Changeset 1725

Timestamp:

07/29/08 14:33:43 (20 months ago)

Author:

JensDiemer

Message:

* merge some redirect code together
* work-a-round for restricted plugin method and settings.TEMPLATE_DEBUG is on.
* add a unittest for this.

Location:

trunk/pylucid

Files:

• PyLucid/index.py (modified) (4 diffs)
• tests/test_plugin_api.py (modified) (2 diffs)
• tests/unittest_plugin/unittest_plugin.py (modified) (1 diff)
• tests/unittest_plugin/unittest_plugin_cfg.py (modified) (1 diff)

trunk/pylucid/PyLucid/index.py

@@ -24 +24 @@
                                                            HttpResponseRedirect
 from django.conf import settings
-from django.template import RequestContext
+from django.template import RequestContext, TemplateSyntaxError
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext as _
@@ -48 +48 @@
 )
 
+def _redirect_to_login(request):
+    """
+    Redirect to the _comment auth login with the default page
+    FIXME: We should build the auth command url in a better way.
+    """
+    path = "/%s/%s/auth/login/?next=%s" % (
+        settings.COMMAND_URL_PREFIX, Page.objects.default_page.id, request.path
+    )
+    return HttpResponseRedirect(path)
+
+def _redirect_access_denied(request):
+    """
+    Redirect to login page, if the user is anonymous.
+    """
+    if not request.user.is_anonymous():
+        # The user is logged in. But he hasn't the rights to see the page
+        # or run the plugin method
+        raise AccessDenied("User can see this page content!")
+
+    return _redirect_to_login(request)
+
 
 def _render_cms_page(request, context, page_content=None):
@@ -77 +98 @@
 
     # Render only the CMS page content:
-    page_content = render_string_template(page_content, context)
+    try:
+        page_content = render_string_template(page_content, context)
+        # If a user access a public viewable cms page, but in the page content
+        # is a lucidTag witch is a restricted method, the pylucid plugin
+        # manager would normaly raise a AccessDenied.
+        # The Problem is, if settings.TEMPLATE_DEBUG is on, we didn't get a
+        # AccessDenied directly, we always get a TemplateSyntaxError! All
+        # other errors will catched and raised a TemplateSyntaxError, too.
+        # See django/template/debug.py
+        # TODO: Instead of a redirect to the login command, we can insert
+        # the ouput from auth.login directly
+    except TemplateSyntaxError, err:
+        # Check if it was a AccessDenied exception
+        # sys.exc_info() added in django/template/debug.py
+        error_class = err.exc_info[1]
+        if isinstance(error_class, AccessDenied):
+            return _redirect_access_denied(request)
+        else:
+            raise # raise the original error
+    except AccessDenied:
+        # settings.TEMPLATE_DEBUG is off
+        return _redirect_access_denied(request)
 
     # http://www.djangoproject.com/documentation/templates_python/#filters-and-auto-escaping
@@ -156 +198 @@
     try:
         current_page_obj = Page.objects.get_by_shortcut(url, request.user)
-    except AccessDenied:
-        if request.user.is_anonymous():
-            # FIXME: We should build the auth command url in a better way.
-            next = '?next=%s' % request.path
-            path = '/'.join(
-                ('',settings.COMMAND_URL_PREFIX,
-                 str(Page.objects.default_page.id),'auth','login',next)
-                )
-            return HttpResponseRedirect(path)
-        else:
-            # User is logged in but access is denied, probably due to group restrictions.
-            request.user.message_set.create(message=_("Access denied"))
-            return HttpResponseRedirect(Page.objects.default_page.get_absolute_url())
+    except Page.DoesNotExist:
+        raise Http404(_("Page '%s' doesn't exists.") % url)
     except Page.objects.WrongShortcut, correct_url:
         # Some parts of the URL was wrong, but we found a right page
         # shortcut -> redirect to the right url
         return HttpResponseRedirect(correct_url)
-    except Page.DoesNotExist:
-        raise Http404(_("Page '%s' doesn't exists.") % url)
+    except AccessDenied:
+        if request.user.is_anonymous():
+            # FIXME: We should build the auth command url in a better way.
+            return _redirect_to_login(request)
+        else:
+            # User is logged in but access is denied,
+            # probably due to group restrictions.
+            request.user.message_set.create(message=_("Access denied"))
+            new_url = Page.objects.default_page.get_absolute_url()
+            return HttpResponseRedirect(new_url)
 
     context = _get_context(request, current_page_obj)

trunk/pylucid/tests/test_plugin_api.py

@@ -61 +61 @@
         )
 
-        self.command = "/%s/%s/%s/%%s/" % (
-            settings.COMMAND_URL_PREFIX,
-            self.test_page.id,
-            TEST_PLUGIN_NAME,
-        )
+        self.base_url = "/%s/%s" % ( # Used with self.assertPluginAccess()
+            settings.COMMAND_URL_PREFIX, self.test_page.id
+        )
+        self.command = "%s/%s/%%s/" % (self.base_url, TEST_PLUGIN_NAME)
         self.test_url = self.test_page.get_absolute_url()
 
@@ -332 +331 @@
         )
 
+class PluginPermissionsTest(PluginAPI_Base):
+    """
+    Test the permissions of a plugin method
+
+    Test the work-a-round if settings.TEMPLATE_DEBUG is on and a AccessDenied
+    would be catched and raised as a TemplateSyntaxError, see:
+     * django/template/debug.py
+     * PyLucid.index._render_cms_page()
+
+    TODO: Must be update if ticket:199 is implemented!
+    ticket: "change plugin_manager_data (must_login and must_admin)"
+    """
+    def test_restricted_method_deny(self):
+        """
+        Test to access a restricted method as a anonymous user.
+        Test with settings.TEMPLATE_DEBUG True/False
+        """
+        from PyLucid.system.exceptions import AccessDenied
+
+        def test():
+            try:
+                self.assertPluginAccess(
+                    self.base_url,
+                    plugin_name = TEST_PLUGIN_NAME,
+                    method_names = ("test_restricted_method",),
+                    must_contain=("[Permission Denied!]",),
+                    must_not_contain=("Traceback",)
+                )
+            except AccessDenied:
+                pass # It's ok.
+            except Exception:
+                raise
+
+        self.client.logout()
+        old_value = settings.TEMPLATE_DEBUG
+
+        settings.TEMPLATE_DEBUG = True
+        test()
+        settings.TEMPLATE_DEBUG = False
+        test()
+
+        settings.TEMPLATE_DEBUG = old_value
+
+    def test_restricted_method_allowed(self):
+        """
+        If the user logged in, he should see the plugin output
+        """
+        self.login("superuser") # login client as superuser
+        self.assertPluginAccess(
+            self.base_url,
+            plugin_name = TEST_PLUGIN_NAME,
+            method_names = ("test_restricted_method",),
+            must_contain=("This is restricted!",),
+            must_not_contain=("Traceback",)
+        )
+
 
 if __name__ == "__main__":

trunk/pylucid/tests/unittest_plugin/unittest_plugin.py

@@ -79 +79 @@
         """
         self.response.write("Hello world!")
+
+    def test_restricted_method(self):
+        """
+        TODO: Must be update if ticket:199 is implemented!
+        ticket: "change plugin_manager_data (must_login and must_admin)"
+        """
+        self.response.write("<pre>This is restricted!</pre>")
 
     def test_attributes(self, attr_name):

trunk/pylucid/tests/unittest_plugin/unittest_plugin_cfg.py

@@ -56 +56 @@
         "must_admin"    : False,
     },
+    "test_restricted_method" : global_rights,
     "test_attributes" : global_rights,
     "test_page_msg" : global_rights,