[Checkins] SVN: hurry.workflow/trunk/ Fix check_security for fireTransitionToward.
Martijn Faassen
faassen at startifact.com
Fri Feb 10 16:59:00 UTC 2012
Log message for revision 124365:
Fix check_security for fireTransitionToward.
Changed:
U hurry.workflow/trunk/CHANGES.txt
U hurry.workflow/trunk/src/hurry/workflow/workflow.py
U hurry.workflow/trunk/src/hurry/workflow/workflow.txt
-=-
Modified: hurry.workflow/trunk/CHANGES.txt
===================================================================
--- hurry.workflow/trunk/CHANGES.txt 2012-02-10 14:59:45 UTC (rev 124364)
+++ hurry.workflow/trunk/CHANGES.txt 2012-02-10 16:58:59 UTC (rev 124365)
@@ -5,9 +5,14 @@
0.12 (unreleased)
=================
-- Make the info() and state() functions on the WorkflowInfo class into
+* Make the info() and state() functions on the WorkflowInfo class into
classmethods as they are not of much use otherwise.
+* fireTransitionToward already accepted a check_security=False
+ argument, but it would not allow a transition that a user didn't
+ have the permission for to be fired after all, because the
+ transition wouldn't even be found in the first place. Now it works.
+
0.11 (2010-04-16)
=================
Modified: hurry.workflow/trunk/src/hurry/workflow/workflow.py
===================================================================
--- hurry.workflow/trunk/src/hurry/workflow/workflow.py 2012-02-10 14:59:45 UTC (rev 124364)
+++ hurry.workflow/trunk/src/hurry/workflow/workflow.py 2012-02-10 16:58:59 UTC (rev 124365)
@@ -197,7 +197,8 @@
def fireTransitionToward(self, state, comment=None, side_effect=None,
check_security=True):
- transition_ids = self.getFireableTransitionIdsToward(state)
+ transition_ids = self.getFireableTransitionIdsToward(state,
+ check_security)
if not transition_ids:
raise interfaces.NoTransitionAvailableError
if len(transition_ids) != 1:
@@ -231,11 +232,13 @@
id = self.state(self.context).getId()
return wf_versions.hasVersion(state, id)
- def getManualTransitionIds(self):
+ def getManualTransitionIds(self, check_security=True):
try:
checkPermission = getInteraction().checkPermission
except NoInteraction:
checkPermission = nullCheckPermission
+ if not check_security:
+ checkPermission = nullCheckPermission
return [transition.transition_id for transition in
sorted(self._getTransitions(MANUAL)) if
transition.condition(self, self.context) and
@@ -247,12 +250,13 @@
sorted(self._getTransitions(SYSTEM)) if
transition.condition(self, self.context)]
- def getFireableTransitionIds(self):
- return self.getManualTransitionIds() + self.getSystemTransitionIds()
+ def getFireableTransitionIds(self, check_security=True):
+ return (self.getManualTransitionIds(check_security) +
+ self.getSystemTransitionIds())
- def getFireableTransitionIdsToward(self, state):
+ def getFireableTransitionIdsToward(self, state, check_security=True):
result = []
- for transition_id in self.getFireableTransitionIds():
+ for transition_id in self.getFireableTransitionIds(check_security):
transition = self.wf.getTransitionById(transition_id)
if transition.destination == state:
result.append(transition_id)
Modified: hurry.workflow/trunk/src/hurry/workflow/workflow.txt
===================================================================
--- hurry.workflow/trunk/src/hurry/workflow/workflow.txt 2012-02-10 14:59:45 UTC (rev 124364)
+++ hurry.workflow/trunk/src/hurry/workflow/workflow.txt 2012-02-10 16:58:59 UTC (rev 124365)
@@ -787,6 +787,16 @@
... print "Got unauthorized"
Got unauthorized
+It's also not allowed for ``fireTransitionToward``::
+
+ >>> info.fireTransitionToward(PUBLISHED)
+ Traceback (most recent call last):
+ ...
+ NoTransitionAvailableError
+
+In this case, the transition even't even available because the user
+doesn't have the right permission.
+
The system user is however allowed to do it::
>>> from zope.security.management import system_user
@@ -804,6 +814,12 @@
>>> interfaces.IWorkflowState(document).setState(UNPUBLISHED)
>>> info.fireTransition('publish', check_security=False)
+This also works with fireTransitionToward::
+
+ >>> interfaces.IWorkflowState(document).setState(UNPUBLISHED)
+ >>> info.fireTransitionToward(PUBLISHED, check_security=False)
+
+
Side effects during transitions
-------------------------------
More information about the checkins
mailing list