedTraverse(portal_path, None)
if portal is None:
raise BadRequest(
'Portal path %s not found' % '/'.join(portal_path))
setSite(portal)
if uf_path:
acl_users = app.unrestrictedTraverse(uf_path, None)
if acl_users is None:
raise BadRequest(
'Userfolder path %s not found' % '/'.join(uf_path))
user = acl_users.getUserById(user_id)
if user is None:
raise BadRequest('User %s not found' % user_id)
newSecurityManager(None, user)
context = portal.unrestrictedTraverse(context_path, None)
if context is None:
raise BadRequest(
'Context path %s not found' % '/'.join(context_path))
# Create a request to work with
import sys
from ZPublisher.HTTPResponse import HTTPResponse
from ZPublisher.HTTPRequest import HTTPRequest
response = HTTPResponse(stdout=sys.stdout)
env = {'SERVER_NAME':'fake_server',
'SERVER_PORT':'80',
'REQUEST_METHOD':'GET'}
request = HTTPRequest(sys.stdin, env, response)
# Set values from original request
original_request = kwargs.get('original_request')
if original_request:
for k,v in original_request.items():
request.set(k, v)
context.REQUEST = request
result = func(context, *args, **kwargs)
del context.REQUEST #Avoid "can't pickle file objects"
transaction.commit()
except:
transaction.abort()
raise
finally:
noSecurityManager()
setSite(None)
app._p_jar.close()
return result
def deploy(self, context, request, section, last_triggered=None):
"""
Deploy whole site as static content.
"""
# get content for Anonymous users, not authenticated
noSecurityManager()
# assigning values
self.context = context
self.request = request
self.section = section
self._read_config(section)
self._apply_request_modifications()
# when last deployment took place
modification_date = self._parse_date(last_triggered)
## Deploy registry files
if self.deploy_registry_files:
self._deploy_registry_files('portal_css', 'styles', 'styles')
self._deploy_registry_files('portal_javascripts', 'scripts', 'scripts')
self._deploy_registry_files('portal_kss', 'kss', 'kineticstylesheets')
# Deploy plone_skins files (if any)
self._deploy_skinstool_files(self.skinstool_files)
# Deploy additional files and pages
self._deploy_views(self.additional_files, is_page=False)
self._deploy_views(self.additional_pages, is_page=True)
## Deploy Plone Site
if self.deploy_plonesite:
self._deploy_site(self.context)
## Deploy folders and pages
catalog = getToolByName(self.context, 'portal_catalog')
brains = catalog(meta_type=self.page_types + self.file_types,
modified={'query': [modification_date, ], 'range': 'min'},
effectiveRange = DateTime(),
Language = 'all',
)
for brain in brains:
if not brain.review_state or brain.review_state in self.deployable_review_states:
obj = brain.getObject()
# we want only objects available for anonyous users
if not self._available_for_anonymous(obj):
continue
# check extra deployment conditions
if not self._extra_deployment_conditions_passed(obj,
modification_date):
continue
# check if object is a normal page
is_page = brain.meta_type in self.page_types
self._deploy_content(obj, is_page=is_page)
## find and run additional deployment steps
self._applay_extra_deployment_steps(modification_date)
# update last triggered date info
settings = IStaticDeployment(self.context)
settings.last_triggered = unicode(DateTime().strftime('%Y/%m/%d %H:%M:%S'))
def tearDown(self):
from AccessControl.SecurityManagement import noSecurityManager
if self._finally is not None:
self._finally()
noSecurityManager()
PlacelessSetup.tearDown(self)
def tearDown(self):
from AccessControl.SecurityManagement import noSecurityManager
if self._finally is not None:
self._finally()
noSecurityManager()
cleanUp()
def testTraverseThroughBoboTraverse(self):
# Verify it's possible to use __bobo_traverse__ with the
# Zope security policy.
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversable()
self.failUnlessRaises(KeyError, bb.restrictedTraverse, 'notfound')
bb.restrictedTraverse('bb_subitem')
def init_zasync():
noSecurityManager()
initializer = component.queryUtility(IInitAsync)
if initializer is not None:
initializer.init()
startup.noSecurityManager = noSecurityManager
def tearDown(self):
from AccessControl.SecurityInfo import _moduleSecurity
from AccessControl.SecurityInfo import _appliedModuleSecurity
noSecurityManager()
_moduleSecurity.clear()
_moduleSecurity.update(self._ms_before)
_appliedModuleSecurity.clear()
_appliedModuleSecurity.update(self._ams_before)
def startup():
patch_persistent()
global app
# Import products
OFS.Application.import_products()
configuration = getConfiguration()
# Open the database
dbtab = configuration.dbtab
try:
# Try to use custom storage
try:
m = imp.find_module('custom_zodb', [configuration.testinghome])
except Exception:
m = imp.find_module('custom_zodb', [configuration.instancehome])
except Exception:
# if there is no custom_zodb, use the config file specified databases
DB = dbtab.getDatabase('/', is_root=1)
else:
m = imp.load_module('Zope2.custom_zodb', m[0], m[1], m[2])
sys.modules['Zope2.custom_zodb'] = m
# Get the database and join it to the dbtab multidatabase
# FIXME: this uses internal datastructures of dbtab
databases = getattr(dbtab, 'databases', {})
if hasattr(m, 'DB'):
DB = m.DB
databases.update(getattr(DB, 'databases', {}))
DB.databases = databases
else:
DB = ZODB.DB(m.Storage, databases=databases)
# Force a connection to every configured database, to ensure all of them
# can indeed be opened. This avoids surprises during runtime when traversal
# to some database mountpoint fails as the underlying storage cannot be
# opened at all
if dbtab is not None:
for mount, name in dbtab.listMountPaths():
_db = dbtab.getDatabase(mount)
_conn = _db.open()
_conn.close()
del _conn
del _db
notify(DatabaseOpened(DB))
Zope2.DB = DB
Zope2.opened.append(DB)
from . import ClassFactory
DB.classFactory = ClassFactory.ClassFactory
# "Log on" as system user
newSecurityManager(None, AccessControl.User.system)
# Set up the CA
load_zcml()
# Set up the "app" object that automagically opens
# connections
app = App.ZApplication.ZApplicationWrapper(DB, 'Application',
OFS.Application.Application)
Zope2.bobo_application = app
# Initialize the app object
application = app()
OFS.Application.initialize(application)
application._p_jar.close()
# "Log off" as system user
noSecurityManager()
global startup_time
startup_time = asctime()
notify(DatabaseOpenedWithRoot(DB))
def tearDown(self):
import transaction
from AccessControl.SecurityManagement import noSecurityManager
noSecurityManager()
transaction.abort()
def tearDown(self):
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
setSecurityPolicy(self.old_policy)
noSecurityManager()
cleanUp()
def tearDown(self):
from AccessControl.SecurityManagement import noSecurityManager
from zope.testing.cleanup import cleanUp
cleanUp()
noSecurityManager()
def tearDown(self):
super(HTMLTests, self).tearDown()
SecurityManager.setSecurityPolicy(self.oldPolicy)
noSecurityManager() # Reset to old policy.
def tearDown(self):
noSecurityManager()
def logout(self):
'''Logs out.'''
noSecurityManager()
def tearDown(self):
noSecurityManager()
transaction.abort()
self.app._p_jar.close()
def startup():
from App.PersistentExtra import patchPersistent
import Globals # to set / fetch data
patchPersistent()
global app
# Import products
OFS.Application.import_products()
configuration = getConfiguration()
# Open the database
dbtab = configuration.dbtab
try:
# Try to use custom storage
try:
m = imp.find_module('custom_zodb', [configuration.testinghome])
except:
m = imp.find_module('custom_zodb', [configuration.instancehome])
except Exception:
# if there is no custom_zodb, use the config file specified databases
DB = dbtab.getDatabase('/', is_root=1)
else:
m = imp.load_module('Zope2.custom_zodb', m[0], m[1], m[2])
sys.modules['Zope2.custom_zodb'] = m
# Get the database and join it to the dbtab multidatabase
# FIXME: this uses internal datastructures of dbtab
databases = getattr(dbtab, 'databases', {})
if hasattr(m, 'DB'):
DB = m.DB
databases.update(getattr(DB, 'databases', {}))
DB.databases = databases
else:
DB = ZODB.DB(m.Storage, databases=databases)
notify(DatabaseOpened(DB))
Globals.BobobaseName = DB.getName()
if DB.getActivityMonitor() is None:
from ZODB.ActivityMonitor import ActivityMonitor
DB.setActivityMonitor(ActivityMonitor())
Globals.DB = DB
Zope2.DB = DB
# Hook for providing multiple transaction object manager undo support:
Globals.UndoManager = DB
Globals.opened.append(DB)
import ClassFactory
DB.classFactory = ClassFactory.ClassFactory
# "Log on" as system user
newSecurityManager(None, AccessControl.User.system)
# Set up the CA
load_zcml()
# Set up the "app" object that automagically opens
# connections
app = App.ZApplication.ZApplicationWrapper(DB, 'Application',
OFS.Application.Application, ())
Zope2.bobo_application = app
# Initialize the app object
application = app()
OFS.Application.initialize(application)
if Globals.DevelopmentMode:
# Set up auto-refresh.
from App.RefreshFuncs import setupAutoRefresh
setupAutoRefresh(application._p_jar)
application._p_jar.close()
# "Log off" as system user
noSecurityManager()
global startup_time
startup_time = asctime()
notify(DatabaseOpenedWithRoot(DB))
Zope2.zpublisher_transactions_manager = TransactionsManager()
Zope2.zpublisher_exception_hook = zpublisher_exception_hook
Zope2.zpublisher_validated_hook = validated_hook
Zope2.__bobo_before__ = noSecurityManager
def tearDown(self):
from AccessControl.SecurityManagement import noSecurityManager
noSecurityManager()
def setUp(self):
from AccessControl.SecurityManagement import noSecurityManager
noSecurityManager()
def tearDown(self):
noSecurityManager()
RequestTest.tearDown(self)
mimetype = obj.getContentType()
content = StringIO(str(fss_storage.get(f_tp, obj)))
# Cleaning the storage
fss_storage.unset(f_tp, obj)
field.set(obj, content)
field.setContentType(obj, mimetype)
field.setFilename(obj, obj.id)
log('Transaction commit and Data.fs synchronism.')
transaction.commit()
app._p_jar.sync()
noSecurityManager()
transaction.savepoint(1)
log('Transaction commit and Data.fs synchronism.')
transaction.commit()
app._p_jar.sync()
log('Completed at', datetime.now().isoformat())
if __name__ == '__main__':
sys.excepthook = do_debugger
main()
else:
pdb.set_trace()
def setUp(self):
noSecurityManager()
def tearDown(self):
self.req.close()
noSecurityManager()
def tearDown(self):
noSecurityManager()
zope.component.testing.tearDown()
def tearDown(self):
transaction.abort()
ZopeTestCase.close(self.app)
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
def tearDown(self):
app = self.app
if hasattr(app, 'testroot'):
app._delObject('testroot')
self.app._p_jar.close()
noSecurityManager()
def test_isConstructionAllowed_wo_Security(self):
from AccessControl.SecurityManagement import noSecurityManager
noSecurityManager()
self.assertFalse(self.ti.isConstructionAllowed(self.f))
def tearDown(self):
ZCatalogBase.tearDown(self)
noSecurityManager()
def immediateLogout(self):
""" Log the current user out immediately. Used by logout.py so that
we do not have to do a redirect to show the logged out status. """
noSecurityManager()
def _scrubSecurity(self):
noSecurityManager()
if self._old_policy is not None:
SecurityManager.setSecurityPolicy(self._old_policy)
def tearDown( self ):
noSecurityManager()
getConfiguration().debug_mode = self.saved_cfg_debug_mode
super(ObjectManagerTests, self).tearDown()
def tearDown(self):
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
def tearDown(self):
if self._oldSecurityPolicy is not None:
setSecurityPolicy(self._oldSecurityPolicy)
noSecurityManager()
def logout(self):
noSecurityManager()
def tearDown( self ):
transaction.abort()
self.connection.close()
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
def addOrder(self):
"""Add a new Order and return the order id.
"""
session = self.context.REQUEST.SESSION
# check for cart
cart_view = getMultiAdapter((self.context, self.context.REQUEST),
name=u'cart_view')
cart_data = cart_view.cart_items()
# check for customer data
customer_data = session.get(SESSION_ADDRESS_KEY, {})
if not customer_data:
raise MissingCustomerInformation
# check for shipping address
shipping_data = session.get(SESSION_SHIPPING_KEY, {})
if not shipping_data:
raise MissingShippingAddress
# check for review data
review_data = session.get(SESSION_REVIEW_KEY, {})
# The comment was previously in the customer data step. If we move it
# to the customer data set we can avoid changing all templates.
customer_data.update(review_data)
# check for order confirmation
if not session.get('order_confirmation', None):
raise MissingOrderConfirmation
# check for payment processor
payment_processor_step_groups = getAdapters(
(self.context, self.request, self),
IPaymentProcessorStepGroup)
selected_pp_step_group = self.shop_config.payment_processor_step_group
for name, step_group_adapter in payment_processor_step_groups:
if name == selected_pp_step_group:
payment_processor_steps = step_group_adapter.steps
if not len(payment_processor_steps) == 0 \
and not session.get('payment_processor_choice', None):
raise MissingPaymentProcessor
# change security context to owner
user = self.context.getWrappedOwner()
newSecurityManager(self.context.REQUEST, user)
order_storage = self.order_storage
order_id = order_storage.createOrder(status=ONLINE_PENDING_KEY,
date=datetime.now(),
customer_data=customer_data,
shipping_data=shipping_data,
total=cart_view.cart_total(),
cart_data=cart_data)
order_storage.flush()
noSecurityManager()
return order_id
def publish(
request,
module_name,
after_list,
debug=0,
# Optimize:
call_object=call_object,
missing_name=missing_name,
dont_publish_class=dont_publish_class,
mapply=mapply,
):
(bobo_before, bobo_after, object, realm, debug_mode, err_hook,
validated_hook, transactions_manager) = get_module_info(module_name)
parents = None
response = None
try:
notify(pubevents.PubStart(request))
# TODO pass request here once BaseRequest implements IParticipation
newInteraction()
request.processInputs()
request_get = request.get
response = request.response
# First check for "cancel" redirect:
if request_get('SUBMIT', '').strip().lower() == 'cancel':
cancel = request_get('CANCEL_ACTION', '')
if cancel:
# Relative URLs aren't part of the spec, but are accepted by
# some browsers.
for part, base in zip(
urlparse(cancel)[:3],
urlparse(request['BASE1'])[:3]):
if not part:
continue
if not part.startswith(base):
cancel = ''
break
if cancel:
raise Redirect(cancel)
after_list[0] = bobo_after
if debug_mode:
response.debug_mode = debug_mode
if realm and not request.get('REMOTE_USER', None):
response.realm = realm
noSecurityManager()
if bobo_before is not None:
bobo_before()
# Get the path list.
# According to RFC1738 a trailing space in the path is valid.
path = request_get('PATH_INFO')
request['PARENTS'] = parents = [object]
if transactions_manager:
transactions_manager.begin()
object = request.traverse(path, validated_hook=validated_hook)
if IBrowserPage.providedBy(object):
request.postProcessInputs()
notify(pubevents.PubAfterTraversal(request))
if transactions_manager:
recordMetaData(object, request)
ok_exception = None
try:
result = mapply(object,
request.args,
request,
call_object,
1,
missing_name,
dont_publish_class,
request,
bind=1)
except (HTTPOk, HTTPRedirection) as exc:
ok_exception = exc
else:
if result is not response:
response.setBody(result)
notify(pubevents.PubBeforeCommit(request))
if transactions_manager:
transactions_manager.commit()
notify(pubevents.PubSuccess(request))
endInteraction()
if ok_exception:
raise ok_exception
return response
except:
# save in order to give 'PubFailure' the original exception info
exc_info = sys.exc_info()
# DM: provide nicer error message for FTP
sm = None
if response is not None:
sm = getattr(response, "setMessage", None)
if sm is not None:
from asyncore import compact_traceback
cl, val = sys.exc_info()[:2]
sm('%s: %s %s' % (getattr(cl, '__name__', cl), val,
debug_mode and compact_traceback()[-1] or ''))
# debug is just used by tests (has nothing to do with debug_mode!)
if not debug and err_hook is not None:
retry = False
if parents:
parents = parents[0]
try:
try:
return err_hook(
parents,
request,
sys.exc_info()[0],
sys.exc_info()[1],
sys.exc_info()[2],
)
except Retry:
if not request.supports_retry():
return err_hook(
parents,
request,
sys.exc_info()[0],
sys.exc_info()[1],
sys.exc_info()[2],
)
retry = True
finally:
# Note: 'abort's can fail.
# Nevertheless, we want end request handling.
try:
try:
notify(
pubevents.PubBeforeAbort(request, exc_info, retry))
finally:
if transactions_manager:
transactions_manager.abort()
finally:
endInteraction()
notify(pubevents.PubFailure(request, exc_info, retry))
# Only reachable if Retry is raised and request supports retry.
newrequest = request.retry()
request.close() # Free resources held by the request.
# Set the default layer/skin on the newly generated request
if ISkinnable.providedBy(newrequest):
setDefaultSkin(newrequest)
try:
return publish(newrequest, module_name, after_list, debug)
finally:
newrequest.close()
else:
# Note: 'abort's can fail.
# Nevertheless, we want end request handling.
try:
try:
notify(pubevents.PubBeforeAbort(request, exc_info, False))
finally:
if transactions_manager:
transactions_manager.abort()
finally:
endInteraction()
notify(pubevents.PubFailure(request, exc_info, False))
raise
def logout():
noSecurityManager()
