diff options
| author | Chris McDonough <chrism@agendaless.com> | 2008-10-03 20:11:06 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2008-10-03 20:11:06 +0000 |
| commit | 47b4d3ee62dfdb830a83192907b0602218f9ab5e (patch) | |
| tree | 6fe0cce905bcc39f1ab431101fe419f4197305f9 | |
| parent | 68fe4a3a211176a282212a441d04ab53227f6bd2 (diff) | |
| download | pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.gz pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.bz2 pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.zip | |
Docs
- An "Environment and Configuration" chapter was added to the narrative
portion of the documentation.
Features
- Ensure bfg doesn't generate warnings when running under Python
2.6.
- The environment variable ``BFG_RELOAD_TEMPLATES`` is now available
(serves the same purpose as ``reload_templates`` in the config file).
- A new configuration file option ``debug_authorization`` was added.
This turns on printing of security authorization debug statements
to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment
variable was also added; this performs the same duty.
Bug Fixes
- The environment variable ``BFG_SECURITY_DEBUG`` did not always work.
It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed.
Deprecations
- A deprecation warning is now issued when old API names from the
``repoze.bfg.templates`` module are imported.
Backwards incompatibilities
- The ``BFG_SECURITY_DEBUG`` environment variable was renamed to
``BFG_DEBUG_AUTHORIZATION``.
| -rw-r--r-- | CHANGES.txt | 25 | ||||
| -rw-r--r-- | docs/conf.py | 4 | ||||
| -rw-r--r-- | docs/index.rst | 1 | ||||
| -rw-r--r-- | docs/narr/environment.rst | 60 | ||||
| -rw-r--r-- | docs/narr/project.rst | 3 | ||||
| -rw-r--r-- | docs/narr/security.rst | 27 | ||||
| -rw-r--r-- | docs/narr/templates.rst | 36 | ||||
| -rw-r--r-- | repoze/bfg/interfaces.py | 3 | ||||
| -rw-r--r-- | repoze/bfg/log.py | 16 | ||||
| -rw-r--r-- | repoze/bfg/registry.py | 21 | ||||
| -rw-r--r-- | repoze/bfg/security.py | 36 | ||||
| -rw-r--r-- | repoze/bfg/tests/test_log.py | 16 | ||||
| -rw-r--r-- | repoze/bfg/tests/test_registry.py | 28 | ||||
| -rw-r--r-- | repoze/bfg/tests/test_security.py | 71 |
14 files changed, 275 insertions, 72 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 318d93f3f..a8a810fab 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,15 +1,38 @@ -Next release +0.4.0 (10/03/2008) + + Docs + + - An "Environment and Configuration" chapter was added to the narrative + portion of the documentation. Features - Ensure bfg doesn't generate warnings when running under Python 2.6. + - The environment variable ``BFG_RELOAD_TEMPLATES`` is now available + (serves the same purpose as ``reload_templates`` in the config file). + + - A new configuration file option ``debug_authorization`` was added. + This turns on printing of security authorization debug statements + to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment + variable was also added; this performs the same duty. + + Bug Fixes + + - The environment variable ``BFG_SECURITY_DEBUG`` did not always work. + It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed. + Deprecations - A deprecation warning is now issued when old API names from the ``repoze.bfg.templates`` module are imported. + Backwards incompatibilities + + - The ``BFG_SECURITY_DEBUG`` environment variable was renamed to + ``BFG_DEBUG_AUTHORIZATION``. + 0.3.9 (08/27/2008) Features diff --git a/docs/conf.py b/docs/conf.py index 443a37dd5..92184b267 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -51,9 +51,9 @@ copyright = '2008, Agendaless Consulting' # other places throughout the built documents. # # The short X.Y version. -version = '0.3.9' +version = '0.4.0' # The full version, including alpha/beta/rc tags. -release = '0.3.9' +release = '0.4.0' # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: diff --git a/docs/index.rst b/docs/index.rst index 594add0cb..e89c18494 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -34,6 +34,7 @@ Narrative documentation in chapter form explaining how to use narr/models narr/security narr/events + narr/environment changes glossary diff --git a/docs/narr/environment.rst b/docs/narr/environment.rst new file mode 100644 index 000000000..9ace43048 --- /dev/null +++ b/docs/narr/environment.rst @@ -0,0 +1,60 @@ +.. _environment_chapter: + +Environment and Configuration +============================= + +:mod:`repoze.bfg` behavior can be configured through a combination of +operating system environment variables and ``.ini`` configuration file +application section settings. The meaning of the environment +variables and the configuration file settings overlap. + +.. note:: Where a configuration file setting exists with the same + meaning as an environment variable, and both are present at + application startup time, the environment variable setting + takes precedence. + +The term "configuration file setting name" refers to a key in the +``.ini`` configuration for your application. The configuration file +setting names documented in this chapter are reserved for +:mod:`repoze.bfg` use. You should not use them to indicate +application-specific configuration settings. + ++-----------------------------+--------------------------+-------------------------------------+ +| Environment Variable Name | Config File Setting Name | Further Information | ++=============================+==========================+=====================================+ +| ``BFG_RELOAD_TEMPLATES`` | ``reload_templates`` | Reload templates without restart | +| | | when true | +| | | See also: | +| | | :ref:`reload_templates_section` | ++-----------------------------+--------------------------+-------------------------------------+ +| ``BFG_DEBUG_AUTHORIZATION`` | ``debug_authorization`` | Print authorization failure/success| +| | | messages to stderr when true | +| | | See also: | +| | | :ref:`debug_authorization_section` | ++-----------------------------+--------------------------+-------------------------------------+ + +Examples +-------- + +Let's presume your configuration file is named ``MyProject.ini``, and +there is a section representing your application named ``[app:main]`` +within the file that represents your :mod:`repoze.bfg` application. +The configuration file settings documented in the above "Config File +Setting Name" column would go in the ``[app:main]`` section. Here's +an example of such a section:: + + [app:main] + use = egg:MyProject#app + reload_templates = true + debug_authorization = true + +You can also use environment variables to accomplish the same purpose +for settings documented as such. For example, you might start your +:mod:`repoze.bfg` application using the following command line:: + + BFG_DEBUG_AUTHORIZATION=1 BFG_RELOAD_TEMPLATES=1 bin/paster serve MyProject.ini + +If you started your application this way, your :mod:`repoze.bfg` +application would behave in the same manner as if you had placed the +respective settings in the ``[app:main]`` section of your +application's ``.ini`` file. diff --git a/docs/narr/project.rst b/docs/narr/project.rst index 3bca363e8..751017067 100644 --- a/docs/narr/project.rst +++ b/docs/narr/project.rst @@ -300,7 +300,8 @@ your application by requiring more settings in this section. The ``reload_templates`` setting in the ``[app:main]`` section is a :mod:`repoze.bfg`-specific setting which is passed into the framework. If it exists, and is ``true``, :term:`Chameleon` and XSLT template -changes will not require an application restart to be detected. +changes will not require an application restart to be detected. See +:ref:`reload_templates_section` for more information. .. warning:: The ``reload_templates`` option should be turned off for production applications, as template rendering is slowed when it is diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 1053ccc42..b57ad2958 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -164,16 +164,27 @@ be performed. See :ref:`location_module` for documentations of functions which use location-awareness. -Debugging Security Failures ---------------------------- +.. _debug_authorization_section: -If your application is allowing or denying access inappropriately (in -your judgment), start your application under a shell using the -``BFG_SECURITY_DEBUG`` environment variable. For example:: +Debugging Authorization Failures +-------------------------------- - $ BFG_SECURITY_DEBUG=1 bin/paster serve myproject.ini +If your application in your judgment is allowing or denying access +inappropriately, start your application under a shell using the +``BFG_DEBUG_AUTHORIZATION`` environment variable set to ``1``. For +example:: + + $ BFG_DEBUG_AUTHORIZATION=1 bin/paster serve myproject.ini When any authorization takes place, a message will be logged to the -console about what ACE in which ACL permitted or denied the -authorization based on authentication information. +console (to stderr) about what ACE in which ACL permitted or denied +the authorization based on authentication information. + +This behavior can also be turned on in the application ``.ini`` file +by setting the ``debug_authorization`` key to ``true`` within the +application's configuration section, e.g.:: + + [app:main] + use = egg:MyProject#app + debug_authorization = true diff --git a/docs/narr/templates.rst b/docs/narr/templates.rst index dce66ae3d..4878e728c 100644 --- a/docs/narr/templates.rst +++ b/docs/narr/templates.rst @@ -104,6 +104,38 @@ You can also pass XSLT parameters in as keyword arguments: This would then assign 'app1' as the value of an ``<xsl:param name="param1"/>`` parameter in the XSLT template. +.. _reload_templates_section: + +Automatically Reloading Templates +--------------------------------- + +It's often convenient to see changes you make to a template file +appear immediately without needing to restart the application process. +:mod:`repoze.bfg` allows you configure your application development +environment so that a change to a template will be automatically +detected, and the template will be reloaded on the next rendering. + +.. warning:: auto-template-reload behavior is not recommended for + production sites as it slows rendering; it's usually only + desirable during development. + +In order to turn on automatic reloading of templates, you can use an +environment variable setting or a configuration file setting. + +To use an environment variable, start your application under a shell +using the ``BFG_RELOAD_TEMPLATES`` environment variable set to ``1``, +For example:: + + $ BFG_RELOAD_TEMPLATES=1 bin/paster serve myproject.ini + +To use a setting in the the application ``.ini`` file for the same +purpose, set the ``reload_templates`` key to ``true`` within the +application's configuration section, e.g.:: + + [app:main] + use = egg:MyProject#app + reload_templates = true + Templating with other Templating Languages ------------------------------------------ @@ -138,4 +170,6 @@ installed, here's an example of using Mako from within a :mod:`repoze.bfg`-style bindings for the `Jinja2 <http://jinja.pocoo.org/2/documentation>`_ templating system. - +Note that if you use third-party templating languages, the +auto-template-reload strategy explained in +:ref:`reload_templates_section` will not be available. diff --git a/repoze/bfg/interfaces.py b/repoze/bfg/interfaces.py index ffa61a11e..bbff9bca7 100644 --- a/repoze/bfg/interfaces.py +++ b/repoze/bfg/interfaces.py @@ -113,3 +113,6 @@ class ILocation(Interface): __name__ = Attribute("The name within the parent") +class ILogger(Interface): + """ Interface representing a PEP 282 logger """ + diff --git a/repoze/bfg/log.py b/repoze/bfg/log.py new file mode 100644 index 000000000..ac2145a47 --- /dev/null +++ b/repoze/bfg/log.py @@ -0,0 +1,16 @@ +import logging + +def make_stream_logger(name, stream, levelname='DEBUG', + fmt='%(asctime)s %(message)s'): + """ Return an object which implements + ``repoze.bfg.interfaces.ILogger`` (ie. a Python PEP 282 logger + instance) with the name ``name`` using the stream (or open + filehandle) ``stream``, logging at ``levelname`` log level or + above with format ``fmt``. """ + handler = logging.StreamHandler(stream) + formatter = logging.Formatter(fmt) + handler.setFormatter(formatter) + logger = logging.Logger(name) + logger.addHandler(handler) + logger.setLevel(getattr(logging, levelname)) + return logger diff --git a/repoze/bfg/registry.py b/repoze/bfg/registry.py index 9baa0452a..836d2ad6a 100644 --- a/repoze/bfg/registry.py +++ b/repoze/bfg/registry.py @@ -1,3 +1,5 @@ +import os +import sys import threading import zope.component @@ -11,7 +13,9 @@ from zope.component import getSiteManager as original_getSiteManager from zope.interface import implements from repoze.bfg.interfaces import ISettings +from repoze.bfg.interfaces import ILogger from repoze.bfg.zcml import zcml_configure +from repoze.bfg.log import make_stream_logger class ThreadLocalRegistryManager(threading.local): registry = getGlobalSiteManager() @@ -54,6 +58,10 @@ def makeRegistry(filename, package, options=None, lock=threading.Lock()): options = {} settings = Settings(options) registry.registerUtility(settings, ISettings) + if options.get('debug_authorization'): + auth_logger = make_stream_logger('repoze.bfg.authdebug',sys.stderr) + registry.registerUtility(auth_logger, ILogger, + 'repoze.bfg.authdebug') original_getSiteManager.sethook(getSiteManager) zope.component.getGlobalSiteManager = registry_manager.get zcml_configure(filename, package=package) @@ -82,9 +90,18 @@ def asbool(s): s = str(s).strip() return s.lower() in ('t', 'true', 'y', 'yes', 'on', '1') -def get_options(kw): +def get_options(kw, environ=os.environ): + # environ is passed in for unit tests + eget = environ.get + config_debug_auth = kw.get('debug_authorization', '') + effective_debug_auth = asbool(eget('BFG_DEBUG_AUTHORIZATION', + config_debug_auth)) + config_reload_templates = kw.get('reload_templates') + effective_reload_templates = asbool(eget('BFG_RELOAD_TEMPLATES', + config_reload_templates)) return { - 'reload_templates':asbool(kw.get('reload_templates')), + 'debug_authorization': effective_debug_auth, + 'reload_templates':effective_reload_templates, } from zope.testing.cleanup import addCleanUp diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index ee54c7971..dd2f94ab8 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -1,4 +1,3 @@ -import logging import os import sys @@ -11,6 +10,7 @@ from repoze.bfg.interfaces import ISecurityPolicy from repoze.bfg.interfaces import IViewPermission from repoze.bfg.interfaces import IViewPermissionFactory from repoze.bfg.interfaces import NoAuthorizationInformation +from repoze.bfg.interfaces import ILogger Everyone = 'system.Everyone' Authenticated = 'system.Authenticated' @@ -68,7 +68,7 @@ def principals_allowed_by_permission(context, permission): class ACLAuthorizer(object): - def __init__(self, context, logger=None): + def __init__(self, context, logger): self.context = context self.logger = logger @@ -101,16 +101,16 @@ class ACLSecurityPolicy(object): implements(ISecurityPolicy) authorizer_factory = ACLAuthorizer - def __init__(self, logger, get_principals): - self.logger = logger + def __init__(self, get_principals): self.get_principals = get_principals def permits(self, context, request, permission): """ Return ``Allowed`` if the policy permits access, ``Denied`` if not.""" + logger = queryUtility(ILogger, name='repoze.bfg.authdebug') principals = self.effective_principals(request) for location in lineage(context): - authorizer = self.authorizer_factory(location, self.logger) + authorizer = self.authorizer_factory(location, logger) try: return authorizer.permits(permission, *principals) except NoAuthorizationInformation: @@ -148,29 +148,13 @@ class ACLSecurityPolicy(object): return sorted(allowed.keys()) return [] -DEBUG_LOG_KEY = 'BFG_SECURITY_DEBUG' - -def debug_logger(logger): - if logger is None: - do_debug_log = os.environ.get(DEBUG_LOG_KEY, '') - if str(do_debug_log).lower() in ('1', 'y', 'true', 't', 'on'): - handler = logging.StreamHandler(sys.stdout) - fmt = '%(asctime)s %(message)s' - formatter = logging.Formatter(fmt) - handler.setFormatter(formatter) - logger = logging.Logger('repoze.bfg.security') - logger.addHandler(handler) - logger.setLevel(logging.DEBUG) - return logger - return logger - def get_remoteuser(request): user_id = request.environ.get('REMOTE_USER') if user_id: return [user_id] return [] -def RemoteUserACLSecurityPolicy(logger=None): +def RemoteUserACLSecurityPolicy(): """ A security policy which: - examines the request.environ for the REMOTE_USER variable and @@ -188,8 +172,7 @@ def RemoteUserACLSecurityPolicy(logger=None): grant or deny access. """ - logger = debug_logger(logger) - return ACLSecurityPolicy(logger, get_remoteuser) + return ACLSecurityPolicy(get_remoteuser) def get_who_principals(request): identity = request.environ.get('repoze.who.identity') @@ -199,7 +182,7 @@ def get_who_principals(request): principals.extend(identity.get('groups', [])) return principals -def RepozeWhoIdentityACLSecurityPolicy(logger=None): +def RepozeWhoIdentityACLSecurityPolicy(): """ A security policy which: - examines the request.environ for the ``repoze.who.identity`` @@ -219,8 +202,7 @@ def RepozeWhoIdentityACLSecurityPolicy(logger=None): grant or deny access. """ - logger = debug_logger(logger) - return ACLSecurityPolicy(logger, get_who_principals) + return ACLSecurityPolicy(get_who_principals) class PermitsResult: def __init__(self, ace, acl, permission, principals, context): diff --git a/repoze/bfg/tests/test_log.py b/repoze/bfg/tests/test_log.py new file mode 100644 index 000000000..4cc8d12a0 --- /dev/null +++ b/repoze/bfg/tests/test_log.py @@ -0,0 +1,16 @@ +import unittest + +class TestFunctions(unittest.TestCase): + def test_make_stream_logger(self): + from repoze.bfg.log import make_stream_logger + import logging + import sys + logger = make_stream_logger('foo', sys.stderr, levelname='DEBUG', + fmt='%(message)s') + self.assertEqual(logger.name, 'foo') + self.assertEqual(logger.handlers[0].stream, sys.stderr) + self.assertEqual(logger.handlers[0].formatter._fmt, '%(message)s') + self.assertEqual(logger.level, logging.DEBUG) + + + diff --git a/repoze/bfg/tests/test_registry.py b/repoze/bfg/tests/test_registry.py index efc99b41a..d2e6b4caf 100644 --- a/repoze/bfg/tests/test_registry.py +++ b/repoze/bfg/tests/test_registry.py @@ -23,7 +23,8 @@ class TestMakeRegistry(unittest.TestCase, PlacelessSetup): old = repoze.bfg.registry.setRegistryManager(dummyregmgr) registry = makeRegistry('configure.zcml', fixtureapp, - options={'reload_templates':True}, + options={'reload_templates':True, + 'debug_authorization':True}, lock=dummylock) from zope.component.registry import Components self.failUnless(isinstance(registry, Components)) @@ -32,8 +33,12 @@ class TestMakeRegistry(unittest.TestCase, PlacelessSetup): self.assertEqual(dummyregmgr.registry, registry) from zope.component import getUtility from repoze.bfg.interfaces import ISettings + from repoze.bfg.interfaces import ILogger settings = getUtility(ISettings) + logger = getUtility(ILogger, name='repoze.bfg.authdebug') + self.assertEqual(logger.name, 'repoze.bfg.authdebug') self.assertEqual(settings.reload_templates, True) + self.assertEqual(settings.debug_authorization, True) finally: repoze.bfg.registry.setRegistryManager(old) @@ -52,6 +57,27 @@ class TestGetOptions(unittest.TestCase): self.assertEqual(result['reload_templates'], True) result = get_options({'reload_templates':'1'}) self.assertEqual(result['reload_templates'], True) + result = get_options({}, {'BFG_RELOAD_TEMPLATES':'1'}) + self.assertEqual(result['reload_templates'], True) + result = get_options({'reload_templates':'false'}, + {'BFG_RELOAD_TEMPLATES':'1'}) + self.assertEqual(result['reload_templates'], True) + + def test_debug_authorization(self): + get_options = self._getFUT() + result = get_options({}) + self.assertEqual(result['debug_authorization'], False) + result = get_options({'debug_authorization':'false'}) + self.assertEqual(result['debug_authorization'], False) + result = get_options({'debug_authorization':'t'}) + self.assertEqual(result['debug_authorization'], True) + result = get_options({'debug_authorization':'1'}) + self.assertEqual(result['debug_authorization'], True) + result = get_options({}, {'BFG_DEBUG_AUTHORIZATION':'1'}) + self.assertEqual(result['debug_authorization'], True) + result = get_options({'debug_authorization':'false'}, + {'BFG_DEBUG_AUTHORIZATION':'1'}) + self.assertEqual(result['debug_authorization'], True) class TestThreadLocalRegistryManager(unittest.TestCase, PlacelessSetup): def setUp(self): diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py index 98750c728..4a1511c50 100644 --- a/repoze/bfg/tests/test_security.py +++ b/repoze/bfg/tests/test_security.py @@ -219,6 +219,12 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): klass = self._getTargetClass() return klass(*arg, **kw) + def _registerLogger(self, logger): + import zope.component + gsm = zope.component.getGlobalSiteManager() + from repoze.bfg.interfaces import ILogger + gsm.registerUtility(logger, ILogger, name='repoze.bfg.authdebug') + def setUp(self): PlacelessSetup.setUp(self) @@ -233,14 +239,12 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): def test_instance_implements_ISecurityPolicy(self): from zope.interface.verify import verifyObject from repoze.bfg.interfaces import ISecurityPolicy - logger = DummyLogger() - verifyObject(ISecurityPolicy, self._makeOne(logger, lambda *arg: None)) + verifyObject(ISecurityPolicy, self._makeOne(lambda *arg: None)) def test_permits_no_principals_no_acl_info_on_context(self): context = DummyContext() request = DummyRequest({}) - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) authorizer_factory = make_authorizer_factory(None) policy.authorizer_factory = authorizer_factory result = policy.permits(context, request, 'view') @@ -254,8 +258,7 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): context = DummyContext() context.__acl__ = [] request = DummyRequest({}) - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) authorizer_factory = make_authorizer_factory(None) policy.authorizer_factory = authorizer_factory result = policy.permits(context, request, 'view') @@ -274,8 +277,7 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): context2.__parent__ = context context.__acl__ = [] request = DummyRequest({}) - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) authorizer_factory = make_authorizer_factory(None) policy.authorizer_factory = authorizer_factory result = policy.permits(context, request, 'view') @@ -293,8 +295,7 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): context2.__name__ = 'context2' context2.__parent__ = context request = DummyRequest({}) - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) authorizer_factory = make_authorizer_factory(context) policy.authorizer_factory = authorizer_factory result = policy.permits(context, request, 'view') @@ -303,15 +304,34 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): self.assertEqual(authorizer_factory.principals, (Everyone,)) self.assertEqual(authorizer_factory.permission, 'view') self.assertEqual(authorizer_factory.context, context) - + + def test_permits_with_logger(self): + logger = DummyLogger() + self._registerLogger(logger) + context = DummyContext() + request = DummyRequest({}) + policy = self._makeOne(lambda *arg: None) + authorizer_factory = make_authorizer_factory(context) + policy.authorizer_factory = authorizer_factory + policy.permits(context, request, 'view') + self.assertEqual(authorizer_factory.logger, logger) + + def test_permits_no_logger(self): + context = DummyContext() + request = DummyRequest({}) + policy = self._makeOne(lambda *arg: None) + authorizer_factory = make_authorizer_factory(context) + policy.authorizer_factory = authorizer_factory + policy.permits(context, request, 'view') + self.assertEqual(authorizer_factory.logger, None) + def test_principals_allowed_by_permission_direct(self): from repoze.bfg.security import Allow context = DummyContext() acl = [ (Allow, 'chrism', ('read', 'write')), (Allow, 'other', ('read',)) ] context.__acl__ = acl - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) result = policy.principals_allowed_by_permission(context, 'read') self.assertEqual(result, ['chrism', 'other']) @@ -326,14 +346,12 @@ class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup): inter = DummyContext() inter.__name__ = None inter.__parent__ = context - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) result = policy.principals_allowed_by_permission(inter, 'read') self.assertEqual(result, ['chrism', 'other']) def test_principals_allowed_by_permission_no_acls(self): - logger = DummyLogger() - policy = self._makeOne(logger, lambda *arg: None) + policy = self._makeOne(lambda *arg: None) result = policy.principals_allowed_by_permission(None, 'read') self.assertEqual(result, []) @@ -355,22 +373,19 @@ class TestRemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup): def test_instance_implements_ISecurityPolicy(self): from zope.interface.verify import verifyObject from repoze.bfg.interfaces import ISecurityPolicy - logger = DummyLogger() - verifyObject(ISecurityPolicy, self._makeOne(logger)) + verifyObject(ISecurityPolicy, self._makeOne()) def test_authenticated_userid(self): context = DummyContext() request = DummyRequest({'REMOTE_USER':'fred'}) - logger = DummyLogger() - policy = self._makeOne(logger) + policy = self._makeOne() result = policy.authenticated_userid(request) self.assertEqual(result, 'fred') def test_effective_principals(self): context = DummyContext() request = DummyRequest({'REMOTE_USER':'fred'}) - logger = DummyLogger() - policy = self._makeOne(logger) + policy = self._makeOne() result = policy.effective_principals(request) from repoze.bfg.security import Everyone from repoze.bfg.security import Authenticated @@ -395,15 +410,13 @@ class TestRepozeWhoIdentityACLSecurityPolicy(unittest.TestCase, PlacelessSetup): def test_instance_implements_ISecurityPolicy(self): from zope.interface.verify import verifyObject from repoze.bfg.interfaces import ISecurityPolicy - logger = DummyLogger() - verifyObject(ISecurityPolicy, self._makeOne(logger)) + verifyObject(ISecurityPolicy, self._makeOne()) def test_authenticated_userid(self): context = DummyContext() identity = {'repoze.who.identity':{'repoze.who.userid':'fred'}} request = DummyRequest(identity) - logger = DummyLogger() - policy = self._makeOne(logger) + policy = self._makeOne() result = policy.authenticated_userid(request) self.assertEqual(result, 'fred') @@ -411,8 +424,7 @@ class TestRepozeWhoIdentityACLSecurityPolicy(unittest.TestCase, PlacelessSetup): context = DummyContext() identity = {'repoze.who.identity':{'repoze.who.userid':'fred'}} request = DummyRequest(identity) - logger = DummyLogger() - policy = self._makeOne(logger) + policy = self._makeOne() result = policy.effective_principals(request) from repoze.bfg.security import Everyone from repoze.bfg.security import Authenticated @@ -557,6 +569,7 @@ class make_authorizer_factory: authorizer.permission = permission authorizer.principals = principals authorizer.context = context + authorizer.logger = logger result = authorizer.expected_context == context if not result and authorizer.intermediates_raise: from repoze.bfg.interfaces import NoAuthorizationInformation |