[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - ZopeSecurityPolicy.py:1.1.2.10

Jim Fulton jim@zope.com
Fri, 28 Dec 2001 14:35:31 -0500


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv32763

Modified Files:
      Tag: Zope-3x-branch
	ZopeSecurityPolicy.py 
Log Message:
Added support for context-dependent role-permission assignments.


=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1.2.9 => 1.1.2.10 ===
 from types import StringType, TupleType
 
+from Zope.ComponentArchitecture import getAdapter
+from Zope.ContextWrapper.ContainmentIterator import ContainmentIterator
+
 from Zope.Exceptions import Unauthorized, Forbidden
 
+from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
 from Zope.App.Security.PermissionRegistry import permissionRegistry 
 from Zope.App.Security.PrincipalRegistry import principalRegistry 
 from Zope.App.Security.RoleRegistry import roleRegistry
@@ -82,6 +86,13 @@
             return 1
         
         principals = { context.user : 1 }
+        roles      = {}
+
+        for c in ContainmentIterator(object):
+            rpm = getAdapter(c, IRolePermissionManager, None)
+            if rpm is not None:
+                for role in rpm.getRolesForPermission(permission):
+                    roles[role] = 1
 
         for p in principals.keys():
             if permission in getPermissionsForPrincipal(p):
@@ -90,7 +101,9 @@
                 for r in getRolesForPrincipal(p):
                     if permission in getPermissionsForRole(r):
                         del principals[p]
-
+                    if r in roles:
+                        return 1
+                
         return not principals
 
     #