[CMF-checkins] CVS: CMF/CMFCore - UndoTool.py:1.6
Tres Seaver
tseaver@zope.com
Tue, 2 Apr 2002 16:32:49 -0500
Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv9090/CMFCore
Modified Files:
UndoTool.py
Log Message:
- Make 'undo' work for non-manager members, by making it public; note
that this change requires adding an expensive check that the transactions
passed in are actually undoable by the user. (Tracker #488).
=== CMF/CMFCore/UndoTool.py 1.5 => 1.6 ===
from Globals import InitializeClass, DTMLFile
from string import split
-from AccessControl import ClassSecurityInfo
+from AccessControl import ClassSecurityInfo, Unauthorized
from Expression import Expression
from ActionInformation import ActionInformation
from ActionProviderBase import ActionProviderBase
@@ -91,12 +91,30 @@
transactions
)
return transactions
-
- security.declareProtected(UndoChanges, 'undo')
+ security.declarePublic('undo')
def undo(self, object, transaction_info):
- '''Performs an undo operation.
- '''
+ """
+ Undo the list of transactions passed in 'transaction_info',
+ first verifying that the current user is allowed to undo them.
+ """
+ # Belt and suspenders: make sure that the user is actually
+ # allowed to undo the transation(s) in transaction_info.
+
+ xids = {} # set of allowed transaction IDs
+
+ allowed = self.listUndoableTransactionsFor( object )
+
+ for xid in map( lambda x: x['id'], allowed ):
+ xids[xid] = 1
+
+ if type( transaction_info ) == type( '' ):
+ transaction_info = [ transaction_info ]
+
+ for tinfo in transaction_info:
+ if not xids.get( tinfo, None ):
+ raise Unauthorized
+
object.manage_undo_transactions(transaction_info)