[Zope-Checkins] CVS: Zope2 - User.py:1.133.2.13
Brian Lloyd
brian@digicool.com
Tue, 17 Apr 2001 14:14:56 -0400 (EDT)
Update of /cvs-repository/Zope2/lib/python/AccessControl
In directory korak:/home/brian/temp/build/zope-232/lib/python/AccessControl
Modified Files:
Tag: zope-2_3-branch
User.py
Log Message:
fixed buglet in _check_context that didn't preserve old behavior
--- Updated File User.py in package Zope2 --
--- User.py 2001/04/17 14:44:58 1.133.2.12
+++ User.py 2001/04/17 18:14:56 1.133.2.13
@@ -222,8 +222,6 @@
# Check that 'object' exists in the acquisition context of
# the parent of the acl_users object containing this user,
# to prevent "stealing" access through acquisition tricks.
- # Return true if in context, false if not or if context
- # cannot be determined (object is not wrapped).
parent = getattr(self, 'aq_parent', None)
context = getattr(parent, 'aq_parent', None)
if context is not None:
@@ -238,7 +236,8 @@
return 0
if object.aq_inContextOf(context, 1):
return 1
- return 0
+ # This is lame, but required to keep existing behavior.
+ return 1
def allowed(self, object, object_roles=None):
"""Check whether the user has access to object. The user must