[Testbot] Plone 5.0 - Python 2.7 - Build # 1922 - Regression! - 13 failure(s)
jenkins at plone.org
jenkins at plone.org
Wed Mar 12 03:29:29 UTC 2014
-------------------------------------------------------------------------------
Plone 5.0 - Python 2.7 - Build # 1922 - Failure!
-------------------------------------------------------------------------------
http://jenkins.plone.org/job/plone-5.0-python-2.7/1922/
-------------------------------------------------------------------------------
CHANGES
-------------------------------------------------------------------------------
Repository: plone.app.layout
Branch: refs/heads/master
Date: 2014-03-11T21:29:53-05:00
Author: Nathan Van Gheem (vangheem) <vangheem at gmail.com>
Commit: https://github.com/plone/plone.app.layout/commit/d8bd0357256784a66af17dc26135909e610dd6b7
handle auto csrf
Files changed:
M CHANGES.rst
M plone/app/layout/dashboard/dashboard.pt
M plone/app/layout/dashboard/dashboard.py
M plone/app/layout/globals/tests/test_portal.py
M plone/app/layout/viewlets/common.py
M plone/app/layout/viewlets/tests/test_common.py
diff --git a/CHANGES.rst b/CHANGES.rst
index 05098e2..71c5b83 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,7 +4,8 @@ Changelog
2.5.1 (unreleased)
------------------
-- Nothing changed yet.
+- for contentview urls, add csrf token automatically
+ [vangheem]
2.5.0 (2014-03-02)
diff --git a/plone/app/layout/dashboard/dashboard.pt b/plone/app/layout/dashboard/dashboard.pt
index c3a29ca..466cbe2 100644
--- a/plone/app/layout/dashboard/dashboard.pt
+++ b/plone/app/layout/dashboard/dashboard.pt
@@ -28,7 +28,7 @@
</li>
<li>
<a href=""
- tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@manage-dashboard"
+ tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@manage-dashboard?_authenticator=${view/auth_token}"
i18n:translate="label_edit">Edit</a>
</li>
</ul>
diff --git a/plone/app/layout/dashboard/dashboard.py b/plone/app/layout/dashboard/dashboard.py
index 31827c8..3290e4b 100644
--- a/plone/app/layout/dashboard/dashboard.py
+++ b/plone/app/layout/dashboard/dashboard.py
@@ -12,6 +12,7 @@
from Products.CMFCore.utils import getToolByName
from Products.statusmessages.interfaces import IStatusMessage
from Products.CMFPlone import PloneMessageFactory as _
+from plone.protect.authenticator import createToken
class IDashboard(interface.Interface):
@@ -32,6 +33,10 @@ def __call__(self):
IStatusMessage(self.request).add(message)
return self.index()
+ @property
+ def auth_token(self):
+ return createToken()
+
@memoize
def can_edit(self):
return bool(getSecurityManager().checkPermission(
diff --git a/plone/app/layout/globals/tests/test_portal.py b/plone/app/layout/globals/tests/test_portal.py
index ba4959a..56e7f3a 100644
--- a/plone/app/layout/globals/tests/test_portal.py
+++ b/plone/app/layout/globals/tests/test_portal.py
@@ -110,8 +110,8 @@ def test_is_rtl(self):
def test_member(self):
self.assertEqual(
- self.view.member(),
- self.portal.portal_membership.getAuthenticatedMember()
+ self.view.member().id,
+ self.portal.portal_membership.getAuthenticatedMember().id
)
def test_anonymous(self):
diff --git a/plone/app/layout/viewlets/common.py b/plone/app/layout/viewlets/common.py
index 1833d40..2d2aa22 100644
--- a/plone/app/layout/viewlets/common.py
+++ b/plone/app/layout/viewlets/common.py
@@ -18,6 +18,7 @@
from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
from plone.app.layout.globals.interfaces import IViewView
+from plone.protect.utils import addTokenToUrl
class ViewletBase(BrowserView):
@@ -321,8 +322,9 @@ def prepareObjectTabs(self, default_tab='view',
item['url'] = action_url
else:
item['url'] = '%s/%s' % (context_url, action_url)
+ item['url'] = addTokenToUrl(item['url'], self.request)
- action_method = item['url'].split('/')[-1]
+ action_method = item['url'].split('/')[-1].split('?')[0]
# Action method may be a method alias:
# Attempt to resolve to a template.
@@ -330,7 +332,7 @@ def prepareObjectTabs(self, default_tab='view',
action_method, default=action_method
)
if action_method:
- request_action = unquote(request_url_path)
+ request_action = unquote(request_url_path).split('?')[0]
request_action = context_fti.queryMethodID(
request_action, default=request_action
)
diff --git a/plone/app/layout/viewlets/tests/test_common.py b/plone/app/layout/viewlets/tests/test_common.py
index cf5ccba..cbe2650 100644
--- a/plone/app/layout/viewlets/tests/test_common.py
+++ b/plone/app/layout/viewlets/tests/test_common.py
@@ -11,6 +11,8 @@
from plone.app.layout.viewlets.common import ContentViewsViewlet
from plone.app.layout.navigation.interfaces import INavigationRoot
+from plone.protect import authenticator as auth
+
class TestViewletBase(ViewletsTestCase):
"""Test the base class for the viewlets.
@@ -78,8 +80,10 @@ def testPrepareObjectTabsNonStructuralFolder(self):
def testPrepareObjectTabsDefaultView(self):
self._invalidateRequestMemoizations()
self.loginAsPortalOwner()
- self.app.REQUEST[
- 'ACTUAL_URL'] = self.folder.test.absolute_url() + '/edit'
+ self.app.REQUEST['ACTUAL_URL'] = '%s/edit?_authenticator=%s' % (
+ self.folder.test.absolute_url(),
+ auth.createToken()
+ )
view = ContentViewsViewlet(self.folder.test, self.app.REQUEST, None)
tabs = view.prepareObjectTabs()
self.assertEqual(0, len([t for t in tabs if t[
-------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CHANGES.log
Type: application/octet-stream
Size: 5419 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-testbot/attachments/20140312/dcc98241/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: build.log
Type: application/octet-stream
Size: 152679 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-testbot/attachments/20140312/dcc98241/attachment-0003.obj>
More information about the Testbot
mailing list