[Checkins] SVN: Products.CMFDefault/trunk/Products/CMFDefault/ - changed the way add form permissions are configured and checked
Yvo Schubbe
y.2009 at wcm-solutions.de
Fri Dec 4 04:43:52 EST 2009
Log message for revision 106203:
- changed the way add form permissions are configured and checked
Changed:
U Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt
U Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml
U Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml
U Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py
-=-
Modified: Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt 2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt 2009-12-04 09:43:51 UTC (rev 106203)
@@ -4,6 +4,10 @@
2.2.0-beta (unreleased)
-----------------------
+- views: Improved ContentAddFormBase.
+ Permissions and container constraints are now checked by the '__call__'
+ method. There is no need to add security declarations for derived add forms.
+
- upgrade: Added more upgrade steps.
There is now support for upgrading the step registrations in the setup tool,
the columns in the catalog tool and the icons in the actions tool and
Modified: Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml 2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml 2009-12-04 09:43:51 UTC (rev 106203)
@@ -10,13 +10,13 @@
template="templates/folder.pt"
permission="zope2.View"
/>
-
+
<utility
component=".folder.contents_delta_vocabulary"
name="cmf.contents delta vocabulary"
provides="zope.schema.interfaces.IVocabularyFactory"
/>
-
+
<browser:page
for="Products.CMFCore.interfaces.IFolderish"
layer="..interfaces.ICMFDefaultSkin"
@@ -86,13 +86,6 @@
factory=".link.LinkAddView"
/>
- <class class=".link.LinkAddView">
- <require
- permission="cmf.AddPortalContent"
- interface="zope.formlib.interfaces.IPageForm"
- />
- </class>
-
<browser:page
for="..interfaces.ILink"
layer="..interfaces.ICMFDefaultSkin"
@@ -117,13 +110,6 @@
factory=".favorite.FavoriteAddView"
/>
- <class class=".favorite.FavoriteAddView">
- <require
- permission="cmf.AddPortalContent"
- interface="zope.formlib.interfaces.IPageForm"
- />
- </class>
-
<browser:page
for="..interfaces.IMutableFavorite"
layer="..interfaces.ICMFDefaultSkin"
@@ -139,13 +125,6 @@
factory=".file.FileAddView"
/>
- <class class=".file.FileAddView">
- <require
- permission="cmf.AddPortalContent"
- interface="zope.formlib.interfaces.IPageForm"
- />
- </class>
-
<adapter
name="cmf.image"
factory=".file.FileAddView"
Modified: Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml 2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml 2009-12-04 09:43:51 UTC (rev 106203)
@@ -13,11 +13,4 @@
<adapter factory=".form.FallbackAddView" />
- <class class=".form.FallbackAddView">
- <require
- permission="cmf.AddPortalContent"
- interface="zope.formlib.interfaces.IPageForm"
- />
- </class>
-
</configure>
Modified: Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py 2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py 2009-12-04 09:43:51 UTC (rev 106203)
@@ -18,6 +18,8 @@
from datetime import datetime
from sets import Set
+from AccessControl.SecurityInfo import ClassSecurityInfo
+from App.class_init import InitializeClass
from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
from Products.Five.formlib.formbase import PageAddForm
from Products.Five.formlib.formbase import PageDisplayForm
@@ -39,6 +41,7 @@
from Products.CMFDefault.exceptions import AccessControl_Unauthorized
from Products.CMFDefault.formlib.widgets import IDInputWidget
from Products.CMFDefault.interfaces import ICMFDefaultSkin
+from Products.CMFDefault.permissions import AddPortalContent
from Products.CMFDefault.utils import Message as _
from Products.CMFDefault.utils import translate
@@ -87,6 +90,9 @@
adapts(IFolderish, ICMFDefaultSkin, ITypeInformation)
implementsOnly(IPageForm)
+ security = ClassSecurityInfo()
+ security.declareObjectPrivate()
+
actions = form.Actions(
form.Action(
name='add',
@@ -105,6 +111,24 @@
self.request = request
self.ti = ti
+ security.declareProtected(AddPortalContent, '__call__')
+ def __call__(self):
+ container = self.context
+ portal_type = self.ti.getId()
+
+ # check allowed (sometimes redundant, but better safe than sorry)
+ if not self.ti.isConstructionAllowed(container):
+ raise AccessControl_Unauthorized('Cannot create %s' % portal_type)
+
+ # check container constraints
+ ttool = self._getTool('portal_types')
+ container_ti = ttool.getTypeInfo(container)
+ if container_ti is not None and \
+ not container_ti.allowType(portal_type):
+ raise ValueError('Disallowed subobject type: %s' % portal_type)
+
+ return super(ContentAddFormBase, self).__call__()
+
@property
def label(self):
obj_type = translate(self.ti.Title(), self.context)
@@ -136,19 +160,7 @@
def add(self, obj):
container = self.context
- portal_type = self.ti.getId()
- # check allowed (sometimes redundant, but better safe than sorry)
- if not self.ti.isConstructionAllowed(container):
- raise AccessControl_Unauthorized('Cannot create %s' % portal_type)
-
- #check container constraints
- ttool = self._getTool('portal_types')
- container_ti = ttool.getTypeInfo(container)
- if container_ti is not None and \
- not container_ti.allowType(portal_type):
- raise ValueError('Disallowed subobject type: %s' % portal_type)
-
name = INameChooser(container).chooseName(obj.getId(), obj)
obj.id = name
container._setObject(name, obj)
@@ -169,7 +181,9 @@
return '%s/%s?%s' % (obj.absolute_url(), self.ti.immediate_view,
make_query(portal_status_message=message))
+InitializeClass(ContentAddFormBase)
+
class FallbackAddView(ContentAddFormBase):
"""Add view for IDynamicType content.
More information about the checkins
mailing list