[Checkins] SVN: Products.CMFCore/trunk/Products/CMFCore/ - added 'isMemberAccessAllowed' method

Yvo Schubbe y.2011 at wcm-solutions.de
Wed Feb 23 05:25:20 EST 2011


Log message for revision 120528:
  - added 'isMemberAccessAllowed' method

Changed:
  U   Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt
  U   Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py
  U   Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py
  U   Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py

-=-
Modified: Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt	2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt	2011-02-23 10:25:19 UTC (rev 120528)
@@ -4,6 +4,10 @@
 2.3.0-alpha (unreleased)
 ------------------------
 
+- MembershipTool: Added 'isMemberAccessAllowed' method.
+  If you don't have the 'Manage users' permission for the membership tool, you
+  shouldn't have write access to other members.
+
 - MemberDataTool: Removed obsolete MemberData factory lookup.
   This feature was added in CMF 2.2, but now the MemberAdapter should be
   overridden instead.

Modified: Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py	2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/MembershipTool.py	2011-02-23 10:25:19 UTC (rev 120528)
@@ -320,6 +320,18 @@
             object = getattr(object, subobjectName)
         return _checkPermission(permissionName, object)
 
+    security.declareProtected(ManageUsers, 'isMemberAccessAllowed')
+    def isMemberAccessAllowed(self, member_id):
+        """Check if the authenticated user is this member or an user manager.
+        """
+        sm = getSecurityManager()
+        user = sm.getUser()
+        if user is None:
+            return False
+        if member_id == user.getId():
+            return True
+        return sm.checkPermission(ManageUsers, self)
+
     security.declarePublic('credentialsChanged')
     def credentialsChanged(self, password, REQUEST=None):
         '''

Modified: Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py	2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/interfaces/_tools.py	2011-02-23 10:25:19 UTC (rev 120528)
@@ -684,6 +684,13 @@
         o Permission:  Public
         """
 
+    def isMemberAccessAllowed(member_id):
+        """Check if the authenticated user is this member or an user manager.
+
+        If you don't have the 'Manage users' permission for the membership
+        tool, you shouldn't have write access to other members.
+        """
+
     def credentialsChanged(password, REQUEST=None):
         """ Notify the authentication mechanism that this user has
             changed passwords.

Modified: Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py	2011-02-23 10:08:49 UTC (rev 120527)
+++ Products.CMFCore/trunk/Products/CMFCore/tests/test_MembershipTool.py	2011-02-23 10:25:19 UTC (rev 120528)
@@ -155,6 +155,21 @@
         mtool.createMemberArea( LOCAL_USER_ID )
         self.failUnless( hasattr(members.aq_self, LOCAL_USER_ID ) )
 
+    def test_isMemberAccessAllowed(self):
+        site = self._makeSite()
+        mtool = site.portal_membership
+        acl_users = site._setObject('acl_users', DummyUserFolder())
+        self.assertFalse(mtool.isMemberAccessAllowed('user_foo'))
+
+        newSecurityManager(None, acl_users.user_bar)
+        self.assertFalse(mtool.isMemberAccessAllowed('user_foo'))
+
+        newSecurityManager(None, acl_users.user_foo)
+        self.assertTrue(mtool.isMemberAccessAllowed('user_foo'))
+
+        newSecurityManager(None, acl_users.all_powerful_Oz)
+        self.assertTrue(mtool.isMemberAccessAllowed('user_foo'))
+
     def test_deleteMembers(self):
         site = self._makeSite()
         sm = getSiteManager()



More information about the checkins mailing list