[Zope-Checkins] CVS: Zope/lib/python/AccessControl -
cAccessControl.c:1.17.6.6
Brian Lloyd
brian at zope.com
Tue Jan 27 10:27:18 EST 2004
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv11230
Modified Files:
Tag: Zope-2_6-branch
cAccessControl.c
Log Message:
merge TS changes
=== Zope/lib/python/AccessControl/cAccessControl.c 1.17.6.5 => 1.17.6.6 ===
--- Zope/lib/python/AccessControl/cAccessControl.c:1.17.6.5 Mon Jan 19 13:54:10 2004
+++ Zope/lib/python/AccessControl/cAccessControl.c Tue Jan 27 10:27:17 2004
@@ -663,6 +663,7 @@
static PyObject *aq_validate = NULL;
static PyObject *aq_parent_str = NULL;
static PyObject *_check_context_str = NULL;
+static PyObject *getWrappedOwner_str = NULL;
static int ownerous = 1;
static int authenticated = 1;
@@ -698,6 +699,8 @@
return -1;
UNLESS (allowed_str = PyString_FromString("allowed")) return -1;
UNLESS (getOwner_str = PyString_FromString("getOwner")) return -1;
+ UNLESS (getWrappedOwner_str = PyString_FromString("getWrappedOwner"))
+ return -1;
UNLESS (getPhysicalRoot_str = PyString_FromString("getPhysicalRoot"))
return -1;
UNLESS (aq_parent_str = PyString_FromString("aq_parent")) return -1;
@@ -759,12 +762,8 @@
PyObject *stack = NULL;
PyObject *user = NULL;
-
PyObject *method = NULL;
PyObject *tmp = NULL;
- PyObject *udb = NULL;
- PyObject *root = NULL;
- PyObject *item = NULL;
char *sname;
@@ -848,8 +847,7 @@
/*| roles = getattr(container, "__roles__", _noroles)
**| if roles is _noroles:
- **| aq = getattr(container, 'aq_acquire', None)
- **| if aq is None:
+ **| if containerbase is container:
**| roles = _noroles
**| if containerbase is not accessedbase: return 0
**| else:
@@ -1099,30 +1097,26 @@
**| # in the context of the accessed item; users in subfolders
**| # should not be able to use proxy roles to access items
**| # above their subfolder!
- **| owner = eo.getOwner()
- **| # Sigh; the default userfolder doesn't return users wrapped
- **| if owner and not hasattr(owner, 'aq_parent'):
- **| udb=eo.getOwner(1)[0]
- **| root=container.getPhysicalRoot()
- **| udb=root.unrestrictedTraverse(udb)
- **| owner=owner.__of__(udb)
+ **| owner = eo.getWrappedOwner()
**|
**| if owner is not None:
- **| if not owner._check_context(container):
- **| # container is higher up than the owner, deny
- **| # access
- **| raise Unauthorized(name, value)
+ **| if container is not containerbase:
+ **| # Unwrapped objects don't need checking
+ **| if not owner._check_context(container):
+ **| # container is higher up than the owner,
+ **| # deny access
+ **| raise Unauthorized(name, value)
**|
**| for r in proxy_roles:
**| if r in roles: return 1
**|
**| # proxy roles actually limit access!
**| if accessedbase is containerbase:
- **| raise Unauthorized, ('You are not authorized to access'
- **| '<em>%s</em>.' % cleanupName(name, value))
+ **| raise Unauthorized(name, value)
**|
**| return 0
*/
+
proxy_roles = PyObject_GetAttr(eo, _proxy_roles_str);
if (proxy_roles == NULL)
@@ -1133,9 +1127,7 @@
else if (PyObject_IsTrue(proxy_roles))
{
- /* patch!! -------------------------------- */
-
- method = PyObject_GetAttr(eo, getOwner_str);
+ method = PyObject_GetAttr(eo, getWrappedOwner_str);
if (method == NULL) {
Py_DECREF(eo);
Py_DECREF(proxy_roles);
@@ -1150,100 +1142,33 @@
goto err;
}
- if (PyObject_IsTrue(owner)) {
- if (!PyObject_HasAttr(owner, aq_parent_str)) {
- item = PyInt_FromLong(1);
- if (item == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
+ Py_DECREF(eo);
- tmp = callmethod1(eo, getOwner_str, item);
- Py_DECREF(item);
- if (tmp == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
+ if (owner != Py_None) {
- udb = PySequence_GetItem(tmp, 0);
- Py_DECREF(tmp);
- if (udb == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
+ if (containerbase != container) {
- method = PyObject_GetAttr(container,
- getPhysicalRoot_str);
- if (method == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
+ tmp = callmethod1(owner,_check_context_str,
+ container
+ );
+ if (tmp == NULL) {
+ Py_DECREF(proxy_roles);
Py_DECREF(owner);
- Py_DECREF(udb);
goto err;
}
- root = PyObject_CallObject(method, NULL);
- Py_DECREF(method);
- if (root == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- Py_DECREF(udb);
- goto err;
- }
-
- ASSIGN(udb, callmethod1(root, unrestrictedTraverse_str,
- udb));
- Py_DECREF(root);
- if (udb == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
+ if (!PyObject_IsTrue(tmp)) {
+ Py_DECREF(proxy_roles);
Py_DECREF(owner);
+ Py_DECREF(tmp);
+ unauthErr(name, value);
goto err;
}
-
- ASSIGN(owner, callmethod1(owner, __of__, udb));
- Py_DECREF(udb);
- if (owner == NULL) {
- Py_DECREF(eo);
- Py_DECREF(proxy_roles);
- goto err;
- }
-
- }
- }
-
- Py_DECREF(eo);
-
- if (owner != Py_None) {
- tmp = callmethod1(owner,_check_context_str,
- container
- );
- if (tmp == NULL) {
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
- goto err;
- }
-
- if (!PyObject_IsTrue(tmp)) {
- Py_DECREF(proxy_roles);
- Py_DECREF(owner);
Py_DECREF(tmp);
- unauthErr(name, value);
- goto err;
}
+
Py_DECREF(owner);
- Py_DECREF(tmp);
}
-
- /* ------------------------------------------- */
-
contains = 0;
More information about the Zope-Checkins
mailing list