[CMF-checkins] CVS: CMF/CMFCore - PortalFolder.py:1.30.2.1 TypesTool.py:1.32.2.1
Chris Withers
chrisw@nipltd.com
Fri, 8 Mar 2002 07:31:46 -0500
Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv4181/CMFCore
Modified Files:
Tag: ChrisW-control_creation-branch
PortalFolder.py TypesTool.py
Log Message:
Fix content creation permission thing properly. Thanks for the pointers. Shane :-)
=== CMF/CMFCore/PortalFolder.py 1.30 => 1.30.2.1 ===
if myType is not None:
- for contentType in portal_types.listTypeInfo():
+ for contentType in portal_types.listTypeInfo(self):
if myType.allowType( contentType.Type() ):
result.append( contentType )
else:
=== CMF/CMFCore/TypesTool.py 1.32 => 1.32.2.1 ===
from utils import _dtmldir, _checkPermission, cookString, getToolByName
import string
-from AccessControl import getSecurityManager, ClassSecurityInfo
-try:
- from AccessControl import Unauthorized
-except:
- Unauthorized = 'Unauthorized'
+from AccessControl import getSecurityManager, ClassSecurityInfo, Unauthorized
from Acquisition import aq_base
import Products, CMFCorePermissions
from ActionProviderBase import ActionProviderBase
@@ -683,6 +679,13 @@
else:
return None
+ security.declarePrivate('_checkViewType')
+ def _checkViewType(self,t):
+ try:
+ return getSecurityManager().validate(t, t, 'Type', t.Type)
+ except Unauthorized:
+ return 0
+
security.declareProtected(AccessContentsInformation, 'listTypeInfo')
def listTypeInfo( self, container=None ):
"""
@@ -699,6 +702,9 @@
if not t.Type():
# Not ready.
continue
+ # check we're allowed to access the type object
+ if not self._checkViewType(t):
+ continue
if container is not None:
if not t.isConstructionAllowed(container):
continue
@@ -742,6 +748,10 @@
info = self.getTypeInfo( type_name )
if info is None:
raise 'ValueError', 'No such content type: %s' % type_name
+
+ # check we're allowed to access the type object
+ if not self._checkViewType(info):
+ raise Unauthorized,info
ob = apply(info.constructInstance, (container, id) + args, kw)