[Zope-Checkins] SVN: Zope/branches/2.12/ LP #659968: Added support for level argument to the ``__import__`` function as introduced in Python 2.5. Currently only level=0 is supported.
Hanno Schlichting
hannosch at hannosch.eu
Fri Oct 15 07:06:11 EDT 2010
Log message for revision 117566:
LP #659968: Added support for level argument to the ``__import__`` function as introduced in Python 2.5. Currently only level=0 is supported.
Changed:
U Zope/branches/2.12/doc/CHANGES.rst
U Zope/branches/2.12/src/AccessControl/ZopeGuards.py
U Zope/branches/2.12/src/AccessControl/tests/testModuleSecurity.py
-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst 2010-10-14 17:30:33 UTC (rev 117565)
+++ Zope/branches/2.12/doc/CHANGES.rst 2010-10-15 11:06:10 UTC (rev 117566)
@@ -12,7 +12,13 @@
++++++++++
+Features Added
+++++++++++++++
+- LP #659968: Added support for level argument to the ``__import__`` function
+ as introduced in Python 2.5. Currently only level=0 is supported.
+
+
2.12.12 (2010-10-02)
--------------------
Modified: Zope/branches/2.12/src/AccessControl/ZopeGuards.py
===================================================================
--- Zope/branches/2.12/src/AccessControl/ZopeGuards.py 2010-10-14 17:30:33 UTC (rev 117565)
+++ Zope/branches/2.12/src/AccessControl/ZopeGuards.py 2010-10-15 11:06:10 UTC (rev 117566)
@@ -267,21 +267,27 @@
return zip(*safe_seqs)
safe_builtins['zip'] = guarded_zip
-def guarded_import(mname, globals=None, locals=None, fromlist=None):
+def guarded_import(mname, globals=None, locals=None, fromlist=None,
+ level=0):
if fromlist is None:
fromlist = ()
if '*' in fromlist:
- raise Unauthorized, "'from %s import *' is not allowed"
+ raise Unauthorized("'from %s import *' is not allowed")
if globals is None:
globals = {}
if locals is None:
locals = {}
+ # Refs https://bugs.launchpad.net/zope2/+bug/659968
+ if level != 0:
+ raise Unauthorized("Using import with a level specification isn't "
+ "supported by AccessControl: %s" % mname)
+
mnameparts = mname.split('.')
firstmname = mnameparts[0]
validate = getSecurityManager().validate
module = load_module(None, None, mnameparts, validate, globals, locals)
if module is None:
- raise Unauthorized, "import of '%s' is unauthorized" % mname
+ raise Unauthorized("import of '%s' is unauthorized" % mname)
if fromlist is None:
fromlist = ()
for name in fromlist:
Modified: Zope/branches/2.12/src/AccessControl/tests/testModuleSecurity.py
===================================================================
--- Zope/branches/2.12/src/AccessControl/tests/testModuleSecurity.py 2010-10-14 17:30:33 UTC (rev 117565)
+++ Zope/branches/2.12/src/AccessControl/tests/testModuleSecurity.py 2010-10-15 11:06:10 UTC (rev 117566)
@@ -32,15 +32,15 @@
if module in sys.modules:
del sys.modules[module]
- def assertUnauth(self, module, fromlist):
+ def assertUnauth(self, module, fromlist, level=0):
from zExceptions import Unauthorized
from AccessControl.ZopeGuards import guarded_import
- self.assertRaises(Unauthorized,
- guarded_import, module, fromlist=fromlist)
+ self.assertRaises(Unauthorized, guarded_import, module,
+ fromlist=fromlist, level=level)
- def assertAuth(self, module, fromlist):
+ def assertAuth(self, module, fromlist, level=0):
from AccessControl.ZopeGuards import guarded_import
- guarded_import(module, fromlist=fromlist)
+ guarded_import(module, fromlist=fromlist, level=level)
def testPrivateModule(self):
self.assertUnauth('AccessControl.tests.private_module', ())
@@ -76,5 +76,12 @@
guarded_import, 'AccessControl.tests.nonesuch', ())
self.failUnless('AccessControl.tests.nonesuch' in MS)
+ def test_level_zero(self):
+ self.assertAuth('AccessControl.tests.public_module', (), level=0)
+
+ def test_level_nonzero(self):
+ self.assertUnauth('AccessControl.tests.public_module', (), level=1)
+
+
def test_suite():
return unittest.makeSuite(ModuleSecurityTests)
More information about the Zope-Checkins
mailing list