[Checkins] SVN: Products.CMFCore/trunk/Products/CMFCore/ - added 'isMemberAccessAllowed' method
Yvo Schubbe
y.2011 at wcm-solutions.de
Wed Feb 23 05:25:20 EST 2011
Log message for revision 120528:
- added 'isMemberAccessAllowed' method
Changed:
U Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt
U Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py
U Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py
U Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py
-=-
Modified: Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt 2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt 2011-02-23 10:25:19 UTC (rev 120528)
@@ -4,6 +4,10 @@
2.3.0-alpha (unreleased)
------------------------
+- MembershipTool: Added 'isMemberAccessAllowed' method.
+ If you don't have the 'Manage users' permission for the membership tool, you
+ shouldn't have write access to other members.
+
- MemberDataTool: Removed obsolete MemberData factory lookup.
This feature was added in CMF 2.2, but now the MemberAdapter should be
overridden instead.
Modified: Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py 2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py 2011-02-23 10:25:19 UTC (rev 120528)
@@ -320,6 +320,18 @@
object = getattr(object, subobjectName)
return _checkPermission(permissionName, object)
+ security.declareProtected(ManageUsers, 'isMemberAccessAllowed')
+ def isMemberAccessAllowed(self, member_id):
+ """Check if the authenticated user is this member or an user manager.
+ """
+ sm = getSecurityManager()
+ user = sm.getUser()
+ if user is None:
+ return False
+ if member_id == user.getId():
+ return True
+ return sm.checkPermission(ManageUsers, self)
+
security.declarePublic('credentialsChanged')
def credentialsChanged(self, password, REQUEST=None):
'''
Modified: Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py 2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py 2011-02-23 10:25:19 UTC (rev 120528)
@@ -684,6 +684,13 @@
o Permission: Public
"""
+ def isMemberAccessAllowed(member_id):
+ """Check if the authenticated user is this member or an user manager.
+
+ If you don't have the 'Manage users' permission for the membership
+ tool, you shouldn't have write access to other members.
+ """
+
def credentialsChanged(password, REQUEST=None):
""" Notify the authentication mechanism that this user has
changed passwords.
Modified: Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py 2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py 2011-02-23 10:25:19 UTC (rev 120528)
@@ -155,6 +155,21 @@
mtool.createMemberArea( LOCAL_USER_ID )
self.failUnless( hasattr(members.aq_self, LOCAL_USER_ID ) )
+ def test_isMemberAccessAllowed(self):
+ site = self._makeSite()
+ mtool = site.portal_membership
+ acl_users = site._setObject('acl_users', DummyUserFolder())
+ self.assertFalse(mtool.isMemberAccessAllowed('user_foo'))
+
+ newSecurityManager(None, acl_users.user_bar)
+ self.assertFalse(mtool.isMemberAccessAllowed('user_foo'))
+
+ newSecurityManager(None, acl_users.user_foo)
+ self.assertTrue(mtool.isMemberAccessAllowed('user_foo'))
+
+ newSecurityManager(None, acl_users.all_powerful_Oz)
+ self.assertTrue(mtool.isMemberAccessAllowed('user_foo'))
+
def test_deleteMembers(self):
site = self._makeSite()
sm = getSiteManager()
More information about the checkins
mailing list