[CMF-checkins] CVS: Products/CMFCore - TypesTool.py:1.70
Florent Guillaume
fg at nuxeo.com
Wed Jul 7 11:53:44 EDT 2004
Update of /cvs-repository/Products/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv14409/CMFCore
Modified Files:
TypesTool.py
Log Message:
Small refactoring to provide a ti._constructInstance method that does no
security check when building the instance.
=== Products/CMFCore/TypesTool.py 1.69 => 1.70 ===
--- Products/CMFCore/TypesTool.py:1.69 Wed May 5 10:18:23 2004
+++ Products/CMFCore/TypesTool.py Wed Jul 7 11:53:14 2004
@@ -322,6 +322,20 @@
, visible=action.get('visible', 1)
)
+ security.declarePublic('constructInstance')
+ def constructInstance(self, container, id, *args, **kw):
+ """Build an instance of the type.
+
+ Builds the instance in 'container', using 'id' as its id.
+ Returns the object.
+ """
+ if not self.isConstructionAllowed(container):
+ raise AccessControl_Unauthorized('Cannot create %s' % self.getId())
+
+ ob = self._constructInstance(container, id, *args, **kw)
+
+ return self._finishConstruction(ob)
+
security.declarePrivate('_finishConstruction')
def _finishConstruction(self, ob):
"""
@@ -480,7 +494,7 @@
#
# Agent methods
#
- def _getFactoryMethod(self, container):
+ def _getFactoryMethod(self, container, check_security=1):
if not self.product or not self.factory:
raise ValueError, ('Product factory for %s was undefined' %
self.getId())
@@ -489,6 +503,8 @@
if m is None:
raise ValueError, ('Product factory for %s was invalid' %
self.getId())
+ if not check_security:
+ return m
if getSecurityManager().validate(p, p, self.factory, m):
return m
raise AccessControl_Unauthorized( 'Cannot create %s' % self.getId() )
@@ -526,29 +542,27 @@
m = self._queryFactoryMethod(container)
return (m is not None)
- security.declarePublic('constructInstance')
- def constructInstance( self, container, id, *args, **kw ):
- """
- Build a "bare" instance of the appropriate type in
- 'container', using 'id' as its id. Return the object.
- """
- # Get the factory method, performing a security check
- # in the process.
+ security.declarePrivate('_constructInstance')
+ def _constructInstance(self, container, id, *args, **kw):
+ """Build a bare instance of the appropriate type.
+
+ Does not do any security checks.
- m = self._getFactoryMethod(container)
+ Returns the object without calling _finishConstruction().
+ """
+ m = self._getFactoryMethod(container, check_security=0)
id = str(id)
- if getattr( m, 'isDocTemp', 0 ):
- args = ( m.aq_parent, self.REQUEST ) + args
- kw[ 'id' ] = id
+ if getattr(aq_base(m), 'isDocTemp', 0):
+ kw['id'] = id
+ newid = m(m.aq_parent, self.REQUEST, *args, **kw)
else:
- args = ( id, ) + args
-
- id = m(*args, **kw) or id # allow factory to munge ID
- ob = container._getOb( id )
+ newid = m(id, *args, **kw)
+ # allow factory to munge ID
+ newid = newid or id
- return self._finishConstruction(ob)
+ return container._getOb(newid)
InitializeClass( FactoryTypeInformation )
@@ -587,27 +601,24 @@
return 0
return 1
- security.declarePublic('constructInstance')
- def constructInstance( self, container, id, *args, **kw ):
- """
- Build a "bare" instance of the appropriate type in
- 'container', using 'id' as its id. Return the object.
- """
- if not self.isConstructionAllowed(container):
- raise AccessControl_Unauthorized
+ security.declarePrivate('_constructInstance')
+ def _constructInstance(self, container, id, *args, **kw):
+ """Build a bare instance of the appropriate type.
+ Does not do any security checks.
+
+ Returns the object without calling _finishConstruction().
+ """
constructor = self.restrictedTraverse( self.constructor_path )
+
# make sure ownership is explicit before switching the context
if not hasattr( aq_base(constructor), '_owner' ):
constructor._owner = aq_get(constructor, '_owner')
-
# Rewrap to get into container's context.
constructor = aq_base(constructor).__of__( container )
id = str(id)
- ob = constructor(container, id, *args, **kw)
-
- return self._finishConstruction(ob)
+ return constructor(container, id, *args, **kw)
InitializeClass( ScriptableTypeInformation )
More information about the CMF-checkins
mailing list