[gen] Security: added missing checks at the code level, ensuring that a user can create instances of a given class (root classes, or instances created via an initiator field); bugfixes in the test system, which works again (was broken after deplonization); [shared] XmlUnmarshaller can now be ran in 'non utf-8' mode: if enabled, any marshalled string will no be Python unicode, but simple str.

2012-06-02 14:36:49 +02:00 · 2012-06-02 14:36:49 +02:00 · f843d5b7d6
commit f843d5b7d6
parent 0d7afb685f
11 changed files with 167 additions and 79 deletions
--- a/gen/mixins/ToolMixin.py
+++ b/gen/mixins/ToolMixin.py
@ -898,11 +898,16 @@ class ToolMixin(BaseMixin):
        userId = self.getUser().getId()
        # Perform the logout in acl_users
        rq.RESPONSE.expireCookie('__ac', path='/')
-        # Invalidate existing sessions.
-        sdm = self.session_data_manager
-        session = sdm.getSessionData(create=0)
-        if session is not None:
-            session.invalidate()
+        # Invalidate session.
+        try:
+            sdm = self.session_data_manager
+        except AttributeError, ae:
+            # When ran in test mode, session_data_manager is not there.
+            sdm = None
+        if sdm:
+            session = sdm.getSessionData(create=0)
+            if session is not None:
+                session.invalidate()
        self.log('User "%s" has been logged out.' % userId)
        # Remove user from variable "loggedUsers"
        from appy.gen.installer import loggedUsers