diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-01-25 05:19:28 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-01-25 05:19:28 +0000 |
| commit | cb4b8039c677a4907d999598b96505298a3e7401 (patch) | |
| tree | 58339841826683ec8feb046a52b02eb44389c6a1 | |
| parent | c8cab3395432983c2165dce196ad5204e420a900 (diff) | |
| download | pyramid-cb4b8039c677a4907d999598b96505298a3e7401.tar.gz pyramid-cb4b8039c677a4907d999598b96505298a3e7401.tar.bz2 pyramid-cb4b8039c677a4907d999598b96505298a3e7401.zip | |
- It is no longer permissible to pass a "nested" list of principals to
``repoze.bfg.ACLAuthorizer.permits`` (e.g. ['fred', ['larry',
'bob']). The principals list must be fully expanded. This feature
was never documented, and was never an API, so it's not a backwards
incompatibility.
| -rw-r--r-- | CHANGES.txt | 6 | ||||
| -rw-r--r-- | repoze/bfg/security.py | 2 | ||||
| -rw-r--r-- | repoze/bfg/tests/test_security.py | 36 |
3 files changed, 7 insertions, 37 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 8eea97d1f..1217a72e8 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -24,6 +24,12 @@ Behavior Changes contain a REQUEST_METHOD key/value; if they do not, a KeyError will be raised (speed). +- It is no longer permissible to pass a "nested" list of principals to + ``repoze.bfg.ACLAuthorizer.permits`` (e.g. ['fred', ['larry', + 'bob']). The principals list must be fully expanded. This feature + was never documented, and was never an API, so it's not a backwards + incompatibility. + Implementation Changes ---------------------- diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index 693f253d0..2b1d3e0de 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -75,7 +75,7 @@ class ACLAuthorizer(object): for ace in acl: ace_action, ace_principal, ace_permissions = ace - for principal in flatten(principals): + for principal in principals: if ace_principal == principal: permissions = flatten(ace_permissions) if permission in permissions: diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py index 4209f8d3d..31b25b774 100644 --- a/repoze/bfg/tests/test_security.py +++ b/repoze/bfg/tests/test_security.py @@ -129,42 +129,6 @@ class TestACLAuthorizer(unittest.TestCase): self.assertEqual(result, True) self.assertEqual(result.ace, allow) - def test_permits_nested_principals_list_allow(self): - context = DummyContext() - acl = [] - from repoze.bfg.security import Allow - ace = (Allow, 'larry', 'read') - acl = [ace] - context.__acl__ = acl - authorizer = self._makeOne(context) - principals = (['fred', ['jim', ['bob', 'larry']]]) - result = authorizer.permits('read', *principals) - self.assertEqual(result, True) - self.assertEqual(result.ace, ace) - - def test_permits_nested_principals_list_deny_explicit(self): - context = DummyContext() - from repoze.bfg.security import Deny - ace = (Deny, 'larry', 'read') - acl = [ace] - context.__acl__ = acl - authorizer = self._makeOne(context) - principals = (['fred', ['jim', ['bob', 'larry']]]) - result = authorizer.permits('read', *principals) - self.assertEqual(result, False) - self.assertEqual(result.ace, ace) - - def test_permits_nested_principals_list_deny_implicit(self): - context = DummyContext() - from repoze.bfg.security import Allow - ace = (Allow, 'somebodyelse', 'read') - acl = [ace] - context.__acl__ = acl - authorizer = self._makeOne(context) - principals = (['fred', ['jim', ['bob', 'larry']]]) - result = authorizer.permits('read', *principals) - self.assertEqual(result, False) - def test_permits_allow_via_location_parent(self): context = DummyContext() context.__parent__ = None |