From 4b552e539a1725356b9982261b73fd88de7d59a1 Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Tue, 30 Oct 2012 01:00:55 -0500
Subject: raise exc if view_execution_permitted invoked on non-existant view

fix #299
---
 pyramid/security.py            |  6 ++++++
 pyramid/tests/test_security.py | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/pyramid/security.py b/pyramid/security.py
index 4b929241e..5d4a8db4a 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -4,6 +4,7 @@ from pyramid.interfaces import (
     IAuthenticationPolicy,
     IAuthorizationPolicy,
     ISecuredView,
+    IView,
     IViewClassifier,
     )
 
@@ -140,6 +141,11 @@ def view_execution_permitted(context, request, name=''):
     provides = [IViewClassifier] + map_(providedBy, (request, context))
     view = reg.adapters.lookup(provides, ISecuredView, name=name)
     if view is None:
+        view = reg.adapters.lookup(provides, IView, name=name)
+        if view is None:
+            raise TypeError('No registered view satisfies the constraints. '
+                            'It would not make sense to claim that this view '
+                            '"is" or "is not" permitted.')
         return Allowed(
             'Allowed: view name %r in context %r (no permission defined)' %
             (name, context))
diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py
index ba9538b01..e530e33ca 100644
--- a/pyramid/tests/test_security.py
+++ b/pyramid/tests/test_security.py
@@ -131,19 +131,37 @@ class TestViewExecutionPermitted(unittest.TestCase):
         return checker
 
     def test_no_permission(self):
+        from zope.interface import Interface
         from pyramid.threadlocal import get_current_registry
         from pyramid.interfaces import ISettings
+        from pyramid.interfaces import IView
+        from pyramid.interfaces import IViewClassifier
         settings = dict(debug_authorization=True)
         reg = get_current_registry()
         reg.registerUtility(settings, ISettings)
         context = DummyContext()
         request = DummyRequest({})
+        class DummyView(object):
+            pass
+        view = DummyView()
+        reg.registerAdapter(view, (IViewClassifier, Interface, Interface),
+                            IView, '')
         result = self._callFUT(context, request, '')
         msg = result.msg
         self.assertTrue("Allowed: view name '' in context" in msg)
         self.assertTrue('(no permission defined)' in msg)
         self.assertEqual(result, True)
 
+    def test_no_view_registered(self):
+        from pyramid.threadlocal import get_current_registry
+        from pyramid.interfaces import ISettings
+        settings = dict(debug_authorization=True)
+        reg = get_current_registry()
+        reg.registerUtility(settings, ISettings)
+        context = DummyContext()
+        request = DummyRequest({})
+        self.assertRaises(TypeError, self._callFUT, context, request, '')
+
     def test_with_permission(self):
         from zope.interface import Interface
         from zope.interface import directlyProvides
-- 
cgit v1.2.3


From 6099144cf0b85ecfb9c97e344ef6ca499833725e Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Tue, 30 Oct 2012 01:08:35 -0500
Subject: updated changes

---
 CHANGES.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGES.txt b/CHANGES.txt
index 740de0f17..25d2dc75c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -6,6 +6,14 @@ Features
 
 - Added an ``effective_principals`` route and view predicate.
 
+Bug Fixes
+---------
+
+- :func:`pyramid.security.view_execution_permitted` would return `True` if
+  no view could be found. This case now raises an exception as it doesn't
+  make sense make an assertion about a non-existant view. See
+  https://github.com/Pylons/pyramid/issues/299.
+
 1.4a3 (2012-10-26)
 ==================
 
-- 
cgit v1.2.3


From 6e96403bbc3069ec876690be976121b759c51cb1 Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Tue, 30 Oct 2012 01:09:51 -0500
Subject: updated docs

---
 pyramid/security.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pyramid/security.py b/pyramid/security.py
index 5d4a8db4a..3e25f9b2f 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -133,7 +133,13 @@ def view_execution_permitted(context, request, name=''):
     view using the effective authentication/authorization policies and
     the ``request``.  Return a boolean result.  If no
     :term:`authorization policy` is in effect, or if the view is not
-    protected by a permission, return ``True``."""
+    protected by a permission, return ``True``. If no view can view found,
+    an exception will be raised.
+
+    .. versionchanged:: 1.4a4
+       An exception is raised if no view is found.
+
+    """
     try:
         reg = request.registry
     except AttributeError:
-- 
cgit v1.2.3