Merge pull request #43 from plone/deserial-anon

Handle error when deserializing content when not authenticated

.travis.yml

@@ -8,13 +8,13 @@ cache:
   directories:
   - eggs
 install:
-- python bootstrap-buildout.py
-- bin/buildout -t 3
+- pip install zc.buildout
+- buildout -t 3
 - pip install flake8
 - pip install coverage==4.0.3
 - sleep 15
 script:
-- bin/py.test -s --cov=plone.server -v --cov-report term-missing src 
+- bin/py.test -s --cov=plone.server -v --cov-report term-missing src
 - bin/code-analysis
 after_success:
 - coveralls

src/plone.server/CHANGELOG.rst

@@ -1,6 +1,10 @@
 1.0a9 (unreleased)
 ------------------
 
+- Handle error when deserializing content when not authenticated and checking
+  permissions
+  [vangheem]
+
 - add `pshell` command
   [vangheem]
 

src/plone.server/README.rst

@@ -11,7 +11,8 @@ Getting started
 
 We use buildout of course::
 
-    python3.5 bootstrap-buildout.py
+    virtualenv .
+    ./bin/pip install zc.buildout
     ./bin/buildout
 
 The buildout installs the app itself, code analysis tools, and a test runner.

src/plone.server/plone/server/json/deserialize_content.py

@@ -19,6 +19,7 @@
 from zope.schema.interfaces import ValidationError
 from zope.security import checkPermission
 from zope.security.interfaces import IPermission
+from zope.security.interfaces import NoInteraction
 
 
 @implementer(IResourceDeserializeFromJson)
@@ -136,6 +137,10 @@ def check_permission(self, permission_name):
             if permission is None:
                 self.permission_cache[permission_name] = True
             else:
-                self.permission_cache[permission_name] = bool(
-                    checkPermission(permission.title, self.context))
+                try:
+                    self.permission_cache[permission_name] = bool(
+                        checkPermission(permission.title, self.context))
+                except NoInteraction:
+                    # not authenticated
+                    return False
         return self.permission_cache[permission_name]