Merged r68980 from 2.10 branch:

Fixed refactored traversal on bound methods of classes with no default access.

Merged r68980 from 2.10 branch:
Fixed refactored traversal on bound methods of classes with no default access.
0e25715e · Florent Guillaume · 0500ff52 · 0e25715e · 0e25715e
Commit 0e25715e authored Jul 05, 2006 by Florent Guillaume
Show whitespace changes
Inline Side-by-side

Showing with 55 additions and 10 deletions

lib/python/OFS/Traversable.py lib/python/OFS/Traversable.py +10 -10

lib/python/OFS/tests/testTraverse.py lib/python/OFS/tests/testTraverse.py +45 -0

No files found.
--- a/lib/python/OFS/Traversable.py
+++ b/lib/python/OFS/Traversable.py
@@ -237,11 +237,11 @@ class Traversable:
                            if not validated:
                                raise Unauthorized, name
                    else:
-                        if hasattr(aq_base(obj), name):
+                        if getattr(aq_base(obj), name, marker) is not marker:
                            if restricted:
-                                next = guarded_getattr(obj, name, marker)
+                                next = guarded_getattr(obj, name)
                            else:
-                                next = _getattr(obj, name, marker)
+                                next = _getattr(obj, name)
                        else:
                            try:
                                next=obj[name]
@@ -249,6 +249,9 @@ class Traversable:
                                # Raise NotFound for easier debugging
                                # instead of AttributeError: __getitem__
                                raise NotFound, name
+                            if restricted and not securityManager.validate(
+                                obj, obj, _none, next):
+                                raise Unauthorized, name
                except (AttributeError, NotFound, KeyError), e: 
                    # Try to look for a view
@@ -274,9 +277,6 @@ class Traversable:
                            # Nothing found re-raise error
                            raise e
-                if restricted and not securityManager.validate(
-                    obj, obj, _none, next):
-                    raise Unauthorized, name
                obj = next
            return obj

--- a/lib/python/OFS/tests/testTraverse.py
+++ b/lib/python/OFS/tests/testTraverse.py
@@ -68,6 +68,24 @@ class CruelSecurityPolicy:
        return 0
+class ProtectedMethodSecurityPolicy:
+    """Check security strictly on bound methods.
+    """
+    def validate(self, accessed, container, name, value, *args):
+        if getattr(aq_base(value), 'im_self', None) is None:
+            return 1
+        # Bound method
+        if name is None:
+            raise Unauthorized
+        klass = value.im_self.__class__
+        roles = getattr(klass, name+'__roles__', object())
+        if roles is None: # ACCESS_PUBLIC
+            return 1
+        raise Unauthorized(name)
 class UnitTestUser( Acquisition.Implicit ):
    """
        Stubbed out manager for unit testing purposes.
@@ -103,6 +121,22 @@ class BoboTraversable(SimpleItem):
    bb_status = 'screechy'
+class Restricted(SimpleItem):
+    """Instance we'll check with ProtectedMethodSecurityPolicy
+    """
+    getId__roles__ = None # ACCESS_PUBLIC
+    def getId(self):
+        return self.id
+    private__roles__ = () # ACCESS_PRIVATE
+    def private(self):
+        return 'private!'
+    # not protected
+    def ohno(self):
+        return 'ohno!'
 class BoboTraversableWithAcquisition(SimpleItem):
    """
       A BoboTraversable class which may use acquisition to find objects.
@@ -210,6 +244,17 @@ class TestTraverse( unittest.TestCase ):
        self.failUnlessRaises(
            KeyError, self.folder1.unrestrictedTraverse,  '/folder1/file2/' )
+    def testTraverseMethodRestricted(self):
+        self.root.my = Restricted('my')
+        my = self.root.my
+        my.id = 'my'
+        noSecurityManager()
+        SecurityManager.setSecurityPolicy(ProtectedMethodSecurityPolicy())
+        r = my.restrictedTraverse('getId')
+        self.assertEquals(r(), 'my')
+        self.assertRaises(Unauthorized, my.restrictedTraverse, 'private')
+        self.assertRaises(Unauthorized, my.restrictedTraverse, 'ohno')
    def testBoboTraverseToWrappedSubObj(self):
        # Verify it's possible to use __bobo_traverse__ with the
        # Zope security policy.