def protect_setattr(class_, name, permission=None): """Install a setattr permission check for the attribute ``name``. If ``permission`` is not supplied, access will be public. """ permission = check_or_default_permission(class_, permission) protectSetAttribute(class_, name, permission)
def testLikeUntoOnly(self): protectName(TestModule.test_base, "m1", P1) protectName(TestModule.test_base, "m2", P1) protectSetAttribute(TestModule.test_base, "m1", P1) protectSetAttribute(TestModule.test_base, "m2", P1) protectLikeUnto(TestModule.test_class, TestModule.test_base) # m1 and m2 are in the interface, so should be set, and m3 should not: self.assertState(m1P=P1, m2P=P1) self.assertSetattrState(m1P=P1, m2P=P1)
def testLikeUntoOnly(self): protectName(TestModule.test_base, 'm1', P1) protectName(TestModule.test_base, 'm2', P1) protectSetAttribute(TestModule.test_base, 'm1', P1) protectSetAttribute(TestModule.test_base, 'm2', P1) protectLikeUnto(TestModule.test_class, TestModule.test_base) # m1 and m2 are in the interface, so should be set, and m3 should not: self.assertState(m1P=P1, m2P=P1) self.assertSetattrState(m1P=P1, m2P=P1)
def testLikeUntoAsDefault(self): protectName(TestModule.test_base, 'm1', P1) protectName(TestModule.test_base, 'm2', P1) protectSetAttribute(TestModule.test_base, 'm1', P1) protectSetAttribute(TestModule.test_base, 'm2', P1) protectLikeUnto(TestModule.test_class, TestModule.test_base) protectName(TestModule.test_class, 'm2', P2) protectName(TestModule.test_class, 'm3', P2) protectSetAttribute(TestModule.test_class, 'm2', P2) protectSetAttribute(TestModule.test_class, 'm3', P2) # m1 and m2 are in the interface, so should be set, and m3 should not: self.assertState(m1P=P1, m2P=P2, m3P=P2) self.assertSetattrState(m1P=P1, m2P=P2, m3P=P2)
def _callFUT(self, class_, name, permission): from zope.security.protectclass import protectSetAttribute return protectSetAttribute(class_, name, permission)
grok.context(interface.Interface) def render(self): return '''<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">''' + ( self.view.content()) # Need to declare security for Zope madness protectName(MyContent, 'age', 'zope.Public') protectName(MyContent, 'surname', 'zope.Public') protectName(MyContent, 'absolute_url', 'zope.Public') # Everybody as edit right, so test are simpler protectSetAttribute(MyContent, 'age', 'zope.Public') protectSetAttribute(MyContent, 'surname', 'zope.Public') class Index(view.View): grok.context(MyContent) def render(self): return "name: {0}; age: {1}".format(self.context.surname, self.context.age) class PersonWizard(wizard.Wizard): grok.context(MyContent) def finish(self):
def testSetattr(self): protectSetAttribute(TestModule.test_class, "m1", P1) protectSetAttribute(TestModule.test_class, "m3", P1) self.assertSetattrState(m1P=P1, m3P=P1)
def testSetattr(self): protectSetAttribute(TestModule.test_class, 'm1', P1) protectSetAttribute(TestModule.test_class, 'm3', P1) self.assertSetattrState(m1P=P1, m3P=P1)