Skip to content

Loading…

fix.299 raise exception if view_execution_permitted is invoked on a non-existant view #710

Merged
merged 3 commits into from

2 participants

@mmerickel
Pylons Project member

If TypeError doesn't make sense, change it. Also the docs say "an exception" when they should probably specify the type.

@mcdonc mcdonc merged commit 6e96403 into 1.4-branch
@mcdonc
Pylons Project member

Noice.

@mmerickel mmerickel deleted the fix.299 branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 30, 2012
  1. @mmerickel
  2. @mmerickel

    updated changes

    mmerickel committed
  3. @mmerickel

    updated docs

    mmerickel committed
Showing with 39 additions and 1 deletion.
  1. +8 −0 CHANGES.txt
  2. +13 −1 pyramid/security.py
  3. +18 −0 pyramid/tests/test_security.py
View
8 CHANGES.txt
@@ -6,6 +6,14 @@ Features
- Added an ``effective_principals`` route and view predicate.
+Bug Fixes
+---------
+
+- :func:`pyramid.security.view_execution_permitted` would return `True` if
+ no view could be found. This case now raises an exception as it doesn't
+ make sense make an assertion about a non-existant view. See
+ https://github.com/Pylons/pyramid/issues/299.
+
1.4a3 (2012-10-26)
==================
View
14 pyramid/security.py
@@ -4,6 +4,7 @@
IAuthenticationPolicy,
IAuthorizationPolicy,
ISecuredView,
+ IView,
IViewClassifier,
)
@@ -132,7 +133,13 @@ def view_execution_permitted(context, request, name=''):
view using the effective authentication/authorization policies and
the ``request``. Return a boolean result. If no
:term:`authorization policy` is in effect, or if the view is not
- protected by a permission, return ``True``."""
+ protected by a permission, return ``True``. If no view can view found,
+ an exception will be raised.
+
+ .. versionchanged:: 1.4a4
+ An exception is raised if no view is found.
+
+ """
try:
reg = request.registry
except AttributeError:
@@ -140,6 +147,11 @@ def view_execution_permitted(context, request, name=''):
provides = [IViewClassifier] + map_(providedBy, (request, context))
view = reg.adapters.lookup(provides, ISecuredView, name=name)
if view is None:
+ view = reg.adapters.lookup(provides, IView, name=name)
+ if view is None:
+ raise TypeError('No registered view satisfies the constraints. '
+ 'It would not make sense to claim that this view '
+ '"is" or "is not" permitted.')
return Allowed(
'Allowed: view name %r in context %r (no permission defined)' %
(name, context))
View
18 pyramid/tests/test_security.py
@@ -131,19 +131,37 @@ def __permitted__(self, context, request):
return checker
def test_no_permission(self):
+ from zope.interface import Interface
from pyramid.threadlocal import get_current_registry
from pyramid.interfaces import ISettings
+ from pyramid.interfaces import IView
+ from pyramid.interfaces import IViewClassifier
settings = dict(debug_authorization=True)
reg = get_current_registry()
reg.registerUtility(settings, ISettings)
context = DummyContext()
request = DummyRequest({})
+ class DummyView(object):
+ pass
+ view = DummyView()
+ reg.registerAdapter(view, (IViewClassifier, Interface, Interface),
+ IView, '')
result = self._callFUT(context, request, '')
msg = result.msg
self.assertTrue("Allowed: view name '' in context" in msg)
self.assertTrue('(no permission defined)' in msg)
self.assertEqual(result, True)
+ def test_no_view_registered(self):
+ from pyramid.threadlocal import get_current_registry
+ from pyramid.interfaces import ISettings
+ settings = dict(debug_authorization=True)
+ reg = get_current_registry()
+ reg.registerUtility(settings, ISettings)
+ context = DummyContext()
+ request = DummyRequest({})
+ self.assertRaises(TypeError, self._callFUT, context, request, '')
+
def test_with_permission(self):
from zope.interface import Interface
from zope.interface import directlyProvides
Something went wrong with that request. Please try again.