diff options
author | Dan Korostelev <nadako@gmail.com> | 2009-03-05 11:36:32 +0000 |
---|---|---|
committer | Dan Korostelev <nadako@gmail.com> | 2009-03-05 11:36:32 +0000 |
commit | 17fcaadfd944860b6b55c1b11ce317b782b8b67f (patch) | |
tree | 938bb5dee15f184f83df279eb15e13f589024b50 /src | |
parent | 085a841bcf185a02ab9feababdd94bb3c35f51a2 (diff) | |
download | zope-security-17fcaadfd944860b6b55c1b11ce317b782b8b67f.tar.gz |
Raise NoInteraction when zope.security.checkPermission is called without interaction being active (LP #301565).
Diffstat (limited to 'src')
-rw-r--r-- | src/zope/security/management.py | 5 | ||||
-rw-r--r-- | src/zope/security/tests/test_management.py | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/src/zope/security/management.py b/src/zope/security/management.py index ddb129c..dbe8381 100644 --- a/src/zope/security/management.py +++ b/src/zope/security/management.py @@ -137,7 +137,10 @@ def checkPermission(permission, object, interaction=None): if permission is CheckerPublic or permission is None: return True if interaction is None: - interaction = thread_local.interaction + try: + interaction = thread_local.interaction + except AttributeError: + raise zope.security.interfaces.NoInteraction return interaction.checkPermission(permission, object) addCleanUp(endInteraction) diff --git a/src/zope/security/tests/test_management.py b/src/zope/security/tests/test_management.py index eda2318..c257d6b 100644 --- a/src/zope/security/tests/test_management.py +++ b/src/zope/security/tests/test_management.py @@ -77,7 +77,8 @@ class Test(CleanUp, unittest.TestCase): from zope.security import checkPermission from zope.security.management import setSecurityPolicy from zope.security.management import queryInteraction - from zope.security.management import newInteraction + from zope.security.management import newInteraction, endInteraction + from zope.security.interfaces import NoInteraction permission = 'zope.Test' obj = object() @@ -94,6 +95,9 @@ class Test(CleanUp, unittest.TestCase): newInteraction() interaction = queryInteraction() self.assertEquals(checkPermission(permission, obj), True) + + endInteraction() + self.assertRaises(NoInteraction, checkPermission, permission, obj) def test_checkPublicPermission(self): from zope.security import checkPermission |