Skip to content

Commit

Permalink
[fc] Repository: plone.schemaeditor
Browse files Browse the repository at this point in the history
Branch: refs/heads/master
Date: 2020-05-27T20:44:16+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: plone/plone.schemaeditor@7b822ff

Fixes #76 - Can't get Fields vocabulary via RestAPI

Files changed:
M plone/schemaeditor/browser/schema/listing.py
M plone/schemaeditor/fields.py
Repository: plone.schemaeditor

Branch: refs/heads/master
Date: 2020-05-27T20:50:54+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: plone/plone.schemaeditor@a970a50

Add CHANGELOG

Files changed:
A news/76.bugfix
Repository: plone.schemaeditor

Branch: refs/heads/master
Date: 2020-05-27T20:51:06+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: plone/plone.schemaeditor@8c8cd66

PyFlakes

Files changed:
M plone/schemaeditor/browser/schema/traversal.py
Repository: plone.schemaeditor

Branch: refs/heads/master
Date: 2020-06-19T16:07:56+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: plone/plone.schemaeditor@6dd1a7a

Merge pull request #77 from plone/restapi-fields-vocabulary

Fixes #76 - Restapi Fields vocabulary

Files changed:
A news/76.bugfix
M plone/schemaeditor/browser/schema/listing.py
M plone/schemaeditor/browser/schema/traversal.py
M plone/schemaeditor/fields.py
avoinea committed Jun 19, 2020
1 parent e8e93d1 commit 0ac3f90
Showing 1 changed file with 48 additions and 20 deletions.
68 changes: 48 additions & 20 deletions last_commit.txt
Original file line number Diff line number Diff line change
@@ -1,38 +1,66 @@
Repository: plone.session
Repository: plone.schemaeditor


Branch: refs/heads/master
Date: 2020-06-17T16:06:24+02:00
Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org>
Commit: https://github.com/plone/plone.session/commit/a6f2e26abac22c84a18eb82b861ebe8e7a5d2886
Date: 2020-05-27T20:44:16+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: https://github.com/plone/plone.schemaeditor/commit/7b822ff9ab523f348730d42b6a3db823b6b737e3

Only setup a session when the current user is the requested user.
Fixes #76 - Can't get Fields vocabulary via RestAPI

Fixes https://github.com/plone/Products.PlonePAS/issues/57
Files changed:
M plone/schemaeditor/browser/schema/listing.py
M plone/schemaeditor/fields.py

b'diff --git a/plone/schemaeditor/browser/schema/listing.py b/plone/schemaeditor/browser/schema/listing.py\nindex 55e2cc1..6a6152e 100644\n--- a/plone/schemaeditor/browser/schema/listing.py\n+++ b/plone/schemaeditor/browser/schema/listing.py\n@@ -64,8 +64,9 @@ def _field_factory(self, field):\n field.__module__,\n field.__class__.__name__,\n )\n- if self.context.allowedFields is not None:\n- if field_identifier not in self.context.allowedFields:\n+ allowedFields = getattr(self.context, "allowedFields", None)\n+ if allowedFields is not None:\n+ if field_identifier not in allowedFields:\n return None\n return queryUtility(IFieldFactory, name=field_identifier)\n \ndiff --git a/plone/schemaeditor/fields.py b/plone/schemaeditor/fields.py\nindex 7fcb460..4cb2f3a 100644\n--- a/plone/schemaeditor/fields.py\n+++ b/plone/schemaeditor/fields.py\n@@ -59,9 +59,10 @@ def protected(self, field):\n def FieldsVocabularyFactory(context):\n request = getRequest()\n field_factories = getUtilitiesFor(IFieldFactory)\n- if context.allowedFields is not None:\n+ allowedFields = getattr(context, "allowedFields", None)\n+ if allowedFields is not None:\n field_factories = [(id, factory) for id, factory in field_factories\n- if id in context.allowedFields]\n+ if id in allowedFields]\n terms = []\n for (field_id, factory) in field_factories:\n terms.append(\n'

Repository: plone.schemaeditor


Branch: refs/heads/master
Date: 2020-05-27T20:50:54+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: https://github.com/plone/plone.schemaeditor/commit/a970a50337f4d14dc0a1b95f0db724aee61feb67

Add CHANGELOG

Files changed:
A news/76.bugfix

b'diff --git a/news/76.bugfix b/news/76.bugfix\nnew file mode 100644\nindex 0000000..7ef755d\n--- /dev/null\n+++ b/news/76.bugfix\n@@ -0,0 +1 @@\n+Fix `Fields` vocabulary via RestAPI [avoinea]\n'

Repository: plone.schemaeditor


Branch: refs/heads/master
Date: 2020-05-27T20:51:06+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: https://github.com/plone/plone.schemaeditor/commit/8c8cd6653aeeab61a04e855fc24833da432e53c6

PyFlakes

Files changed:
A news/57.bugfix
M plone/session/plugins/session.py
M plone/session/tests/testPAS.py
M plone/schemaeditor/browser/schema/traversal.py

b'diff --git a/news/57.bugfix b/news/57.bugfix\nnew file mode 100644\nindex 0000000..27e40df\n--- /dev/null\n+++ b/news/57.bugfix\n@@ -0,0 +1,2 @@\n+Only setup a session when the current user is the requested user.\n+[maurits]\ndiff --git a/plone/session/plugins/session.py b/plone/session/plugins/session.py\nindex 7e7200d..963d6a5 100644\n--- a/plone/session/plugins/session.py\n+++ b/plone/session/plugins/session.py\n@@ -1,6 +1,7 @@\n # -*- coding: utf-8 -*-\n from AccessControl.requestmethod import postonly\n from AccessControl.SecurityInfo import ClassSecurityInfo\n+from AccessControl.SecurityManagement import getSecurityManager\n from App.config import getConfiguration\n from email.utils import formatdate\n from plone.keyring.interfaces import IKeyManager\n@@ -240,9 +241,21 @@ def _validateTicket(self, ticket, now=None):\n def updateCredentials(self, request, response, login, new_password):\n pas = self._getPAS()\n info = pas._verifyUser(pas.plugins, login=login)\n- if info is not None:\n- # Only setup a session for users in our own user folder.\n- self._setupSession(info["id"], response)\n+ if info is None:\n+ # User is not in our own user folder, so we do not setup a session.\n+ return\n+ user_id = info["id"]\n+ # Only setup a session when the current user is the requested user.\n+ # Otherwise you are logged in as Manager Jane, reset the password of Joe,\n+ # and are afterwards logged in as Joe.\n+ # See https://github.com/plone/Products.PlonePAS/issues/57\n+ authenticated_user = getSecurityManager().getUser()\n+ if authenticated_user is not None:\n+ authenticated_id = authenticated_user.getId()\n+ # For anonymous, the id is empty\n+ if authenticated_id and authenticated_id != user_id:\n+ return\n+ self._setupSession(user_id, response)\n \n # ICredentialsResetPlugin implementation\n def resetCredentials(self, request, response):\ndiff --git a/plone/session/tests/testPAS.py b/plone/session/tests/testPAS.py\nindex 2ec774a..ce94e17 100644\n--- a/plone/session/tests/testPAS.py\n+++ b/plone/session/tests/testPAS.py\n@@ -1,5 +1,6 @@\n # -*- coding: utf-8 -*-\n from DateTime import DateTime\n+from plone.app.testing import logout\n from zope.publisher.browser import TestRequest\n from plone.session.interfaces import ISessionPlugin\n from plone.session.testing import PLONE_SEESION_FUNCTIONAL_TESTING\n@@ -92,24 +93,46 @@ def testExtraction(self):\n creds = session.extractCredentials(request)\n self.assertEqual(creds, {})\n \n- def testCredentialsUpdate(self):\n+ def testCredentialsUpdateUnknownUser(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n+ # The fake PAS in the tests only knows about "our_user",\n+ # so updating an unknown user does nothing.\n session.updateCredentials(request, request.response, "bla", "password")\n- self.assertEqual(request.response.getCookie(session.cookie_name), None)\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n \n+ def testCredentialsUpdateAnonymous(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n session.updateCredentials(\n request,\n request.response,\n "our_user",\n "password"\n )\n- self.assertNotEqual(\n+ self.assertIsNotNone(\n request.response.getCookie(session.cookie_name),\n- None\n )\n \n+ def testCredentialsUpdateOtherUser(self):\n+ # We are logged in as test user, which we DO want in this test.\n+ # The session should not be updated then.\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n+ session.updateCredentials(\n+ request,\n+ request.response,\n+ "our_user",\n+ "password"\n+ )\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n+\n def testRefresh(self):\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n session.updateCredentials(\n@@ -122,10 +145,7 @@ def testRefresh(self):\n request2 = self.makeRequest(cookie)\n request2.form[\'type\'] = \'gif\'\n session.refresh(request2)\n- self.assertNotEqual(\n- request2.response.getCookie(session.cookie_name),\n- None\n- )\n+ self.assertIsNotNone(request2.response.getCookie(session.cookie_name))\n \n def testUnicodeUserid(self):\n unicode_userid = six.text_type(self.userid)\n'
b'diff --git a/plone/schemaeditor/browser/schema/traversal.py b/plone/schemaeditor/browser/schema/traversal.py\nindex ebf87a5..db9f2c7 100644\n--- a/plone/schemaeditor/browser/schema/traversal.py\n+++ b/plone/schemaeditor/browser/schema/traversal.py\n@@ -6,8 +6,6 @@\n from zope.publisher.interfaces.browser import IBrowserPublisher\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n \n-import six\n-\n \n @implementer(ISchemaContext, IBrowserPublisher)\n class SchemaContext(SimpleItem):\n'

Repository: plone.session
Repository: plone.schemaeditor


Branch: refs/heads/master
Date: 2020-06-19T13:11:35+02:00
Author: Maurits van Rees (mauritsvanrees) <m.van.rees@zestsoftware.nl>
Commit: https://github.com/plone/plone.session/commit/4ead2e65ac1b9bea029791977544777cfe109abb
Date: 2020-06-19T16:07:56+03:00
Author: Alin Voinea (avoinea) <contact@avoinea.com>
Commit: https://github.com/plone/plone.schemaeditor/commit/6dd1a7a4af9bfc98ba41e5107a7a9bc53929b0d0

Merge pull request #21 from plone/maurits/issue-57-user-switch
Merge pull request #77 from plone/restapi-fields-vocabulary

Only setup a session when the current user is the requested user.
Fixes #76 - Restapi Fields vocabulary

Files changed:
A news/57.bugfix
M plone/session/plugins/session.py
M plone/session/tests/testPAS.py
A news/76.bugfix
M plone/schemaeditor/browser/schema/listing.py
M plone/schemaeditor/browser/schema/traversal.py
M plone/schemaeditor/fields.py

b'diff --git a/news/57.bugfix b/news/57.bugfix\nnew file mode 100644\nindex 0000000..27e40df\n--- /dev/null\n+++ b/news/57.bugfix\n@@ -0,0 +1,2 @@\n+Only setup a session when the current user is the requested user.\n+[maurits]\ndiff --git a/plone/session/plugins/session.py b/plone/session/plugins/session.py\nindex 7e7200d..963d6a5 100644\n--- a/plone/session/plugins/session.py\n+++ b/plone/session/plugins/session.py\n@@ -1,6 +1,7 @@\n # -*- coding: utf-8 -*-\n from AccessControl.requestmethod import postonly\n from AccessControl.SecurityInfo import ClassSecurityInfo\n+from AccessControl.SecurityManagement import getSecurityManager\n from App.config import getConfiguration\n from email.utils import formatdate\n from plone.keyring.interfaces import IKeyManager\n@@ -240,9 +241,21 @@ def _validateTicket(self, ticket, now=None):\n def updateCredentials(self, request, response, login, new_password):\n pas = self._getPAS()\n info = pas._verifyUser(pas.plugins, login=login)\n- if info is not None:\n- # Only setup a session for users in our own user folder.\n- self._setupSession(info["id"], response)\n+ if info is None:\n+ # User is not in our own user folder, so we do not setup a session.\n+ return\n+ user_id = info["id"]\n+ # Only setup a session when the current user is the requested user.\n+ # Otherwise you are logged in as Manager Jane, reset the password of Joe,\n+ # and are afterwards logged in as Joe.\n+ # See https://github.com/plone/Products.PlonePAS/issues/57\n+ authenticated_user = getSecurityManager().getUser()\n+ if authenticated_user is not None:\n+ authenticated_id = authenticated_user.getId()\n+ # For anonymous, the id is empty\n+ if authenticated_id and authenticated_id != user_id:\n+ return\n+ self._setupSession(user_id, response)\n \n # ICredentialsResetPlugin implementation\n def resetCredentials(self, request, response):\ndiff --git a/plone/session/tests/testPAS.py b/plone/session/tests/testPAS.py\nindex 2ec774a..ce94e17 100644\n--- a/plone/session/tests/testPAS.py\n+++ b/plone/session/tests/testPAS.py\n@@ -1,5 +1,6 @@\n # -*- coding: utf-8 -*-\n from DateTime import DateTime\n+from plone.app.testing import logout\n from zope.publisher.browser import TestRequest\n from plone.session.interfaces import ISessionPlugin\n from plone.session.testing import PLONE_SEESION_FUNCTIONAL_TESTING\n@@ -92,24 +93,46 @@ def testExtraction(self):\n creds = session.extractCredentials(request)\n self.assertEqual(creds, {})\n \n- def testCredentialsUpdate(self):\n+ def testCredentialsUpdateUnknownUser(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n+ # The fake PAS in the tests only knows about "our_user",\n+ # so updating an unknown user does nothing.\n session.updateCredentials(request, request.response, "bla", "password")\n- self.assertEqual(request.response.getCookie(session.cookie_name), None)\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n \n+ def testCredentialsUpdateAnonymous(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n session.updateCredentials(\n request,\n request.response,\n "our_user",\n "password"\n )\n- self.assertNotEqual(\n+ self.assertIsNotNone(\n request.response.getCookie(session.cookie_name),\n- None\n )\n \n+ def testCredentialsUpdateOtherUser(self):\n+ # We are logged in as test user, which we DO want in this test.\n+ # The session should not be updated then.\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n+ session.updateCredentials(\n+ request,\n+ request.response,\n+ "our_user",\n+ "password"\n+ )\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n+\n def testRefresh(self):\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n session.updateCredentials(\n@@ -122,10 +145,7 @@ def testRefresh(self):\n request2 = self.makeRequest(cookie)\n request2.form[\'type\'] = \'gif\'\n session.refresh(request2)\n- self.assertNotEqual(\n- request2.response.getCookie(session.cookie_name),\n- None\n- )\n+ self.assertIsNotNone(request2.response.getCookie(session.cookie_name))\n \n def testUnicodeUserid(self):\n unicode_userid = six.text_type(self.userid)\n'
b'diff --git a/news/76.bugfix b/news/76.bugfix\nnew file mode 100644\nindex 0000000..7ef755d\n--- /dev/null\n+++ b/news/76.bugfix\n@@ -0,0 +1 @@\n+Fix `Fields` vocabulary via RestAPI [avoinea]\ndiff --git a/plone/schemaeditor/browser/schema/listing.py b/plone/schemaeditor/browser/schema/listing.py\nindex 55e2cc1..6a6152e 100644\n--- a/plone/schemaeditor/browser/schema/listing.py\n+++ b/plone/schemaeditor/browser/schema/listing.py\n@@ -64,8 +64,9 @@ def _field_factory(self, field):\n field.__module__,\n field.__class__.__name__,\n )\n- if self.context.allowedFields is not None:\n- if field_identifier not in self.context.allowedFields:\n+ allowedFields = getattr(self.context, "allowedFields", None)\n+ if allowedFields is not None:\n+ if field_identifier not in allowedFields:\n return None\n return queryUtility(IFieldFactory, name=field_identifier)\n \ndiff --git a/plone/schemaeditor/browser/schema/traversal.py b/plone/schemaeditor/browser/schema/traversal.py\nindex ebf87a5..db9f2c7 100644\n--- a/plone/schemaeditor/browser/schema/traversal.py\n+++ b/plone/schemaeditor/browser/schema/traversal.py\n@@ -6,8 +6,6 @@\n from zope.publisher.interfaces.browser import IBrowserPublisher\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n \n-import six\n-\n \n @implementer(ISchemaContext, IBrowserPublisher)\n class SchemaContext(SimpleItem):\ndiff --git a/plone/schemaeditor/fields.py b/plone/schemaeditor/fields.py\nindex 7fcb460..4cb2f3a 100644\n--- a/plone/schemaeditor/fields.py\n+++ b/plone/schemaeditor/fields.py\n@@ -59,9 +59,10 @@ def protected(self, field):\n def FieldsVocabularyFactory(context):\n request = getRequest()\n field_factories = getUtilitiesFor(IFieldFactory)\n- if context.allowedFields is not None:\n+ allowedFields = getattr(context, "allowedFields", None)\n+ if allowedFields is not None:\n field_factories = [(id, factory) for id, factory in field_factories\n- if id in context.allowedFields]\n+ if id in allowedFields]\n terms = []\n for (field_id, factory) in field_factories:\n terms.append(\n'

0 comments on commit 0ac3f90

Please sign in to comment.