Add security policy checks.

2 files changed, 81 insertions, 12 deletions

diff --git a/repoze/bfg/tests/test_router.py b/repoze/bfg/tests/test_router.py
index 25d3bfdcf..5d866523e 100644
--- a/repoze/bfg/tests/test_router.py
+++ b/repoze/bfg/tests/test_router.py
@@ -70,7 +70,7 @@ class RouterTests(unittest.TestCase, PlacelessSetup):
         environ = self._makeEnviron(PATH_INFO='/doesnt/end/in/slash')
         self._registerTraverserFactory(traversalfactory, '', None, None)
         self._registerViewFactory(viewfactory, '', None, None)
-        self._registerWSGIFactory(wsgifactory, '', None, None)
+        self._registerWSGIFactory(wsgifactory, '', None, None, None)
         router = self._makeOne(rootpolicy)
         start_response = DummyStartResponse()
         result = router(environ, start_response)
@@ -94,7 +94,7 @@ class RouterTests(unittest.TestCase, PlacelessSetup):
         environ = self._makeEnviron()
         self._registerTraverserFactory(traversalfactory, '', None, None)
         self._registerViewFactory(viewfactory, '', None, None)
-        self._registerWSGIFactory(wsgifactory, '', None, None)
+        self._registerWSGIFactory(wsgifactory, '', None, None, None)
         router = self._makeOne(rootpolicy)
         start_response = DummyStartResponse()
         result = router(environ, start_response)
@@ -115,7 +115,7 @@ class RouterTests(unittest.TestCase, PlacelessSetup):
         environ = self._makeEnviron()
         self._registerTraverserFactory(traversalfactory, '', None, None)
         self._registerViewFactory(viewfactory, 'foo', None, None)
-        self._registerWSGIFactory(wsgifactory, '', None, None)
+        self._registerWSGIFactory(wsgifactory, '', None, None, None)
         router = self._makeOne(rootpolicy)
         start_response = DummyStartResponse()
         result = router(environ, start_response)
@@ -142,7 +142,7 @@ class RouterTests(unittest.TestCase, PlacelessSetup):
         environ = self._makeEnviron()
         self._registerTraverserFactory(traversalfactory, '', None, None)
         self._registerViewFactory(viewfactory, '', IContext, IRequest)
-        self._registerWSGIFactory(wsgifactory, '', None, None)
+        self._registerWSGIFactory(wsgifactory, '', None, None, None)
         router = self._makeOne(rootpolicy)
         start_response = DummyStartResponse()
         result = router(environ, start_response)
@@ -171,7 +171,7 @@ class RouterTests(unittest.TestCase, PlacelessSetup):
         environ = self._makeEnviron()
         self._registerTraverserFactory(traversalfactory, '', None, None)
         self._registerViewFactory(viewfactory, '', IContext, IRequest)
-        self._registerWSGIFactory(wsgifactory, '', None, None)
+        self._registerWSGIFactory(wsgifactory, '', None, None, None)
         router = self._makeOne(rootpolicy)
         start_response = DummyStartResponse()
         result = router(environ, start_response)
@@ -183,13 +183,15 @@ class DummyContext:
 
 def make_wsgi_factory(status, headers, app_iter):
     class DummyWSGIApplicationFactory:
-        def __init__(self, view, request):
-            self.view = view
+        def __init__(self, context, request, view):
+            self.context = context
             self.request = request
+            self.view = view
 
         def __call__(self, environ, start_response):
-            environ['view'] = self.view
+            environ['context'] = self.context
             environ['request'] = self.request
+            environ['view'] = self.view
             start_response(status, headers)
             return app_iter
 
diff --git a/repoze/bfg/tests/test_wsgiadapter.py b/repoze/bfg/tests/test_wsgiadapter.py
index 71e2f5c81..db07ab071 100644
--- a/repoze/bfg/tests/test_wsgiadapter.py
+++ b/repoze/bfg/tests/test_wsgiadapter.py
@@ -1,6 +1,14 @@
 import unittest
 
-class NaiveWSGIAdapterTests(unittest.TestCase):
+from zope.component.testing import PlacelessSetup
+
+class NaiveWSGIAdapterTests(unittest.TestCase, PlacelessSetup):
+    def setUp(self):
+        PlacelessSetup.setUp(self)
+
+    def tearDown(self):
+        PlacelessSetup.tearDown(self)
+
     def _getTargetClass(self):
         from repoze.bfg.wsgiadapter import NaiveWSGIViewAdapter
         return NaiveWSGIViewAdapter
@@ -15,7 +23,8 @@ class NaiveWSGIAdapterTests(unittest.TestCase):
         def view():
             return response
         request = DummyRequest()
-        adapter = self._makeOne(view, request)
+        context = DummyContext()
+        adapter = self._makeOne(context, request, view)
         environ = {}
         start_response = DummyStartResponse()
         result = adapter(environ, start_response)
@@ -31,7 +40,8 @@ class NaiveWSGIAdapterTests(unittest.TestCase):
             response.start_response = start_response
             return response
         request = DummyRequest()
-        adapter = self._makeOne(view, request)
+        context = DummyContext()
+        adapter = self._makeOne(context, request, view)
         environ = {}
         start_response = DummyStartResponse()
         result = adapter(environ, start_response)
@@ -48,7 +58,61 @@ class NaiveWSGIAdapterTests(unittest.TestCase):
         def view(request):
             response.request = request
             return response
-        adapter = self._makeOne(view, request)
+        context = DummyContext()
+        adapter = self._makeOne(context, request, view)
+        environ = {}
+        start_response = DummyStartResponse()
+        result = adapter(environ, start_response)
+        self.assertEqual(result, ['Hello world'])
+        self.assertEqual(start_response.headers, ())
+        self.assertEqual(start_response.status, '200 OK')
+        self.assertEqual(response.request, request)
+
+    def test_view_fails_security_policy(self):
+        import zope.component
+        gsm = zope.component.getGlobalSiteManager()
+        from repoze.bfg.wsgiadapter import IViewSecurityPolicy
+        def failed(context, request):
+            def view():
+                response = DummyResponse()
+                response.app_iter = ['failed']
+                response.status = '401 Unauthorized'
+                response.headerlist = ()
+                return response
+            return view
+        gsm.registerAdapter(failed, (None, None), IViewSecurityPolicy)
+        request = DummyRequest()
+        response = DummyResponse()
+        response.app_iter = ['Hello world']
+        def view(request):
+            response.request = request
+            return response
+        context = DummyContext()
+        adapter = self._makeOne(context, request, view)
+        environ = {}
+        start_response = DummyStartResponse()
+        result = adapter(environ, start_response)
+        self.assertEqual(result, ['failed'])
+        self.assertEqual(start_response.headers, ())
+        self.assertEqual(start_response.status, '401 Unauthorized')
+
+    def test_view_passes_security_policy(self):
+        import zope.component
+        gsm = zope.component.getGlobalSiteManager()
+        from repoze.bfg.wsgiadapter import IViewSecurityPolicy
+        def failed(context, request):
+            def view():
+                return None
+            return view
+        gsm.registerAdapter(failed, (None, None), IViewSecurityPolicy)
+        request = DummyRequest()
+        response = DummyResponse()
+        response.app_iter = ['Hello world']
+        def view(request):
+            response.request = request
+            return response
+        context = DummyContext()
+        adapter = self._makeOne(context, request, view)
         environ = {}
         start_response = DummyStartResponse()
         result = adapter(environ, start_response)
@@ -57,6 +121,9 @@ class NaiveWSGIAdapterTests(unittest.TestCase):
         self.assertEqual(start_response.status, '200 OK')
         self.assertEqual(response.request, request)
 
+class DummyContext:
+    pass
+
 class DummyRequest:
     pass