Bugfix: ZOPE_WATCH_CHECKERS=1 used to miss most of the checks

3 files changed, 16 insertions, 0 deletions

diff --git a/CHANGES.rst b/CHANGES.rst
index 5a2d3a5..9057b02 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,8 @@ CHANGES
 - Bugfix: ZOPE_WATCH_CHECKERS=2 used to incorrectly suppress
   unauthorized/forbidden warnings.
 
+- Bugfix: ZOPE_WATCH_CHECKERS=1 used to miss most of the checks.
+
 
 4.0.0b1 (2013-03-11)
 --------------------
diff --git a/src/zope/security/checker.py b/src/zope/security/checker.py
index f92a2ff..8f3cfb4 100644
--- a/src/zope/security/checker.py
+++ b/src/zope/security/checker.py
@@ -558,6 +558,8 @@ class CheckerLoggingMixin(object):
                 '[CHK] - Forbidden getattr: %s on %r' % (name, object))
             raise
 
+    __setitem__ = check_getattr
+
     def check_setattr(self, object, name):
         try:
             super(CheckerLoggingMixin, self).check_setattr(object, name)
diff --git a/src/zope/security/tests/test_checker.py b/src/zope/security/tests/test_checker.py
index ffcfc79..0eabfb6 100644
--- a/src/zope/security/tests/test_checker.py
+++ b/src/zope/security/tests/test_checker.py
@@ -1252,6 +1252,18 @@ class CheckerLoggingMixinTests(unittest.TestCase):
         self.assertEqual(checker._file[0],
                          '[CHK] - Forbidden setattr: name on TESTING\n')
 
+    def test_check_setitem_unauthorized(self):
+        # __setitem__ is an alias for check_getattr, used for speed reasons
+        # (AFAIU calling tp_setitem from C is much faster than calling a
+        # method by name).
+        from zope.security.interfaces import Unauthorized
+        checker = self._makeOne(Unauthorized)
+        self.assertRaises(Unauthorized,
+                          checker.__setitem__, self._makeObject(), 'name')
+        self.assertEqual(len(checker._file), 1)
+        self.assertEqual(checker._file[0],
+                         '[CHK] - Unauthorized getattr: name on TESTING\n')
+
 
 class Test__instanceChecker(unittest.TestCase):