From bdddc931bb00dd158678e19860d46e756c91570e Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Tue, 26 Oct 2010 16:51:34 -0400
Subject: merge bugfix from bfg

---
 pyramid/configuration.py                |  2 +-
 pyramid/tests/permbugapp/__init__.py    | 12 ++++++++++++
 pyramid/tests/permbugapp/configure.zcml | 21 +++++++++++++++++++++
 pyramid/tests/test_integration.py       | 12 ++++++++++++
 4 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 pyramid/tests/permbugapp/__init__.py
 create mode 100644 pyramid/tests/permbugapp/configure.zcml

diff --git a/pyramid/configuration.py b/pyramid/configuration.py
index d94e5504b..bf06143bd 100644
--- a/pyramid/configuration.py
+++ b/pyramid/configuration.py
@@ -1099,7 +1099,7 @@ class Configurator(object):
         isexc = isexception(context)
 
         def regclosure():
-            if hasattr(view, '__call_permissive__'):
+            if hasattr(derived_view, '__call_permissive__'):
                 view_iface = ISecuredView
             else:
                 view_iface = IView
diff --git a/pyramid/tests/permbugapp/__init__.py b/pyramid/tests/permbugapp/__init__.py
new file mode 100644
index 000000000..239f8f06a
--- /dev/null
+++ b/pyramid/tests/permbugapp/__init__.py
@@ -0,0 +1,12 @@
+from cgi import escape
+from pyramid.security import view_execution_permitted
+from webob import Response
+
+def x_view(request):
+     return Response('this is private!')
+
+def test(context, request):
+    # should return false
+     msg = 'Allow ./x? %s' % repr(view_execution_permitted(
+         context, request, 'x'))
+     return Response(escape(msg))
diff --git a/pyramid/tests/permbugapp/configure.zcml b/pyramid/tests/permbugapp/configure.zcml
new file mode 100644
index 000000000..13159e394
--- /dev/null
+++ b/pyramid/tests/permbugapp/configure.zcml
@@ -0,0 +1,21 @@
+<configure xmlns="http://pylonshq.com/pyramid">
+
+  <include package="pyramid.includes" />
+
+  <view
+      view=".test"
+      name="test"
+      />
+
+  <view
+      view=".x_view"
+      name="x"
+      permission="private"
+      />
+
+  <authtktauthenticationpolicy
+     secret="seekt1t"/>
+
+  <aclauthorizationpolicy/>
+
+</configure>
diff --git a/pyramid/tests/test_integration.py b/pyramid/tests/test_integration.py
index 4d6f48399..1c6752808 100644
--- a/pyramid/tests/test_integration.py
+++ b/pyramid/tests/test_integration.py
@@ -186,6 +186,18 @@ class TestViewDecoratorApp(TwillBase):
         self.assertEqual(browser.get_code(), 200)
         self.failUnless('OK3' in browser.get_html())
 
+class TestViewPermissionBug(TwillBase):
+    # view_execution_permitted bug as reported by Shane at http://lists.repoze.org/pipermail/repoze-dev/2010-October/003603.html
+    config = 'pyramid.tests.permbugapp:configure.zcml'
+    def test_it(self):
+        import twill.commands
+        browser = twill.commands.get_browser()
+        browser.go('http://localhost:6543/test')
+        self.assertEqual(browser.get_code(), 200)
+        self.failUnless('ACLDenied' in browser.get_html())
+        browser.go('http://localhost:6543/x')
+        self.assertEqual(browser.get_code(), 401)
+
 from pyramid.tests.exceptionviewapp.models import AnException, NotAnException
 excroot = {'anexception':AnException(),
            'notanexception':NotAnException()}
-- 
cgit v1.2.3