diff options
| author | Chris McDonough <chrism@plope.com> | 2010-10-26 16:51:34 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2010-10-26 16:51:34 -0400 |
| commit | bdddc931bb00dd158678e19860d46e756c91570e (patch) | |
| tree | 334cf3f523603b93f8461abccca8ccf8bed5a495 | |
| parent | b3ae3e4155b8c3b45fc4bc698acf7f92e6f3f676 (diff) | |
| download | pyramid-bdddc931bb00dd158678e19860d46e756c91570e.tar.gz pyramid-bdddc931bb00dd158678e19860d46e756c91570e.tar.bz2 pyramid-bdddc931bb00dd158678e19860d46e756c91570e.zip | |
merge bugfix from bfg
| -rw-r--r-- | pyramid/configuration.py | 2 | ||||
| -rw-r--r-- | pyramid/tests/permbugapp/__init__.py | 12 | ||||
| -rw-r--r-- | pyramid/tests/permbugapp/configure.zcml | 21 | ||||
| -rw-r--r-- | pyramid/tests/test_integration.py | 12 |
4 files changed, 46 insertions, 1 deletions
diff --git a/pyramid/configuration.py b/pyramid/configuration.py index d94e5504b..bf06143bd 100644 --- a/pyramid/configuration.py +++ b/pyramid/configuration.py @@ -1099,7 +1099,7 @@ class Configurator(object): isexc = isexception(context) def regclosure(): - if hasattr(view, '__call_permissive__'): + if hasattr(derived_view, '__call_permissive__'): view_iface = ISecuredView else: view_iface = IView diff --git a/pyramid/tests/permbugapp/__init__.py b/pyramid/tests/permbugapp/__init__.py new file mode 100644 index 000000000..239f8f06a --- /dev/null +++ b/pyramid/tests/permbugapp/__init__.py @@ -0,0 +1,12 @@ +from cgi import escape +from pyramid.security import view_execution_permitted +from webob import Response + +def x_view(request): + return Response('this is private!') + +def test(context, request): + # should return false + msg = 'Allow ./x? %s' % repr(view_execution_permitted( + context, request, 'x')) + return Response(escape(msg)) diff --git a/pyramid/tests/permbugapp/configure.zcml b/pyramid/tests/permbugapp/configure.zcml new file mode 100644 index 000000000..13159e394 --- /dev/null +++ b/pyramid/tests/permbugapp/configure.zcml @@ -0,0 +1,21 @@ +<configure xmlns="http://pylonshq.com/pyramid"> + + <include package="pyramid.includes" /> + + <view + view=".test" + name="test" + /> + + <view + view=".x_view" + name="x" + permission="private" + /> + + <authtktauthenticationpolicy + secret="seekt1t"/> + + <aclauthorizationpolicy/> + +</configure> diff --git a/pyramid/tests/test_integration.py b/pyramid/tests/test_integration.py index 4d6f48399..1c6752808 100644 --- a/pyramid/tests/test_integration.py +++ b/pyramid/tests/test_integration.py @@ -186,6 +186,18 @@ class TestViewDecoratorApp(TwillBase): self.assertEqual(browser.get_code(), 200) self.failUnless('OK3' in browser.get_html()) +class TestViewPermissionBug(TwillBase): + # view_execution_permitted bug as reported by Shane at http://lists.repoze.org/pipermail/repoze-dev/2010-October/003603.html + config = 'pyramid.tests.permbugapp:configure.zcml' + def test_it(self): + import twill.commands + browser = twill.commands.get_browser() + browser.go('http://localhost:6543/test') + self.assertEqual(browser.get_code(), 200) + self.failUnless('ACLDenied' in browser.get_html()) + browser.go('http://localhost:6543/x') + self.assertEqual(browser.get_code(), 401) + from pyramid.tests.exceptionviewapp.models import AnException, NotAnException excroot = {'anexception':AnException(), 'notanexception':NotAnException()} |