def test_query_new_end_restore_Interaction(self): from zope.security.management import queryInteraction self.assertEquals(queryInteraction(), None) from zope.security.management import newInteraction newInteraction() interaction = queryInteraction() self.assert_(interaction is not None) self.assertRaises(AssertionError, newInteraction) from zope.security.management import endInteraction endInteraction() self.assertEquals(queryInteraction(), None) from zope.security.management import restoreInteraction restoreInteraction() self.assert_(interaction is queryInteraction()) endInteraction() self.assertEquals(queryInteraction(), None) endInteraction() self.assertEquals(queryInteraction(), None) newInteraction() self.assert_(queryInteraction() is not None) restoreInteraction() # restore to no interaction self.assert_(queryInteraction() is None)
def test_restoreInteraction_after_new(self): from zope.security.management import newInteraction from zope.security.management import queryInteraction from zope.security.management import restoreInteraction newInteraction() self.assertTrue(queryInteraction() is not None) restoreInteraction() # restore to no interaction self.assertTrue(queryInteraction() is None)
def test_traverse(url): """Traverse the url in the same way normal publishing occurs. Returns a tuple of (object, view, request) where: object is the last model object in the traversal chain view is the defined view for the object at the specified url (if the url didn't directly specify a view, then the view is the default view for the object. request is the request object resulting from the traversal. This contains a populated traversed_objects list just as a browser request would from a normal call into the app servers. This call uses the currently logged in user, and does not start a new transaction. """ url_parts = urlsplit(url) server_url = '://'.join(url_parts[0:2]) path_info = url_parts[2] request, publication = get_request_and_publication( host=url_parts[1], extra_environment={ 'SERVER_URL': server_url, 'PATH_INFO': path_info}) request.setPublication(publication) # We avoid calling publication.beforePublication because this starts a new # transaction, which causes an abort of the existing transaction, and the # removal of any created and uncommitted objects. # Set the default layer. adapters = getGlobalSiteManager().adapters layer = adapters.lookup((providedBy(request),), IDefaultSkin, '') if layer is not None: layers.setAdditionalLayer(request, layer) principal = get_current_principal() if IUnauthenticatedPrincipal.providedBy(principal): login = None else: login = principal.person setupInteraction(principal, login, request) getUtility(IOpenLaunchBag).clear() app = publication.getApplication(request) view = request.traverse(app) # Find the object from the view instead on relying that it stays # in the traversed_objects stack. That doesn't apply to the web # service for example. try: obj = removeSecurityProxy(view).context except AttributeError: # But sometime the view didn't store the context... # Use the last traversed object in these cases. obj = request.traversed_objects[-2] restoreInteraction() return obj, view, request
def test_restoreInteraction_after_end(self): from zope.security.management import endInteraction from zope.security.management import newInteraction from zope.security.management import queryInteraction from zope.security.management import restoreInteraction newInteraction() interaction = queryInteraction() endInteraction() restoreInteraction() self.assertTrue(interaction is queryInteraction())
def _render(self, form_values=None, method='GET'): self.request = self.request_class( method=method, form=form_values, PATH_INFO='/', environ=self.request_environ) if queryInteraction() is not None: self.request.setPrincipal(get_current_principal()) # Setup a new interaction using self.request, create the view, # initialize() it and then restore the original interaction. endInteraction() newInteraction(self.request) self.view = self.view_class(self.context, self.request) self.view.initialize() restoreInteraction()
def _render(self, form_values=None, method='GET'): self.request = self.request_class(method=method, form=form_values, PATH_INFO='/', environ=self.request_environ) if queryInteraction() is not None: self.request.setPrincipal(get_current_principal()) # Setup a new interaction using self.request, create the view, # initialize() it and then restore the original interaction. endInteraction() newInteraction(self.request) self.view = self.view_class(self.context, self.request) self.view.initialize() restoreInteraction()
def test_restoreInteraction_after_neither(self): from zope.security.management import queryInteraction from zope.security.management import restoreInteraction from zope.security._definitions import thread_local try: del thread_local.interaction except AttributeError: pass try: del thread_local.previous_interaction except AttributeError: pass restoreInteraction() self.assertTrue(queryInteraction() is None)
def process(self, message): recipient = IRecipient(self.context, None) if recipient is None: raise MailInException('Recipent not found.') # find principal from_hdr = parseaddr(message['From'])[1].lower() try: principal = getPrincipalByEMail(from_hdr) except PrincipalLookupError: if IAnonymousSupport.providedBy(recipient): principal = getUtility(IUnauthenticatedPrincipal) else: # member not found raise MailInException('Member not found: %s'%from_hdr) # set security context interaction = queryInteraction() if interaction is not None: request = copy.copy(interaction.participations[0]) else: request = TestRequest() request.setPrincipal(principal) request.interaction = None endInteraction() newInteraction(request) # deliver message try: recipient.process(message) except: log_exc() # restore old security context restoreInteraction()
def test_traverse(url): """Traverse the url in the same way normal publishing occurs. Returns a tuple of (object, view, request) where: object is the last model object in the traversal chain view is the defined view for the object at the specified url (if the url didn't directly specify a view, then the view is the default view for the object. request is the request object resulting from the traversal. This contains a populated traversed_objects list just as a browser request would from a normal call into the app servers. This call uses the currently logged in user, and does not start a new transaction. """ url_parts = urlsplit(url) server_url = '://'.join(url_parts[0:2]) path_info = url_parts[2] request, publication = get_request_and_publication(host=url_parts[1], extra_environment={ 'SERVER_URL': server_url, 'PATH_INFO': path_info }) request.setPublication(publication) # We avoid calling publication.beforePublication because this starts a new # transaction, which causes an abort of the existing transaction, and the # removal of any created and uncommitted objects. # Set the default layer. adapters = getGlobalSiteManager().adapters layer = adapters.lookup((providedBy(request), ), IDefaultSkin, '') if layer is not None: layers.setAdditionalLayer(request, layer) principal = get_current_principal() if IUnauthenticatedPrincipal.providedBy(principal): login = None else: login = principal.person setupInteraction(principal, login, request) getUtility(IOpenLaunchBag).clear() app = publication.getApplication(request) view = request.traverse(app) # Find the object from the view instead on relying that it stays # in the traversed_objects stack. That doesn't apply to the web # service for example. try: obj = removeSecurityProxy(view).context except AttributeError: # But sometime the view didn't store the context... # Use the last traversed object in these cases. obj = request.traversed_objects[-2] restoreInteraction() return obj, view, request
def tearDown(test=None): setSecurityPolicy(test.globs['__policy']) restoreInteraction() setup.placelessTearDown()