def is_safe_attribute(self, obj, attr, value): # See ZopeGuards.py / guarded_hasattr try: ZopeGuards.guarded_getattr(obj, attr) return True except Unauthorized, e: raise e # Plone has its own magic for Unauthorized exceptions
def test_iteration_with_container(self): seq = [1, 2, 3] container = object() contid = id(container) it = ZopeGuards.SafeIter(seq, container) self.assertEqual(list(it), seq) self.assertEqual(self.checks, [(contid, 1), (contid, 2), (contid, 3)])
def execute(self, my_locals=None, output=None): my_globals = ZopeGuards.get_safe_globals() my_globals["_getattr_"] = ZopeGuards.guarded_getattr if my_locals is None: my_locals = {} exec(self.code, my_globals, my_locals) return my_locals
def execute(self, locals=None, output=None): my_globals = ZopeGuards.get_safe_globals() my_globals['_getattr_'] = ZopeGuards.guarded_getattr if locals is None: locals = {} exec self.code in my_globals, locals return locals
def call(__self, __context, __obj, *args, **kwargs): """ Use Zope guarded apply to call the object.""" # the double prefixes are to avoid double keyword argument # errors when proxying the call. if not __self.is_safe_callable(__obj): raise SecurityError('%r is not safely callable' % (__obj,)) return ZopeGuards.guarded_apply(__obj, *args, **kwargs)
def test_iteration(self): seq = [1, 2, 3] seqid = id(seq) it = ZopeGuards.SafeIter(seq) self.assertEqual(list(it), seq) self.assertEqual(self.checks, [(seqid, 1), (seqid, 2), (seqid, 3)])