From 4b552e539a1725356b9982261b73fd88de7d59a1 Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Tue, 30 Oct 2012 01:00:55 -0500
Subject: raise exc if view_execution_permitted invoked on non-existant view

fix #299
---
 pyramid/security.py            |  6 ++++++
 pyramid/tests/test_security.py | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/pyramid/security.py b/pyramid/security.py
index 4b929241e..5d4a8db4a 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -4,6 +4,7 @@ from pyramid.interfaces import (
     IAuthenticationPolicy,
     IAuthorizationPolicy,
     ISecuredView,
+    IView,
     IViewClassifier,
     )
 
@@ -140,6 +141,11 @@ def view_execution_permitted(context, request, name=''):
     provides = [IViewClassifier] + map_(providedBy, (request, context))
     view = reg.adapters.lookup(provides, ISecuredView, name=name)
     if view is None:
+        view = reg.adapters.lookup(provides, IView, name=name)
+        if view is None:
+            raise TypeError('No registered view satisfies the constraints. '
+                            'It would not make sense to claim that this view '
+                            '"is" or "is not" permitted.')
         return Allowed(
             'Allowed: view name %r in context %r (no permission defined)' %
             (name, context))
diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py
index ba9538b01..e530e33ca 100644
--- a/pyramid/tests/test_security.py
+++ b/pyramid/tests/test_security.py
@@ -131,19 +131,37 @@ class TestViewExecutionPermitted(unittest.TestCase):
         return checker
 
     def test_no_permission(self):
+        from zope.interface import Interface
         from pyramid.threadlocal import get_current_registry
         from pyramid.interfaces import ISettings
+        from pyramid.interfaces import IView
+        from pyramid.interfaces import IViewClassifier
         settings = dict(debug_authorization=True)
         reg = get_current_registry()
         reg.registerUtility(settings, ISettings)
         context = DummyContext()
         request = DummyRequest({})
+        class DummyView(object):
+            pass
+        view = DummyView()
+        reg.registerAdapter(view, (IViewClassifier, Interface, Interface),
+                            IView, '')
         result = self._callFUT(context, request, '')
         msg = result.msg
         self.assertTrue("Allowed: view name '' in context" in msg)
         self.assertTrue('(no permission defined)' in msg)
         self.assertEqual(result, True)
 
+    def test_no_view_registered(self):
+        from pyramid.threadlocal import get_current_registry
+        from pyramid.interfaces import ISettings
+        settings = dict(debug_authorization=True)
+        reg = get_current_registry()
+        reg.registerUtility(settings, ISettings)
+        context = DummyContext()
+        request = DummyRequest({})
+        self.assertRaises(TypeError, self._callFUT, context, request, '')
+
     def test_with_permission(self):
         from zope.interface import Interface
         from zope.interface import directlyProvides
-- 
cgit v1.2.3