[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - ZopeSecurityPolicy.py:1.1.2.10
Jim Fulton
jim@zope.com
Fri, 28 Dec 2001 14:35:31 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv32763
Modified Files:
Tag: Zope-3x-branch
ZopeSecurityPolicy.py
Log Message:
Added support for context-dependent role-permission assignments.
=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1.2.9 => 1.1.2.10 ===
from types import StringType, TupleType
+from Zope.ComponentArchitecture import getAdapter
+from Zope.ContextWrapper.ContainmentIterator import ContainmentIterator
+
from Zope.Exceptions import Unauthorized, Forbidden
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
from Zope.App.Security.PermissionRegistry import permissionRegistry
from Zope.App.Security.PrincipalRegistry import principalRegistry
from Zope.App.Security.RoleRegistry import roleRegistry
@@ -82,6 +86,13 @@
return 1
principals = { context.user : 1 }
+ roles = {}
+
+ for c in ContainmentIterator(object):
+ rpm = getAdapter(c, IRolePermissionManager, None)
+ if rpm is not None:
+ for role in rpm.getRolesForPermission(permission):
+ roles[role] = 1
for p in principals.keys():
if permission in getPermissionsForPrincipal(p):
@@ -90,7 +101,9 @@
for r in getRolesForPrincipal(p):
if permission in getPermissionsForRole(r):
del principals[p]
-
+ if r in roles:
+ return 1
+
return not principals
#