[CMF-checkins] SVN: CMF/branches/1.5/C - synced _checkPermission with Zope 2.8.5 code

Yvo Schubbe y.2006_ at wcm-solutions.de
Sun Jan 8 12:33:40 EST 2006 

Log message for revision 41229:
  - synced _checkPermission with Zope 2.8.5 code

Changed:
  U   CMF/branches/1.5/CHANGES.txt
  U   CMF/branches/1.5/CMFCore/utils.py

-=-
Modified: CMF/branches/1.5/CHANGES.txt
===================================================================
--- CMF/branches/1.5/CHANGES.txt	2006-01-08 16:06:01 UTC (rev 41228)
+++ CMF/branches/1.5/CHANGES.txt	2006-01-08 17:33:39 UTC (rev 41229)
@@ -1,5 +1,12 @@
 After CMF 1.5.5
 
+  Bug Fixes
+
+    - CMFCore utils: Synced _checkPermission with Zope 2.8.5 code.
+      checkPermission of Zope 2.8.5 and later contains bug fixes and respects
+      proxy roles, but for backwards compatibility CMF 1.5 still needs its own
+      implementation.
+
   Others
 
     - Made cut / copy / paste tests more independent from implementation

Modified: CMF/branches/1.5/CMFCore/utils.py
===================================================================
--- CMF/branches/1.5/CMFCore/utils.py	2006-01-08 16:06:01 UTC (rev 41228)
+++ CMF/branches/1.5/CMFCore/utils.py	2006-01-08 17:33:39 UTC (rev 41229)
@@ -122,14 +122,13 @@
 def _checkPermission(permission, obj):
     """ Check if the current user has the permission on the given object.
     """
-    # this code is ported from ZopeSecurityPolicy.checkPermission
+    # this code is ported from Zope 2.8's ZopeSecurityPolicy.checkPermission
     roles = rolesForPermissionOn(permission, obj)
     if isinstance(roles, basestring):
         roles = [roles]
     context = getSecurityManager()._context
 
     # check executable owner and proxy roles
-    # this code is ported from ZopeSecurityPolicy.validate
     stack = context.stack
     if stack:
         eo = stack[-1]
@@ -139,12 +138,14 @@
                 return 0
             proxy_roles = getattr(eo, '_proxy_roles', None)
             if proxy_roles:
-                if obj is not aq_base(obj):
-                    if not owner._check_context(obj):
-                        return 0
+                owner = eo.getWrappedOwner()
+                if owner is not None:
+                    if obj is not aq_base(obj):
+                        if not owner._check_context(obj):
+                            return 0
                 for r in proxy_roles:
                     if r in roles:
-                         return 1
+                        return 1
                 return 0
 
     return context.user.allowed(obj, roles)

More information about the CMF-checkins mailing list