- Sponsor
-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Branch: refs/heads/master Date: 2020-05-27T20:44:16+03:00 Author: Alin Voinea (avoinea) <contact@avoinea.com> Commit: plone/plone.schemaeditor@7b822ff Fixes #76 - Can't get Fields vocabulary via RestAPI Files changed: M plone/schemaeditor/browser/schema/listing.py M plone/schemaeditor/fields.py Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-05-27T20:50:54+03:00 Author: Alin Voinea (avoinea) <contact@avoinea.com> Commit: plone/plone.schemaeditor@a970a50 Add CHANGELOG Files changed: A news/76.bugfix Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-05-27T20:51:06+03:00 Author: Alin Voinea (avoinea) <contact@avoinea.com> Commit: plone/plone.schemaeditor@8c8cd66 PyFlakes Files changed: M plone/schemaeditor/browser/schema/traversal.py Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-06-19T16:07:56+03:00 Author: Alin Voinea (avoinea) <contact@avoinea.com> Commit: plone/plone.schemaeditor@6dd1a7a Merge pull request #77 from plone/restapi-fields-vocabulary Fixes #76 - Restapi Fields vocabulary Files changed: A news/76.bugfix M plone/schemaeditor/browser/schema/listing.py M plone/schemaeditor/browser/schema/traversal.py M plone/schemaeditor/fields.py
Showing
1 changed file
with
48 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,38 +1,66 @@ | ||
Repository: plone.session | ||
Repository: plone.schemaeditor | ||
|
||
|
||
Branch: refs/heads/master | ||
Date: 2020-06-17T16:06:24+02:00 | ||
Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org> | ||
Commit: https://github.com/plone/plone.session/commit/a6f2e26abac22c84a18eb82b861ebe8e7a5d2886 | ||
Date: 2020-05-27T20:44:16+03:00 | ||
Author: Alin Voinea (avoinea) <contact@avoinea.com> | ||
Commit: https://github.com/plone/plone.schemaeditor/commit/7b822ff9ab523f348730d42b6a3db823b6b737e3 | ||
|
||
Only setup a session when the current user is the requested user. | ||
Fixes #76 - Can't get Fields vocabulary via RestAPI | ||
|
||
Fixes https://github.com/plone/Products.PlonePAS/issues/57 | ||
Files changed: | ||
M plone/schemaeditor/browser/schema/listing.py | ||
M plone/schemaeditor/fields.py | ||
|
||
b'diff --git a/plone/schemaeditor/browser/schema/listing.py b/plone/schemaeditor/browser/schema/listing.py\nindex 55e2cc1..6a6152e 100644\n--- a/plone/schemaeditor/browser/schema/listing.py\n+++ b/plone/schemaeditor/browser/schema/listing.py\n@@ -64,8 +64,9 @@ def _field_factory(self, field):\n field.__module__,\n field.__class__.__name__,\n )\n- if self.context.allowedFields is not None:\n- if field_identifier not in self.context.allowedFields:\n+ allowedFields = getattr(self.context, "allowedFields", None)\n+ if allowedFields is not None:\n+ if field_identifier not in allowedFields:\n return None\n return queryUtility(IFieldFactory, name=field_identifier)\n \ndiff --git a/plone/schemaeditor/fields.py b/plone/schemaeditor/fields.py\nindex 7fcb460..4cb2f3a 100644\n--- a/plone/schemaeditor/fields.py\n+++ b/plone/schemaeditor/fields.py\n@@ -59,9 +59,10 @@ def protected(self, field):\n def FieldsVocabularyFactory(context):\n request = getRequest()\n field_factories = getUtilitiesFor(IFieldFactory)\n- if context.allowedFields is not None:\n+ allowedFields = getattr(context, "allowedFields", None)\n+ if allowedFields is not None:\n field_factories = [(id, factory) for id, factory in field_factories\n- if id in context.allowedFields]\n+ if id in allowedFields]\n terms = []\n for (field_id, factory) in field_factories:\n terms.append(\n' | ||
|
||
Repository: plone.schemaeditor | ||
|
||
|
||
Branch: refs/heads/master | ||
Date: 2020-05-27T20:50:54+03:00 | ||
Author: Alin Voinea (avoinea) <contact@avoinea.com> | ||
Commit: https://github.com/plone/plone.schemaeditor/commit/a970a50337f4d14dc0a1b95f0db724aee61feb67 | ||
|
||
Add CHANGELOG | ||
|
||
Files changed: | ||
A news/76.bugfix | ||
|
||
b'diff --git a/news/76.bugfix b/news/76.bugfix\nnew file mode 100644\nindex 0000000..7ef755d\n--- /dev/null\n+++ b/news/76.bugfix\n@@ -0,0 +1 @@\n+Fix `Fields` vocabulary via RestAPI [avoinea]\n' | ||
|
||
Repository: plone.schemaeditor | ||
|
||
|
||
Branch: refs/heads/master | ||
Date: 2020-05-27T20:51:06+03:00 | ||
Author: Alin Voinea (avoinea) <contact@avoinea.com> | ||
Commit: https://github.com/plone/plone.schemaeditor/commit/8c8cd6653aeeab61a04e855fc24833da432e53c6 | ||
|
||
PyFlakes | ||
|
||
Files changed: | ||
A news/57.bugfix | ||
M plone/session/plugins/session.py | ||
M plone/session/tests/testPAS.py | ||
M plone/schemaeditor/browser/schema/traversal.py | ||
|
||
b'diff --git a/news/57.bugfix b/news/57.bugfix\nnew file mode 100644\nindex 0000000..27e40df\n--- /dev/null\n+++ b/news/57.bugfix\n@@ -0,0 +1,2 @@\n+Only setup a session when the current user is the requested user.\n+[maurits]\ndiff --git a/plone/session/plugins/session.py b/plone/session/plugins/session.py\nindex 7e7200d..963d6a5 100644\n--- a/plone/session/plugins/session.py\n+++ b/plone/session/plugins/session.py\n@@ -1,6 +1,7 @@\n # -*- coding: utf-8 -*-\n from AccessControl.requestmethod import postonly\n from AccessControl.SecurityInfo import ClassSecurityInfo\n+from AccessControl.SecurityManagement import getSecurityManager\n from App.config import getConfiguration\n from email.utils import formatdate\n from plone.keyring.interfaces import IKeyManager\n@@ -240,9 +241,21 @@ def _validateTicket(self, ticket, now=None):\n def updateCredentials(self, request, response, login, new_password):\n pas = self._getPAS()\n info = pas._verifyUser(pas.plugins, login=login)\n- if info is not None:\n- # Only setup a session for users in our own user folder.\n- self._setupSession(info["id"], response)\n+ if info is None:\n+ # User is not in our own user folder, so we do not setup a session.\n+ return\n+ user_id = info["id"]\n+ # Only setup a session when the current user is the requested user.\n+ # Otherwise you are logged in as Manager Jane, reset the password of Joe,\n+ # and are afterwards logged in as Joe.\n+ # See https://github.com/plone/Products.PlonePAS/issues/57\n+ authenticated_user = getSecurityManager().getUser()\n+ if authenticated_user is not None:\n+ authenticated_id = authenticated_user.getId()\n+ # For anonymous, the id is empty\n+ if authenticated_id and authenticated_id != user_id:\n+ return\n+ self._setupSession(user_id, response)\n \n # ICredentialsResetPlugin implementation\n def resetCredentials(self, request, response):\ndiff --git a/plone/session/tests/testPAS.py b/plone/session/tests/testPAS.py\nindex 2ec774a..ce94e17 100644\n--- a/plone/session/tests/testPAS.py\n+++ b/plone/session/tests/testPAS.py\n@@ -1,5 +1,6 @@\n # -*- coding: utf-8 -*-\n from DateTime import DateTime\n+from plone.app.testing import logout\n from zope.publisher.browser import TestRequest\n from plone.session.interfaces import ISessionPlugin\n from plone.session.testing import PLONE_SEESION_FUNCTIONAL_TESTING\n@@ -92,24 +93,46 @@ def testExtraction(self):\n creds = session.extractCredentials(request)\n self.assertEqual(creds, {})\n \n- def testCredentialsUpdate(self):\n+ def testCredentialsUpdateUnknownUser(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n+ # The fake PAS in the tests only knows about "our_user",\n+ # so updating an unknown user does nothing.\n session.updateCredentials(request, request.response, "bla", "password")\n- self.assertEqual(request.response.getCookie(session.cookie_name), None)\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n \n+ def testCredentialsUpdateAnonymous(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n session.updateCredentials(\n request,\n request.response,\n "our_user",\n "password"\n )\n- self.assertNotEqual(\n+ self.assertIsNotNone(\n request.response.getCookie(session.cookie_name),\n- None\n )\n \n+ def testCredentialsUpdateOtherUser(self):\n+ # We are logged in as test user, which we DO want in this test.\n+ # The session should not be updated then.\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n+ session.updateCredentials(\n+ request,\n+ request.response,\n+ "our_user",\n+ "password"\n+ )\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n+\n def testRefresh(self):\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n session.updateCredentials(\n@@ -122,10 +145,7 @@ def testRefresh(self):\n request2 = self.makeRequest(cookie)\n request2.form[\'type\'] = \'gif\'\n session.refresh(request2)\n- self.assertNotEqual(\n- request2.response.getCookie(session.cookie_name),\n- None\n- )\n+ self.assertIsNotNone(request2.response.getCookie(session.cookie_name))\n \n def testUnicodeUserid(self):\n unicode_userid = six.text_type(self.userid)\n' | ||
b'diff --git a/plone/schemaeditor/browser/schema/traversal.py b/plone/schemaeditor/browser/schema/traversal.py\nindex ebf87a5..db9f2c7 100644\n--- a/plone/schemaeditor/browser/schema/traversal.py\n+++ b/plone/schemaeditor/browser/schema/traversal.py\n@@ -6,8 +6,6 @@\n from zope.publisher.interfaces.browser import IBrowserPublisher\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n \n-import six\n-\n \n @implementer(ISchemaContext, IBrowserPublisher)\n class SchemaContext(SimpleItem):\n' | ||
|
||
Repository: plone.session | ||
Repository: plone.schemaeditor | ||
|
||
|
||
Branch: refs/heads/master | ||
Date: 2020-06-19T13:11:35+02:00 | ||
Author: Maurits van Rees (mauritsvanrees) <m.van.rees@zestsoftware.nl> | ||
Commit: https://github.com/plone/plone.session/commit/4ead2e65ac1b9bea029791977544777cfe109abb | ||
Date: 2020-06-19T16:07:56+03:00 | ||
Author: Alin Voinea (avoinea) <contact@avoinea.com> | ||
Commit: https://github.com/plone/plone.schemaeditor/commit/6dd1a7a4af9bfc98ba41e5107a7a9bc53929b0d0 | ||
|
||
Merge pull request #21 from plone/maurits/issue-57-user-switch | ||
Merge pull request #77 from plone/restapi-fields-vocabulary | ||
|
||
Only setup a session when the current user is the requested user. | ||
Fixes #76 - Restapi Fields vocabulary | ||
|
||
Files changed: | ||
A news/57.bugfix | ||
M plone/session/plugins/session.py | ||
M plone/session/tests/testPAS.py | ||
A news/76.bugfix | ||
M plone/schemaeditor/browser/schema/listing.py | ||
M plone/schemaeditor/browser/schema/traversal.py | ||
M plone/schemaeditor/fields.py | ||
|
||
b'diff --git a/news/57.bugfix b/news/57.bugfix\nnew file mode 100644\nindex 0000000..27e40df\n--- /dev/null\n+++ b/news/57.bugfix\n@@ -0,0 +1,2 @@\n+Only setup a session when the current user is the requested user.\n+[maurits]\ndiff --git a/plone/session/plugins/session.py b/plone/session/plugins/session.py\nindex 7e7200d..963d6a5 100644\n--- a/plone/session/plugins/session.py\n+++ b/plone/session/plugins/session.py\n@@ -1,6 +1,7 @@\n # -*- coding: utf-8 -*-\n from AccessControl.requestmethod import postonly\n from AccessControl.SecurityInfo import ClassSecurityInfo\n+from AccessControl.SecurityManagement import getSecurityManager\n from App.config import getConfiguration\n from email.utils import formatdate\n from plone.keyring.interfaces import IKeyManager\n@@ -240,9 +241,21 @@ def _validateTicket(self, ticket, now=None):\n def updateCredentials(self, request, response, login, new_password):\n pas = self._getPAS()\n info = pas._verifyUser(pas.plugins, login=login)\n- if info is not None:\n- # Only setup a session for users in our own user folder.\n- self._setupSession(info["id"], response)\n+ if info is None:\n+ # User is not in our own user folder, so we do not setup a session.\n+ return\n+ user_id = info["id"]\n+ # Only setup a session when the current user is the requested user.\n+ # Otherwise you are logged in as Manager Jane, reset the password of Joe,\n+ # and are afterwards logged in as Joe.\n+ # See https://github.com/plone/Products.PlonePAS/issues/57\n+ authenticated_user = getSecurityManager().getUser()\n+ if authenticated_user is not None:\n+ authenticated_id = authenticated_user.getId()\n+ # For anonymous, the id is empty\n+ if authenticated_id and authenticated_id != user_id:\n+ return\n+ self._setupSession(user_id, response)\n \n # ICredentialsResetPlugin implementation\n def resetCredentials(self, request, response):\ndiff --git a/plone/session/tests/testPAS.py b/plone/session/tests/testPAS.py\nindex 2ec774a..ce94e17 100644\n--- a/plone/session/tests/testPAS.py\n+++ b/plone/session/tests/testPAS.py\n@@ -1,5 +1,6 @@\n # -*- coding: utf-8 -*-\n from DateTime import DateTime\n+from plone.app.testing import logout\n from zope.publisher.browser import TestRequest\n from plone.session.interfaces import ISessionPlugin\n from plone.session.testing import PLONE_SEESION_FUNCTIONAL_TESTING\n@@ -92,24 +93,46 @@ def testExtraction(self):\n creds = session.extractCredentials(request)\n self.assertEqual(creds, {})\n \n- def testCredentialsUpdate(self):\n+ def testCredentialsUpdateUnknownUser(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n+ # The fake PAS in the tests only knows about "our_user",\n+ # so updating an unknown user does nothing.\n session.updateCredentials(request, request.response, "bla", "password")\n- self.assertEqual(request.response.getCookie(session.cookie_name), None)\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n \n+ def testCredentialsUpdateAnonymous(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n session.updateCredentials(\n request,\n request.response,\n "our_user",\n "password"\n )\n- self.assertNotEqual(\n+ self.assertIsNotNone(\n request.response.getCookie(session.cookie_name),\n- None\n )\n \n+ def testCredentialsUpdateOtherUser(self):\n+ # We are logged in as test user, which we DO want in this test.\n+ # The session should not be updated then.\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n+ session.updateCredentials(\n+ request,\n+ request.response,\n+ "our_user",\n+ "password"\n+ )\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n+\n def testRefresh(self):\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n session.updateCredentials(\n@@ -122,10 +145,7 @@ def testRefresh(self):\n request2 = self.makeRequest(cookie)\n request2.form[\'type\'] = \'gif\'\n session.refresh(request2)\n- self.assertNotEqual(\n- request2.response.getCookie(session.cookie_name),\n- None\n- )\n+ self.assertIsNotNone(request2.response.getCookie(session.cookie_name))\n \n def testUnicodeUserid(self):\n unicode_userid = six.text_type(self.userid)\n' | ||
b'diff --git a/news/76.bugfix b/news/76.bugfix\nnew file mode 100644\nindex 0000000..7ef755d\n--- /dev/null\n+++ b/news/76.bugfix\n@@ -0,0 +1 @@\n+Fix `Fields` vocabulary via RestAPI [avoinea]\ndiff --git a/plone/schemaeditor/browser/schema/listing.py b/plone/schemaeditor/browser/schema/listing.py\nindex 55e2cc1..6a6152e 100644\n--- a/plone/schemaeditor/browser/schema/listing.py\n+++ b/plone/schemaeditor/browser/schema/listing.py\n@@ -64,8 +64,9 @@ def _field_factory(self, field):\n field.__module__,\n field.__class__.__name__,\n )\n- if self.context.allowedFields is not None:\n- if field_identifier not in self.context.allowedFields:\n+ allowedFields = getattr(self.context, "allowedFields", None)\n+ if allowedFields is not None:\n+ if field_identifier not in allowedFields:\n return None\n return queryUtility(IFieldFactory, name=field_identifier)\n \ndiff --git a/plone/schemaeditor/browser/schema/traversal.py b/plone/schemaeditor/browser/schema/traversal.py\nindex ebf87a5..db9f2c7 100644\n--- a/plone/schemaeditor/browser/schema/traversal.py\n+++ b/plone/schemaeditor/browser/schema/traversal.py\n@@ -6,8 +6,6 @@\n from zope.publisher.interfaces.browser import IBrowserPublisher\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n \n-import six\n-\n \n @implementer(ISchemaContext, IBrowserPublisher)\n class SchemaContext(SimpleItem):\ndiff --git a/plone/schemaeditor/fields.py b/plone/schemaeditor/fields.py\nindex 7fcb460..4cb2f3a 100644\n--- a/plone/schemaeditor/fields.py\n+++ b/plone/schemaeditor/fields.py\n@@ -59,9 +59,10 @@ def protected(self, field):\n def FieldsVocabularyFactory(context):\n request = getRequest()\n field_factories = getUtilitiesFor(IFieldFactory)\n- if context.allowedFields is not None:\n+ allowedFields = getattr(context, "allowedFields", None)\n+ if allowedFields is not None:\n field_factories = [(id, factory) for id, factory in field_factories\n- if id in context.allowedFields]\n+ if id in allowedFields]\n terms = []\n for (field_id, factory) in field_factories:\n terms.append(\n' | ||
|