[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/OFS/Services/ServiceManager - ServiceDirective.py:1.2

Jim Fulton jim@zope.com
Tue, 16 Jul 2002 19:41:46 -0400 

Update of /cvs-repository/Zope3/lib/python/Zope/App/OFS/Services/ServiceManager
In directory cvs.zope.org:/tmp/cvs-serv19928/Zope/App/OFS/Services/ServiceManager

Modified Files:
	ServiceDirective.py 
Log Message:

Renamed (changed service type id) if all services with names ending in
"Service". Container services were given a plural form 
(e.g. "RoleService" => "Roles"), but other services just lost the
suffix (e.g. "AuthenticationService" => "Authentication").

Fixed bug in ZopeSecurityPolicy that caused placeless role-permission
grants to be ignored for placefully assigned roles.

Also changed grant lookup order. Now placeless grants are checked
*before* placeful grants.

Finished the implementation of placeful principal role grants
(re)started at the EuroPython sprint.

Fixed a bug in service directives that caused service component lookup
to fail for unpriviledged users. This caused authentication using
Stephan's authentication service to fail in mysterious ways.

Now you can create users with Stephan's auth service, and assign them
roles using principal-role grants.

Added code to the ZMI (boring) standard_macros template to display the
user, which, BTW is available in request.user.



=== Zope3/lib/python/Zope/App/OFS/Services/ServiceManager/ServiceDirective.py 1.1 => 1.2 ===
 from Zope.Security.Proxy import Proxy
 from Zope.App.Traversing import traverse
 from IServiceDirective import IServiceDirective
+from Zope.Proxy.ProxyIntrospection import removeAllProxies
+from Zope.App.Traversing import getPhysicalRoot
 
 class ServiceDirective(Persistent):
     __doc__ = IServiceDirective.__doc__
@@ -47,7 +49,20 @@
         
         service = getattr(self, '_v_service', None)
         if service is None:
-            service = traverse(service_manager, self.component_path)
+            
+            # We have to be clever here. We need to do an honest to
+            # god unrestricted traveral, which means we have to
+            # traverse from an unproxies object. But, it's not enough
+            # for the service manager to be unproxies, because the
+            # path is an absolute path. When absolute paths are
+            # traversed, the traverser finds the physical root and
+            # traverses from there, so we need to make sure the
+            # physical root isn;t proxied.
+
+            # get the root and unproxy it.
+            root = removeAllProxies(getPhysicalRoot(service_manager))            
+            service = traverse(root, self.component_path)
+
             if self.permission:
                 if type(service) is Proxy:
                     service = removeSecurityProxy(service)