From 0ac3f90c1329c739d94e4fa7e47d7030e710bb9e Mon Sep 17 00:00:00 2001 From: avoinea Date: Fri, 19 Jun 2020 16:07:56 +0300 Subject: [PATCH] [fc] Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-05-27T20:44:16+03:00 Author: Alin Voinea (avoinea) Commit: https://github.com/plone/plone.schemaeditor/commit/7b822ff9ab523f348730d42b6a3db823b6b737e3 Fixes #76 - Can't get Fields vocabulary via RestAPI Files changed: M plone/schemaeditor/browser/schema/listing.py M plone/schemaeditor/fields.py Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-05-27T20:50:54+03:00 Author: Alin Voinea (avoinea) Commit: https://github.com/plone/plone.schemaeditor/commit/a970a50337f4d14dc0a1b95f0db724aee61feb67 Add CHANGELOG Files changed: A news/76.bugfix Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-05-27T20:51:06+03:00 Author: Alin Voinea (avoinea) Commit: https://github.com/plone/plone.schemaeditor/commit/8c8cd6653aeeab61a04e855fc24833da432e53c6 PyFlakes Files changed: M plone/schemaeditor/browser/schema/traversal.py Repository: plone.schemaeditor Branch: refs/heads/master Date: 2020-06-19T16:07:56+03:00 Author: Alin Voinea (avoinea) Commit: https://github.com/plone/plone.schemaeditor/commit/6dd1a7a4af9bfc98ba41e5107a7a9bc53929b0d0 Merge pull request #77 from plone/restapi-fields-vocabulary Fixes #76 - Restapi Fields vocabulary Files changed: A news/76.bugfix M plone/schemaeditor/browser/schema/listing.py M plone/schemaeditor/browser/schema/traversal.py M plone/schemaeditor/fields.py --- last_commit.txt | 68 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 20 deletions(-) diff --git a/last_commit.txt b/last_commit.txt index 2704a3b508..00132cd295 100644 --- a/last_commit.txt +++ b/last_commit.txt @@ -1,38 +1,66 @@ -Repository: plone.session +Repository: plone.schemaeditor Branch: refs/heads/master -Date: 2020-06-17T16:06:24+02:00 -Author: Maurits van Rees (mauritsvanrees) -Commit: https://github.com/plone/plone.session/commit/a6f2e26abac22c84a18eb82b861ebe8e7a5d2886 +Date: 2020-05-27T20:44:16+03:00 +Author: Alin Voinea (avoinea) +Commit: https://github.com/plone/plone.schemaeditor/commit/7b822ff9ab523f348730d42b6a3db823b6b737e3 -Only setup a session when the current user is the requested user. +Fixes #76 - Can't get Fields vocabulary via RestAPI -Fixes https://github.com/plone/Products.PlonePAS/issues/57 +Files changed: +M plone/schemaeditor/browser/schema/listing.py +M plone/schemaeditor/fields.py + +b'diff --git a/plone/schemaeditor/browser/schema/listing.py b/plone/schemaeditor/browser/schema/listing.py\nindex 55e2cc1..6a6152e 100644\n--- a/plone/schemaeditor/browser/schema/listing.py\n+++ b/plone/schemaeditor/browser/schema/listing.py\n@@ -64,8 +64,9 @@ def _field_factory(self, field):\n field.__module__,\n field.__class__.__name__,\n )\n- if self.context.allowedFields is not None:\n- if field_identifier not in self.context.allowedFields:\n+ allowedFields = getattr(self.context, "allowedFields", None)\n+ if allowedFields is not None:\n+ if field_identifier not in allowedFields:\n return None\n return queryUtility(IFieldFactory, name=field_identifier)\n \ndiff --git a/plone/schemaeditor/fields.py b/plone/schemaeditor/fields.py\nindex 7fcb460..4cb2f3a 100644\n--- a/plone/schemaeditor/fields.py\n+++ b/plone/schemaeditor/fields.py\n@@ -59,9 +59,10 @@ def protected(self, field):\n def FieldsVocabularyFactory(context):\n request = getRequest()\n field_factories = getUtilitiesFor(IFieldFactory)\n- if context.allowedFields is not None:\n+ allowedFields = getattr(context, "allowedFields", None)\n+ if allowedFields is not None:\n field_factories = [(id, factory) for id, factory in field_factories\n- if id in context.allowedFields]\n+ if id in allowedFields]\n terms = []\n for (field_id, factory) in field_factories:\n terms.append(\n' + +Repository: plone.schemaeditor + + +Branch: refs/heads/master +Date: 2020-05-27T20:50:54+03:00 +Author: Alin Voinea (avoinea) +Commit: https://github.com/plone/plone.schemaeditor/commit/a970a50337f4d14dc0a1b95f0db724aee61feb67 + +Add CHANGELOG + +Files changed: +A news/76.bugfix + +b'diff --git a/news/76.bugfix b/news/76.bugfix\nnew file mode 100644\nindex 0000000..7ef755d\n--- /dev/null\n+++ b/news/76.bugfix\n@@ -0,0 +1 @@\n+Fix `Fields` vocabulary via RestAPI [avoinea]\n' + +Repository: plone.schemaeditor + + +Branch: refs/heads/master +Date: 2020-05-27T20:51:06+03:00 +Author: Alin Voinea (avoinea) +Commit: https://github.com/plone/plone.schemaeditor/commit/8c8cd6653aeeab61a04e855fc24833da432e53c6 + +PyFlakes Files changed: -A news/57.bugfix -M plone/session/plugins/session.py -M plone/session/tests/testPAS.py +M plone/schemaeditor/browser/schema/traversal.py -b'diff --git a/news/57.bugfix b/news/57.bugfix\nnew file mode 100644\nindex 0000000..27e40df\n--- /dev/null\n+++ b/news/57.bugfix\n@@ -0,0 +1,2 @@\n+Only setup a session when the current user is the requested user.\n+[maurits]\ndiff --git a/plone/session/plugins/session.py b/plone/session/plugins/session.py\nindex 7e7200d..963d6a5 100644\n--- a/plone/session/plugins/session.py\n+++ b/plone/session/plugins/session.py\n@@ -1,6 +1,7 @@\n # -*- coding: utf-8 -*-\n from AccessControl.requestmethod import postonly\n from AccessControl.SecurityInfo import ClassSecurityInfo\n+from AccessControl.SecurityManagement import getSecurityManager\n from App.config import getConfiguration\n from email.utils import formatdate\n from plone.keyring.interfaces import IKeyManager\n@@ -240,9 +241,21 @@ def _validateTicket(self, ticket, now=None):\n def updateCredentials(self, request, response, login, new_password):\n pas = self._getPAS()\n info = pas._verifyUser(pas.plugins, login=login)\n- if info is not None:\n- # Only setup a session for users in our own user folder.\n- self._setupSession(info["id"], response)\n+ if info is None:\n+ # User is not in our own user folder, so we do not setup a session.\n+ return\n+ user_id = info["id"]\n+ # Only setup a session when the current user is the requested user.\n+ # Otherwise you are logged in as Manager Jane, reset the password of Joe,\n+ # and are afterwards logged in as Joe.\n+ # See https://github.com/plone/Products.PlonePAS/issues/57\n+ authenticated_user = getSecurityManager().getUser()\n+ if authenticated_user is not None:\n+ authenticated_id = authenticated_user.getId()\n+ # For anonymous, the id is empty\n+ if authenticated_id and authenticated_id != user_id:\n+ return\n+ self._setupSession(user_id, response)\n \n # ICredentialsResetPlugin implementation\n def resetCredentials(self, request, response):\ndiff --git a/plone/session/tests/testPAS.py b/plone/session/tests/testPAS.py\nindex 2ec774a..ce94e17 100644\n--- a/plone/session/tests/testPAS.py\n+++ b/plone/session/tests/testPAS.py\n@@ -1,5 +1,6 @@\n # -*- coding: utf-8 -*-\n from DateTime import DateTime\n+from plone.app.testing import logout\n from zope.publisher.browser import TestRequest\n from plone.session.interfaces import ISessionPlugin\n from plone.session.testing import PLONE_SEESION_FUNCTIONAL_TESTING\n@@ -92,24 +93,46 @@ def testExtraction(self):\n creds = session.extractCredentials(request)\n self.assertEqual(creds, {})\n \n- def testCredentialsUpdate(self):\n+ def testCredentialsUpdateUnknownUser(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n+ # The fake PAS in the tests only knows about "our_user",\n+ # so updating an unknown user does nothing.\n session.updateCredentials(request, request.response, "bla", "password")\n- self.assertEqual(request.response.getCookie(session.cookie_name), None)\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n \n+ def testCredentialsUpdateAnonymous(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n session.updateCredentials(\n request,\n request.response,\n "our_user",\n "password"\n )\n- self.assertNotEqual(\n+ self.assertIsNotNone(\n request.response.getCookie(session.cookie_name),\n- None\n )\n \n+ def testCredentialsUpdateOtherUser(self):\n+ # We are logged in as test user, which we DO want in this test.\n+ # The session should not be updated then.\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n+ session.updateCredentials(\n+ request,\n+ request.response,\n+ "our_user",\n+ "password"\n+ )\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n+\n def testRefresh(self):\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n session.updateCredentials(\n@@ -122,10 +145,7 @@ def testRefresh(self):\n request2 = self.makeRequest(cookie)\n request2.form[\'type\'] = \'gif\'\n session.refresh(request2)\n- self.assertNotEqual(\n- request2.response.getCookie(session.cookie_name),\n- None\n- )\n+ self.assertIsNotNone(request2.response.getCookie(session.cookie_name))\n \n def testUnicodeUserid(self):\n unicode_userid = six.text_type(self.userid)\n' +b'diff --git a/plone/schemaeditor/browser/schema/traversal.py b/plone/schemaeditor/browser/schema/traversal.py\nindex ebf87a5..db9f2c7 100644\n--- a/plone/schemaeditor/browser/schema/traversal.py\n+++ b/plone/schemaeditor/browser/schema/traversal.py\n@@ -6,8 +6,6 @@\n from zope.publisher.interfaces.browser import IBrowserPublisher\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n \n-import six\n-\n \n @implementer(ISchemaContext, IBrowserPublisher)\n class SchemaContext(SimpleItem):\n' -Repository: plone.session +Repository: plone.schemaeditor Branch: refs/heads/master -Date: 2020-06-19T13:11:35+02:00 -Author: Maurits van Rees (mauritsvanrees) -Commit: https://github.com/plone/plone.session/commit/4ead2e65ac1b9bea029791977544777cfe109abb +Date: 2020-06-19T16:07:56+03:00 +Author: Alin Voinea (avoinea) +Commit: https://github.com/plone/plone.schemaeditor/commit/6dd1a7a4af9bfc98ba41e5107a7a9bc53929b0d0 -Merge pull request #21 from plone/maurits/issue-57-user-switch +Merge pull request #77 from plone/restapi-fields-vocabulary -Only setup a session when the current user is the requested user. +Fixes #76 - Restapi Fields vocabulary Files changed: -A news/57.bugfix -M plone/session/plugins/session.py -M plone/session/tests/testPAS.py +A news/76.bugfix +M plone/schemaeditor/browser/schema/listing.py +M plone/schemaeditor/browser/schema/traversal.py +M plone/schemaeditor/fields.py -b'diff --git a/news/57.bugfix b/news/57.bugfix\nnew file mode 100644\nindex 0000000..27e40df\n--- /dev/null\n+++ b/news/57.bugfix\n@@ -0,0 +1,2 @@\n+Only setup a session when the current user is the requested user.\n+[maurits]\ndiff --git a/plone/session/plugins/session.py b/plone/session/plugins/session.py\nindex 7e7200d..963d6a5 100644\n--- a/plone/session/plugins/session.py\n+++ b/plone/session/plugins/session.py\n@@ -1,6 +1,7 @@\n # -*- coding: utf-8 -*-\n from AccessControl.requestmethod import postonly\n from AccessControl.SecurityInfo import ClassSecurityInfo\n+from AccessControl.SecurityManagement import getSecurityManager\n from App.config import getConfiguration\n from email.utils import formatdate\n from plone.keyring.interfaces import IKeyManager\n@@ -240,9 +241,21 @@ def _validateTicket(self, ticket, now=None):\n def updateCredentials(self, request, response, login, new_password):\n pas = self._getPAS()\n info = pas._verifyUser(pas.plugins, login=login)\n- if info is not None:\n- # Only setup a session for users in our own user folder.\n- self._setupSession(info["id"], response)\n+ if info is None:\n+ # User is not in our own user folder, so we do not setup a session.\n+ return\n+ user_id = info["id"]\n+ # Only setup a session when the current user is the requested user.\n+ # Otherwise you are logged in as Manager Jane, reset the password of Joe,\n+ # and are afterwards logged in as Joe.\n+ # See https://github.com/plone/Products.PlonePAS/issues/57\n+ authenticated_user = getSecurityManager().getUser()\n+ if authenticated_user is not None:\n+ authenticated_id = authenticated_user.getId()\n+ # For anonymous, the id is empty\n+ if authenticated_id and authenticated_id != user_id:\n+ return\n+ self._setupSession(user_id, response)\n \n # ICredentialsResetPlugin implementation\n def resetCredentials(self, request, response):\ndiff --git a/plone/session/tests/testPAS.py b/plone/session/tests/testPAS.py\nindex 2ec774a..ce94e17 100644\n--- a/plone/session/tests/testPAS.py\n+++ b/plone/session/tests/testPAS.py\n@@ -1,5 +1,6 @@\n # -*- coding: utf-8 -*-\n from DateTime import DateTime\n+from plone.app.testing import logout\n from zope.publisher.browser import TestRequest\n from plone.session.interfaces import ISessionPlugin\n from plone.session.testing import PLONE_SEESION_FUNCTIONAL_TESTING\n@@ -92,24 +93,46 @@ def testExtraction(self):\n creds = session.extractCredentials(request)\n self.assertEqual(creds, {})\n \n- def testCredentialsUpdate(self):\n+ def testCredentialsUpdateUnknownUser(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n+ # The fake PAS in the tests only knows about "our_user",\n+ # so updating an unknown user does nothing.\n session.updateCredentials(request, request.response, "bla", "password")\n- self.assertEqual(request.response.getCookie(session.cookie_name), None)\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n \n+ def testCredentialsUpdateAnonymous(self):\n+ # We are logged in as test user, which we do not want.\n+ logout()\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n session.updateCredentials(\n request,\n request.response,\n "our_user",\n "password"\n )\n- self.assertNotEqual(\n+ self.assertIsNotNone(\n request.response.getCookie(session.cookie_name),\n- None\n )\n \n+ def testCredentialsUpdateOtherUser(self):\n+ # We are logged in as test user, which we DO want in this test.\n+ # The session should not be updated then.\n+ session = self.folder.pas.session\n+ request = self.makeRequest("test string")\n+ session.updateCredentials(\n+ request,\n+ request.response,\n+ "our_user",\n+ "password"\n+ )\n+ self.assertIsNone(request.response.getCookie(session.cookie_name))\n+\n def testRefresh(self):\n+ logout()\n session = self.folder.pas.session\n request = self.makeRequest("test string")\n session.updateCredentials(\n@@ -122,10 +145,7 @@ def testRefresh(self):\n request2 = self.makeRequest(cookie)\n request2.form[\'type\'] = \'gif\'\n session.refresh(request2)\n- self.assertNotEqual(\n- request2.response.getCookie(session.cookie_name),\n- None\n- )\n+ self.assertIsNotNone(request2.response.getCookie(session.cookie_name))\n \n def testUnicodeUserid(self):\n unicode_userid = six.text_type(self.userid)\n' +b'diff --git a/news/76.bugfix b/news/76.bugfix\nnew file mode 100644\nindex 0000000..7ef755d\n--- /dev/null\n+++ b/news/76.bugfix\n@@ -0,0 +1 @@\n+Fix `Fields` vocabulary via RestAPI [avoinea]\ndiff --git a/plone/schemaeditor/browser/schema/listing.py b/plone/schemaeditor/browser/schema/listing.py\nindex 55e2cc1..6a6152e 100644\n--- a/plone/schemaeditor/browser/schema/listing.py\n+++ b/plone/schemaeditor/browser/schema/listing.py\n@@ -64,8 +64,9 @@ def _field_factory(self, field):\n field.__module__,\n field.__class__.__name__,\n )\n- if self.context.allowedFields is not None:\n- if field_identifier not in self.context.allowedFields:\n+ allowedFields = getattr(self.context, "allowedFields", None)\n+ if allowedFields is not None:\n+ if field_identifier not in allowedFields:\n return None\n return queryUtility(IFieldFactory, name=field_identifier)\n \ndiff --git a/plone/schemaeditor/browser/schema/traversal.py b/plone/schemaeditor/browser/schema/traversal.py\nindex ebf87a5..db9f2c7 100644\n--- a/plone/schemaeditor/browser/schema/traversal.py\n+++ b/plone/schemaeditor/browser/schema/traversal.py\n@@ -6,8 +6,6 @@\n from zope.publisher.interfaces.browser import IBrowserPublisher\n from ZPublisher.BaseRequest import DefaultPublishTraverse\n \n-import six\n-\n \n @implementer(ISchemaContext, IBrowserPublisher)\n class SchemaContext(SimpleItem):\ndiff --git a/plone/schemaeditor/fields.py b/plone/schemaeditor/fields.py\nindex 7fcb460..4cb2f3a 100644\n--- a/plone/schemaeditor/fields.py\n+++ b/plone/schemaeditor/fields.py\n@@ -59,9 +59,10 @@ def protected(self, field):\n def FieldsVocabularyFactory(context):\n request = getRequest()\n field_factories = getUtilitiesFor(IFieldFactory)\n- if context.allowedFields is not None:\n+ allowedFields = getattr(context, "allowedFields", None)\n+ if allowedFields is not None:\n field_factories = [(id, factory) for id, factory in field_factories\n- if id in context.allowedFields]\n+ if id in allowedFields]\n terms = []\n for (field_id, factory) in field_factories:\n terms.append(\n'