diff options
| author | Michael Merickel <michael@merickel.org> | 2012-10-30 01:00:55 -0500 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2012-10-30 01:00:55 -0500 |
| commit | 4b552e539a1725356b9982261b73fd88de7d59a1 (patch) | |
| tree | 529acc8976e1fb28db8b3cf2091d4f27c34cab88 | |
| parent | 4fa68826e6d0980c6fd40b992c111f4496d202cf (diff) | |
| download | pyramid-4b552e539a1725356b9982261b73fd88de7d59a1.tar.gz pyramid-4b552e539a1725356b9982261b73fd88de7d59a1.tar.bz2 pyramid-4b552e539a1725356b9982261b73fd88de7d59a1.zip | |
raise exc if view_execution_permitted invoked on non-existant view
fix #299
| -rw-r--r-- | pyramid/security.py | 6 | ||||
| -rw-r--r-- | pyramid/tests/test_security.py | 18 |
2 files changed, 24 insertions, 0 deletions
diff --git a/pyramid/security.py b/pyramid/security.py index 4b929241e..5d4a8db4a 100644 --- a/pyramid/security.py +++ b/pyramid/security.py @@ -4,6 +4,7 @@ from pyramid.interfaces import ( IAuthenticationPolicy, IAuthorizationPolicy, ISecuredView, + IView, IViewClassifier, ) @@ -140,6 +141,11 @@ def view_execution_permitted(context, request, name=''): provides = [IViewClassifier] + map_(providedBy, (request, context)) view = reg.adapters.lookup(provides, ISecuredView, name=name) if view is None: + view = reg.adapters.lookup(provides, IView, name=name) + if view is None: + raise TypeError('No registered view satisfies the constraints. ' + 'It would not make sense to claim that this view ' + '"is" or "is not" permitted.') return Allowed( 'Allowed: view name %r in context %r (no permission defined)' % (name, context)) diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py index ba9538b01..e530e33ca 100644 --- a/pyramid/tests/test_security.py +++ b/pyramid/tests/test_security.py @@ -131,19 +131,37 @@ class TestViewExecutionPermitted(unittest.TestCase): return checker def test_no_permission(self): + from zope.interface import Interface from pyramid.threadlocal import get_current_registry from pyramid.interfaces import ISettings + from pyramid.interfaces import IView + from pyramid.interfaces import IViewClassifier settings = dict(debug_authorization=True) reg = get_current_registry() reg.registerUtility(settings, ISettings) context = DummyContext() request = DummyRequest({}) + class DummyView(object): + pass + view = DummyView() + reg.registerAdapter(view, (IViewClassifier, Interface, Interface), + IView, '') result = self._callFUT(context, request, '') msg = result.msg self.assertTrue("Allowed: view name '' in context" in msg) self.assertTrue('(no permission defined)' in msg) self.assertEqual(result, True) + def test_no_view_registered(self): + from pyramid.threadlocal import get_current_registry + from pyramid.interfaces import ISettings + settings = dict(debug_authorization=True) + reg = get_current_registry() + reg.registerUtility(settings, ISettings) + context = DummyContext() + request = DummyRequest({}) + self.assertRaises(TypeError, self._callFUT, context, request, '') + def test_with_permission(self): from zope.interface import Interface from zope.interface import directlyProvides |