[z3-five] Adaptation in untrusted code

Maciej Wisniowski maciej.wisniowski at coig.katowice.pl
Fri Nov 17 16:33:12 CET 2006 

> better, write up a unit test which:

I've written some tests. They're expected to be put into Five/tests.
I've checked them on Zope 2.8.8 and with Five 1.2.6.

Few issues:
Do I need <content class ... directive to set permissions?
Why is user supposed to be a Manager?


Tests exhibits following behaviours:
1. Adapter called directly from test works
2. Adapter called by Script Python:
  1. When there is no '<content class directive', causes:
     Unauthorized: The container has no security assertions.  Access to
     'testmethod' of (Products.Five.tests.contentspaceadapters.
     CacheablePlus instance at 0x2aaab3dd3b90) denied.

  2. When there is '<content class directive':
     Unauthorized: The owner of the executing script does not have the
     required permission.  Access to 'testmethod' of
     (Products.Five.tests.contentspaceadapters.CacheablePlus instance at
      0x2aaab3e03560) denied. Access requires one of the following
      roles: ['Manager']. The executing script is (PythonScript at
     /test_folder_1_/tester), owned by test_user_1_, who has the roles
     ['Authenticated', 'test_role_1_'].

  3. When there is '<content class directive' and user has 'Manager'
     role:
     Unauthorized: Your user account is defined outside the context of
     the object being accessed.  Access to 'testmethod' of
     (Products.Five.tests.contentspaceadapters.CacheablePlus instance at
      0x2aaab1db6128) denied. Your user account, test_user_1_, exists at
      /test_folder_1_/acl_users. Access requires one of the following
      roles: ['Manager'].



-- 
Maciej Wisniowski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: contentspaceadapters.py
Type: text/x-python
Size: 439 bytes
Desc: not available
Url : http://codespeak.net/pipermail/z3-five/attachments/20061117/becb8d15/attachment.py 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: contentspaceadaptertest.txt
Url: http://codespeak.net/pipermail/z3-five/attachments/20061117/becb8d15/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: contentspaceadaptertest2.txt
Url: http://codespeak.net/pipermail/z3-five/attachments/20061117/becb8d15/attachment-0001.txt 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_contentspaceadapter.py
Type: text/x-python
Size: 1839 bytes
Desc: not available
Url : http://codespeak.net/pipermail/z3-five/attachments/20061117/becb8d15/attachment-0001.py

More information about the z3-five mailing list