Skip to main content

Trusted layer setup for Zope3

Project description

This package provides a trused layer setup for Zope3. Truted means you can
travers over objects which you don't have permission for. This is needed if you
have a setup with more then one IAuthentication utility. Otherwise you don't
hav a chance to traverse to the IAthentication utility in the subsite without
to authenticate at the parent IAuthentication.


Detailed Documentation
**********************

======
README
======

This package contains the trusted layer. This layer support a correct set of
component registration and can be used for inheritation in custom skins.

The ITrustedBrowserLayer supports the same registration set like the
IMinimalBrowserLayer. The only difference is, that the trusted layer offers
trusted traversal adapters. This means a skin using this layer can traverse
over a PAU (pluggable IAuthentication utility) without to run into a
Unautorized exception.

For more information see also the README.txt in z3c.layer.minimal.


Testing
-------

For testing the ITrustedBrowserLayer we use the testing skin defined in the
tests package which uses the ITrustedBrowserLayer. This means, that our
testing skin provides also the views defined in the minimal package
and it's testing views defined in the minimal tests.

Login as manager first:

>>> from zope.testbrowser.testing import Browser
>>> manager = Browser()
>>> manager.addHeader('Authorization', 'Basic mgr:mgrpw')

Check if we can access the public page.html view which is registred in the
ftesting.zcml file with our skin:

>>> skinURL = 'http://localhost/++skin++TrustedTesting'
>>> manager.open(skinURL + '/page.html')
>>> manager.url
'http://localhost/++skin++TrustedTesting/page.html'

>>> print manager.contents
<BLANKLINE>
<html>
<head>
<title>testing</title>
</head>
<body>
<BLANKLINE>
test page
<BLANKLINE>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

Now check the not found page which is a exception view on the exception
``zope.publisher.interfaces.INotFound``:

>>> manager.open(skinURL + '/foobar.html')
Traceback (most recent call last):
...
HTTPError: HTTP Error 404: Not Found

>>> print manager.contents
<BLANKLINE>
<html>
<head>
<title>testing</title>
</head>
<body>
<div>
<br />
<br />
<h3>
The page you are trying to access is not available
</h3>
<br />
<b>
Please try the following:
</b>
<br />
<ol>
<li>
Make sure that the Web site address is spelled correctly.
</li>
<li>
<a href="javascript:history.back(1);">
Go back and try another URL.
</a>
</li>
</ol>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

And check the user error page which is a view registred for
``zope.exceptions.interfaces.IUserError`` exceptions:

>>> manager.open(skinURL + '/@@usererror.html')
>>> print manager.contents
<BLANKLINE>
<html>
<head>
<title>testing</title>
</head>
<body>
<div>
<div>simply user error</div>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

And check error view registred for
``zope.interface.common.interfaces.IException``:

>>> manager.open(skinURL + '/@@systemerror.html')
>>> print manager.contents
<BLANKLINE>
<html>
<head>
<title>testing</title>
</head>
<body>
<div>
<br />
<br />
<h3>A system error occurred</h3>
<br />
<b>Please contact the administrator.</b>
<a href="javascript:history.back(1);">
Go back and try another URL.
</a>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>

And check the ``zope.security.interfaces.IUnauthorized`` view, use a new
unregistred user (test browser) for this:

>>> unauthorized = Browser()
>>> unauthorized.open(skinURL + '/@@forbidden.html')
Traceback (most recent call last):
...
HTTPError: HTTP Error 401: Unauthorized

>>> print unauthorized.contents
<BLANKLINE>
<html>
<head>
<title>testing</title>
</head>
<body>
<div>
<BLANKLINE>
<h1>Unauthorized</h1>
<BLANKLINE>
<p>You are not authorized</p>
<BLANKLINE>
</div>
</body>
</html>
<BLANKLINE>
<BLANKLINE>


=======
CHANGES
=======

1.0.1 (2008-01-24)
------------------

- Bug: Corrected and improved meta-data and documentation.


1.0.0 (2008-01-21)
------------------

- Restructure: Move ``z3c.layer.trusted`` package to it's own top level
package form ``zope.layer`` to ``z3c.layer.trusted``.

- Bug: Reflect changes in ``zope.app.securitypolicy`` ZCML
configuration. Prevent loading deprecated module configuration.

- Restructure: Moved implementation from ``z3c.layer`` to
``z3c.layer.trusted``.


0.2.3 (2007-11-07)
------------------

- Forward-Bug: Due to a bug in mechanize, the testbrowser throws
``httperror_seek_wrapper`` instead of ``HTTPError`` errors. Thanks to RE
normalizers, the code will now work whether the bug is fixed or not in
mechanize.


0.2.2 (2007-10-31)
------------------

- Bug: Fixed package meta-data.

- Bug: Fixed test failures due to depency updates.

- Restructure: Fixed deprecation warninf for ``ZopeSecurityPolicy``.


0.2.1 (2007-??-??)
------------------

- Changes unknown.


0.2.0 (2007-??-??)
------------------

- Initial release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

z3c.layer.trusted-1.0.1.tar.gz (7.4 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page