[CMF-checkins] CVS: CMF/CMFCore - utils.py:1.49

Yvo Schubbe y.2004_ at wcm-solutions.de
Thu Feb 12 03:37:33 EST 2004 

Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv30546/CMFCore

Modified Files:
	utils.py 
Log Message:
- added check for executable owner and proxy roles to _checkPermission


=== CMF/CMFCore/utils.py 1.48 => 1.49 ===
--- CMF/CMFCore/utils.py:1.48	Thu Jan  8 07:29:32 2004
+++ CMF/CMFCore/utils.py	Thu Feb 12 03:37:32 2004
@@ -18,7 +18,7 @@
 import os
 from os import path as os_path
 import re
-from types import StringType
+from types import StringType, UnicodeType
 
 from AccessControl import ClassSecurityInfo
 from AccessControl import getSecurityManager
@@ -26,7 +26,7 @@
 from AccessControl.Permission import Permission
 from AccessControl.PermissionRole import rolesForPermissionOn
 from AccessControl.Role import gather_permissions
-from Acquisition import aq_get, aq_inner, aq_parent
+from Acquisition import aq_base, aq_get, aq_inner, aq_parent
 from ExtensionClass import Base
 from Globals import HTMLFile
 from Globals import ImageFile
@@ -112,7 +112,34 @@
 
 security.declarePrivate('_checkPermission')
 def _checkPermission(permission, obj):
-    return getSecurityManager().checkPermission(permission, obj)
+    """ Check if the current user has the permission on the given object.
+    """
+    # this code is ported from ZopeSecurityPolicy.checkPermission
+    roles = rolesForPermissionOn(permission, obj)
+    if type(roles) in (StringType, UnicodeType):
+        roles = [roles]
+    context = getSecurityManager()._context
+
+    # check executable owner and proxy roles
+    # this code is ported from ZopeSecurityPolicy.validate
+    stack = context.stack
+    if stack:
+        eo = stack[-1]
+        owner = eo.getOwner()
+        if owner is not None:
+            if not owner.allowed(obj, roles):
+                return 0
+            proxy_roles = getattr(eo, '_proxy_roles', None)
+            if proxy_roles:
+                if obj is not aq_base(obj):
+                    if not owner._check_context(obj):
+                        return 0
+                for r in proxy_roles:
+                    if r in roles:
+                         return 1
+                return 0
+
+    return context.user.allowed(obj, roles)
 
 security.declarePrivate('_verifyActionPermissions')
 def _verifyActionPermissions(obj, action):

More information about the CMF-checkins mailing list