This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

This package provides a trused layer setup for Zope3. Truted means you can travers over objects which you don’t have permission for. This is needed if you have a setup with more then one IAuthentication utility. Otherwise you don’t hav a chance to traverse to the IAthentication utility in the subsite without to authenticate at the parent IAuthentication.

README

This package contains the trusted layer. This layer support a correct set of component registration and can be used for inheritation in custom skins.

The ITrustedBrowserLayer supports the same registration set like the IMinimalBrowserLayer. The only difference is, that the trusted layer offers trusted traversal adapters. This means a skin using this layer can traverse over a PAU (pluggable IAuthentication utility) without to run into a Unautorized exception.

For more information see also the README.txt in z3c.layer.minimal.

Testing

For testing the ITrustedBrowserLayer we use the testing skin defined in the tests package which uses the ITrustedBrowserLayer. This means, that our testing skin provides also the views defined in the minimal package and it’s testing views defined in the minimal tests.

Login as manager first:

>>> from zope.testbrowser.testing import Browser
>>> manager = Browser()
>>> manager.addHeader('Authorization', 'Basic mgr:mgrpw')

Check if we can access the public page.html view which is registred in the ftesting.zcml file with our skin:

>>> skinURL = 'http://localhost/++skin++TrustedTesting'
>>> manager.open(skinURL + '/page.html')
>>> manager.url
'http://localhost/++skin++TrustedTesting/page.html'
>>> print manager.contents
<BLANKLINE>
<html>
<head>
  <title>testing</title>
</head>
<body>
<BLANKLINE>
  test page
<BLANKLINE>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

Now check the not found page which is a exception view on the exception zope.publisher.interfaces.INotFound:

>>> manager.open(skinURL + '/foobar.html')
Traceback (most recent call last):
...
HTTPError: HTTP Error 404: Not Found
>>> print manager.contents
<BLANKLINE>
<html>
<head>
  <title>testing</title>
</head>
<body>
<div>
  <br />
  <br />
  <h3>
    The page you are trying to access is not available
  </h3>
  <br />
  <b>
    Please try the following:
  </b>
  <br />
  <ol>
    <li>
      Make sure that the Web site address is spelled correctly.
    </li>
    <li>
      <a href="javascript:history.back(1);">
        Go back and try another URL.
      </a>
    </li>
  </ol>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

And check the user error page which is a view registred for zope.exceptions.interfaces.IUserError exceptions:

>>> manager.open(skinURL + '/@@usererror.html')
>>> print manager.contents
<BLANKLINE>
<html>
<head>
  <title>testing</title>
</head>
<body>
<div>
  <div>simply user error</div>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

And check error view registred for zope.interface.common.interfaces.IException:

>>> manager.open(skinURL + '/@@systemerror.html')
>>> print manager.contents
<BLANKLINE>
<html>
<head>
  <title>testing</title>
</head>
<body>
<div>
  <br />
  <br />
  <h3>A system error occurred</h3>
  <br />
  <b>Please contact the administrator.</b>
  <a href="javascript:history.back(1);">
    Go back and try another URL.
  </a>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

And check the zope.security.interfaces.IUnauthorized view, use a new unregistred user (test browser) for this:

>>> unauthorized = Browser()
>>> unauthorized.open(skinURL + '/@@forbidden.html')
Traceback (most recent call last):
...
HTTPError: HTTP Error 401: Unauthorized
>>> print unauthorized.contents
<BLANKLINE>
<html>
<head>
  <title>testing</title>
</head>
<body>
<div>
<BLANKLINE>
<h1>Unauthorized</h1>
<BLANKLINE>
<p>You are not authorized</p>
<BLANKLINE>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

When an object gets traversed, its security proxy is removed, so its sub-objects can be publically accessed, too:

>>> import zope.site.folder
>>> getRootFolder()['test'] = zope.site.folder.Folder()
>>> manager.open(skinURL + '/container_contents.html')

The view displays the types of the content objects inside the root folder. The content objects are not security proxied:

>>> print manager.contents
[<class 'zope.site.folder.Folder'>]

CHANGES

1.1.0 (2009-02-21)

  • Doctests show that removing security proxies from traversed objects is the desired behavior.
  • Using zope.container instead of zope.app.container.
  • Made sure that long_description renders properly on pypi.
  • Cleaned up dependencies.

1.0.1 (2008-01-24)

  • Bug: Corrected and improved meta-data and documentation.

1.0.0 (2008-01-21)

  • Restructure: Move z3c.layer.trusted package to it’s own top level package form zope.layer to z3c.layer.trusted.
  • Bug: Reflect changes in zope.app.securitypolicy ZCML configuration. Prevent loading deprecated module configuration.
  • Restructure: Moved implementation from z3c.layer to z3c.layer.trusted.

0.2.3 (2007-11-07)

  • Forward-Bug: Due to a bug in mechanize, the testbrowser throws httperror_seek_wrapper instead of HTTPError errors. Thanks to RE normalizers, the code will now work whether the bug is fixed or not in mechanize.

0.2.2 (2007-10-31)

  • Bug: Fixed package meta-data.
  • Bug: Fixed test failures due to depency updates.
  • Restructure: Fixed deprecation warninf for ZopeSecurityPolicy.

0.2.1 (2007-??-??)

  • Changes unknown.

0.2.0 (2007-??-??)

  • Initial release.
Release History

Release History

1.1.0

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
z3c.layer.trusted-1.1.0.tar.gz (8.5 kB) Copy SHA256 Checksum SHA256 Source Feb 21, 2009

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting