Raise NoInteraction when zope.security.checkPermission is called without interaction being active (LP #301565).

2 files changed, 9 insertions, 2 deletions

diff --git a/src/zope/security/management.py b/src/zope/security/management.py
index ddb129c..dbe8381 100644
--- a/src/zope/security/management.py
+++ b/src/zope/security/management.py
@@ -137,7 +137,10 @@ def checkPermission(permission, object, interaction=None):
     if permission is CheckerPublic or permission is None:
         return True
     if interaction is None:
-        interaction = thread_local.interaction
+        try:
+            interaction = thread_local.interaction
+        except AttributeError:
+            raise zope.security.interfaces.NoInteraction
     return interaction.checkPermission(permission, object)
 
 addCleanUp(endInteraction)
diff --git a/src/zope/security/tests/test_management.py b/src/zope/security/tests/test_management.py
index eda2318..c257d6b 100644
--- a/src/zope/security/tests/test_management.py
+++ b/src/zope/security/tests/test_management.py
@@ -77,7 +77,8 @@ class Test(CleanUp, unittest.TestCase):
         from zope.security import checkPermission
         from zope.security.management import setSecurityPolicy
         from zope.security.management import queryInteraction
-        from zope.security.management import newInteraction
+        from zope.security.management import newInteraction, endInteraction
+        from zope.security.interfaces import NoInteraction
 
         permission = 'zope.Test'
         obj = object()
@@ -94,6 +95,9 @@ class Test(CleanUp, unittest.TestCase):
         newInteraction()
         interaction = queryInteraction()
         self.assertEquals(checkPermission(permission, obj), True)
+        
+        endInteraction()
+        self.assertRaises(NoInteraction, checkPermission, permission, obj)
 
     def test_checkPublicPermission(self):
         from zope.security import checkPermission