From cb4b8039c677a4907d999598b96505298a3e7401 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 25 Jan 2009 05:19:28 +0000
Subject: - It is no longer permissible to pass a "nested" list of principals
 to   ``repoze.bfg.ACLAuthorizer.permits`` (e.g. ['fred', ['larry',   'bob']).
  The principals list must be fully expanded.  This feature   was never
 documented, and was never an API, so it's not a backwards   incompatibility.

---
 CHANGES.txt                       |  6 ++++++
 repoze/bfg/security.py            |  2 +-
 repoze/bfg/tests/test_security.py | 36 ------------------------------------
 3 files changed, 7 insertions(+), 37 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 8eea97d1f..1217a72e8 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -24,6 +24,12 @@ Behavior Changes
   contain a REQUEST_METHOD key/value; if they do not, a KeyError will
   be raised (speed).  
 
+- It is no longer permissible to pass a "nested" list of principals to
+  ``repoze.bfg.ACLAuthorizer.permits`` (e.g. ['fred', ['larry',
+  'bob']).  The principals list must be fully expanded.  This feature
+  was never documented, and was never an API, so it's not a backwards
+  incompatibility.
+
 Implementation Changes
 ----------------------
 
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index 693f253d0..2b1d3e0de 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -75,7 +75,7 @@ class ACLAuthorizer(object):
 
         for ace in acl:
             ace_action, ace_principal, ace_permissions = ace
-            for principal in flatten(principals):
+            for principal in principals:
                 if ace_principal == principal:
                     permissions = flatten(ace_permissions)
                     if permission in permissions:
diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py
index 4209f8d3d..31b25b774 100644
--- a/repoze/bfg/tests/test_security.py
+++ b/repoze/bfg/tests/test_security.py
@@ -129,42 +129,6 @@ class TestACLAuthorizer(unittest.TestCase):
         self.assertEqual(result, True)
         self.assertEqual(result.ace, allow)
 
-    def test_permits_nested_principals_list_allow(self):
-        context = DummyContext()
-        acl = []
-        from repoze.bfg.security import Allow
-        ace = (Allow, 'larry', 'read')
-        acl = [ace]
-        context.__acl__ = acl
-        authorizer = self._makeOne(context)
-        principals = (['fred', ['jim', ['bob', 'larry']]])
-        result = authorizer.permits('read', *principals)
-        self.assertEqual(result, True)
-        self.assertEqual(result.ace, ace)
-
-    def test_permits_nested_principals_list_deny_explicit(self):
-        context = DummyContext()
-        from repoze.bfg.security import Deny
-        ace = (Deny, 'larry', 'read')
-        acl = [ace]
-        context.__acl__ = acl
-        authorizer = self._makeOne(context)
-        principals = (['fred', ['jim', ['bob', 'larry']]])
-        result = authorizer.permits('read', *principals)
-        self.assertEqual(result, False)
-        self.assertEqual(result.ace, ace)
-
-    def test_permits_nested_principals_list_deny_implicit(self):
-        context = DummyContext()
-        from repoze.bfg.security import Allow
-        ace = (Allow, 'somebodyelse', 'read')
-        acl = [ace]
-        context.__acl__ = acl
-        authorizer = self._makeOne(context)
-        principals = (['fred', ['jim', ['bob', 'larry']]])
-        result = authorizer.permits('read', *principals)
-        self.assertEqual(result, False)
-
     def test_permits_allow_via_location_parent(self):
         context = DummyContext()
         context.__parent__ = None
-- 
cgit v1.2.3