Log message for revision 110186: Merge r110185 from 2.12 branch Changed: U Zope/trunk/src/Products/Five/browser/resource.py U Zope/trunk/src/Products/Five/browser/tests/resource.txt
-=- Modified: Zope/trunk/src/Products/Five/browser/resource.py =================================================================== --- Zope/trunk/src/Products/Five/browser/resource.py 2010-03-26 12:39:58 UTC (rev 110185) +++ Zope/trunk/src/Products/Five/browser/resource.py 2010-03-26 12:48:34 UTC (rev 110186) @@ -162,6 +162,11 @@ resource = factory(name, filename)(self.request) resource.__name__ = name resource.__parent__ = self + + # We need to propagate security so that restrictedTraverse() will + # work + resource.__roles__ = self.__roles__ + return resource class DirectoryResourceFactory(ResourceFactory): Modified: Zope/trunk/src/Products/Five/browser/tests/resource.txt =================================================================== --- Zope/trunk/src/Products/Five/browser/tests/resource.txt 2010-03-26 12:39:58 UTC (rev 110185) +++ Zope/trunk/src/Products/Five/browser/tests/resource.txt 2010-03-26 12:48:34 UTC (rev 110186) @@ -69,7 +69,6 @@ ... if not isinstance(resource, PageTemplateResource): ... self.assertEquals(resource(), base_url % r) - Security -------- @@ -108,7 +107,15 @@ ... path = base % resource ... checkRestricted(self.folder, 'context.restrictedTraverse("%s")' % path) +Let's make sure restrictedTraverse() works directly, too. It used to get +tripped up on subdirectories due to missing security declarations. + >>> self.folder.restrictedTraverse('++resource++fivetest_resources/resource.txt') is not None + True + + >>> self.folder.restrictedTraverse('++resource++fivetest_resources/resource_subdir/resource.txt') is not None + True + Clean up -------- _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins