[Zope-Checkins] CVS: Packages/OFS - CopySupport.py:1.85.2.7
Tres Seaver
tseaver at zope.com
Sat Aug 7 13:16:18 EDT 2004
Update of /cvs-repository/Packages/OFS
In directory cvs.zope.org:/tmp/cvs-serv31145/lib/python/OFS
Modified Files:
Tag: Zope-2_7-branch
CopySupport.py
Log Message:
- Removed DWIM'y attempt to filter acquired-but-not-aceessible
results from 'guarded_getattr'.
=== Packages/OFS/CopySupport.py 1.85.2.6 => 1.85.2.7 ===
--- Packages/OFS/CopySupport.py:1.85.2.6 Mon Jan 19 14:46:44 2004
+++ Packages/OFS/CopySupport.py Sat Aug 7 13:15:48 2004
@@ -20,6 +20,7 @@
from App.Dialogs import MessageDialog
from AccessControl import getSecurityManager
+from AccessControl.Permissions import delete_objects as DeleteObjects
from Acquisition import aq_base, aq_inner, aq_parent
from zExceptions import Unauthorized, BadRequest
from webdav.Lockable import ResourceLockedError
@@ -151,7 +152,7 @@
m = Moniker.loadMoniker(mdata)
try: ob = m.bind(app)
except: raise CopyError, eNotFound
- self._verifyObjectPaste(ob)
+ self._verifyObjectPaste(ob, validate_src=op+1)
oblist.append(ob)
if op==0:
@@ -378,12 +379,22 @@
action = 'manage_main')
if validate_src:
+
+ sm = getSecurityManager()
+
# Ensure the user is allowed to access the object on the
# clipboard.
- try: parent = aq_parent(aq_inner(object))
- except: parent = None
- if not getSecurityManager().validate(None,parent,None,object):
+ try:
+ parent = aq_parent(aq_inner(object))
+ except:
+ parent = None
+
+ if not sm.validate(None,parent,None,object):
raise Unauthorized, absattr(object.id)
+
+ if validate_src == 2: # moving
+ if not sm.checkPermission(DeleteObjects, parent):
+ raise Unauthorized, 'Delete not allowed.'
else: # /if method_name
raise CopyError, MessageDialog(
More information about the Zope-Checkins
mailing list