merge the rest of r114289 to Zope2 trunk

a35da91b · David Glick · 4bc9139d · a35da91b · a35da91b · a35da91b
Commit a35da91b authored Jul 16, 2010 by David Glick
5 changed files
--- a/doc/CHANGES.rst
+++ b/doc/CHANGES.rst
@@ -11,6 +11,12 @@ http://docs.zope.org/zope2/releases/.
 Bugs Fixed
 ++++++++++

+- Fix support for non-public permission attributes in the
+  browser:view directive so that attributes which are not included in
+  allowed_interface or allowed_attributes but which have declarations from a
+  base class's security info don't get their security overwritten to be
+  private.
+
 - LP #143755: Also catch TypeError when trying to determine an 
  indexable value for an object in PluginIndexes.common.UnIndex


--- a/src/Products/Five/browser/metaconfigure.py
+++ b/src/Products/Five/browser/metaconfigure.py
@@ -314,7 +314,7 @@ class view(zope.browserpage.metaconfigure.view):
            _context.action(
                discriminator = ('five:protectName', newclass, attr),
                callable = protectName,
-                args = (newclass, attr, CheckerPrivateId)
+                args = (newclass, attr, CheckerPrivateId, False)
                )
        
        # Protect the class

--- a/src/Products/Five/browser/tests/pages.py
+++ b/src/Products/Five/browser/tests/pages.py
@@ -17,6 +17,7 @@ $Id$
 """
 from Products.Five import BrowserView
 from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
+from OFS.SimpleItem import SimpleItem

 class SimpleView(BrowserView):
    """More docstring. Please Zope"""
@@ -40,6 +41,11 @@ class CallView(BrowserView):
    def __call__(self):
        return u"I was __call__()'ed"

+class PermissionView(BrowserView, SimpleItem):
+    
+    def __call__(self):
+        return u"I was __call__()'ed"
+
 class CallTemplate(BrowserView):

    __call__ = ViewPageTemplateFile('falcon.pt')

--- a/src/Products/Five/browser/tests/pages.txt
+++ b/src/Products/Five/browser/tests/pages.txt
@@ -275,6 +275,12 @@ The same applies to a view registered with <browser:view /> instead of
  >>> aq_parent(aq_inner(context))
  <Folder at /test_folder_1_> 

+Make sure that methods which are not included in the allowed interface or
+attributes, but which already had security declarations from a base class,
+don't get those declarations overridden to be private. (The roles for
+restrictedTraverse should be None, indicating it is public.)
+
+  >>> view.restrictedTraverse__roles__

 Other
 -----

--- a/src/Products/Five/browser/tests/pages.zcml
+++ b/src/Products/Five/browser/tests/pages.zcml
@@ -237,7 +237,7 @@
  <browser:view
      name="permission_view"
      for="Products.Five.tests.testing.simplecontent.ISimpleContent"
-      class=".pages.CallView"
+      class=".pages.PermissionView"
      permission="zope2.ViewManagementScreens"
      />