[CMF-checkins] CVS: CMF/CMFCore - PortalFolder.py:1.31 TypesTool.py:1.33
Chris Withers
chrisw@nipltd.com
Fri, 8 Mar 2002 07:33:03 -0500
Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv4869/CMFCore
Modified Files:
PortalFolder.py TypesTool.py
Log Message:
Merged fixes for content creation permissions.
=== CMF/CMFCore/PortalFolder.py 1.30 => 1.31 ===
if myType is not None:
- for contentType in portal_types.listTypeInfo():
+ for contentType in portal_types.listTypeInfo(self):
if myType.allowType( contentType.Type() ):
result.append( contentType )
else:
=== CMF/CMFCore/TypesTool.py 1.32 => 1.33 ===
from utils import _dtmldir, _checkPermission, cookString, getToolByName
import string
-from AccessControl import getSecurityManager, ClassSecurityInfo
-try:
- from AccessControl import Unauthorized
-except:
- Unauthorized = 'Unauthorized'
+from AccessControl import getSecurityManager, ClassSecurityInfo, Unauthorized
from Acquisition import aq_base
import Products, CMFCorePermissions
from ActionProviderBase import ActionProviderBase
@@ -683,6 +679,13 @@
else:
return None
+ security.declarePrivate('_checkViewType')
+ def _checkViewType(self,t):
+ try:
+ return getSecurityManager().validate(t, t, 'Type', t.Type)
+ except Unauthorized:
+ return 0
+
security.declareProtected(AccessContentsInformation, 'listTypeInfo')
def listTypeInfo( self, container=None ):
"""
@@ -699,6 +702,9 @@
if not t.Type():
# Not ready.
continue
+ # check we're allowed to access the type object
+ if not self._checkViewType(t):
+ continue
if container is not None:
if not t.isConstructionAllowed(container):
continue
@@ -742,6 +748,10 @@
info = self.getTypeInfo( type_name )
if info is None:
raise 'ValueError', 'No such content type: %s' % type_name
+
+ # check we're allowed to access the type object
+ if not self._checkViewType(info):
+ raise Unauthorized,info
ob = apply(info.constructInstance, (container, id) + args, kw)