[Zope-Checkins] SVN: Zope/branches/2.9/lib/python/OFS/ - reverted workaround in '_verifyObjectPaste'; 'checkPermission' now respects proxy roles

Yvo Schubbe y.2005- at wcm-solutions.de
Mon Dec 5 13:26:32 EST 2005


Log message for revision 40551:
  - reverted workaround in '_verifyObjectPaste'; 'checkPermission' now respects proxy roles

Changed:
  U   Zope/branches/2.9/lib/python/OFS/CopySupport.py
  U   Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py

-=-
Modified: Zope/branches/2.9/lib/python/OFS/CopySupport.py
===================================================================
--- Zope/branches/2.9/lib/python/OFS/CopySupport.py	2005-12-05 18:26:15 UTC (rev 40550)
+++ Zope/branches/2.9/lib/python/OFS/CopySupport.py	2005-12-05 18:26:31 UTC (rev 40551)
@@ -472,7 +472,7 @@
         if not hasattr(object, 'meta_type'):
             raise CopyError, MessageDialog(
                   title   = 'Not Supported',
-                  message = ('The object <EM>%s</EM> does not support this' \
+                  message = ('The object <em>%s</em> does not support this' \
                              ' operation' % escape(absattr(object.id))),
                   action  = 'manage_main')
 
@@ -492,60 +492,38 @@
                 mt_permission = d.get('permission')
                 break
 
-        if method_name:
-            try:
-                method = self.restrictedTraverse(method_name)
-                # method_name is e.g.
-                # "manage_addProduct/PageTemplates/manage_addPageTemplateForm".
-                # restrictedTraverse will raise Unauthorized if it
-                # can't obtain the factory method by name due to a
-                # security restriction.  We depend on this side effect
-                # here!  Note that we use restrictedTraverse as
-                # opposed to checkPermission to take into account the
-                # special security circumstances related to proxy
-                # roles.  See collector #78.
+        if mt_permission is not None:
+            sm = getSecurityManager()
 
-            except Unauthorized:
-                if mt_permission:
+            if sm.checkPermission(mt_permission, self):
+                if validate_src:
+                    # Ensure the user is allowed to access the object on the
+                    # clipboard.
+                    try:
+                        parent = aq_parent(aq_inner(object))
+                    except:
+                        parent = None
+
+                    if not sm.validate(None, parent, None, object):
+                        raise Unauthorized(absattr(object.id))
+
+                    if validate_src == 2: # moving
+                        if not sm.checkPermission(DeleteObjects, parent):
+                            raise Unauthorized('Delete not allowed.')
+            else:
+                raise CopyError, MessageDialog(
+                    title = 'Insufficient Privileges',
                     message = ('You do not possess the %s permission in the '
                                'context of the container into which you are '
                                'pasting, thus you are not able to perform '
-                               'this operation.' % mt_permission)
-                else:
-                    message = ('You do not possess the permission required '
-                               'to call %s in the context of the container '
-                               'into which you are pasting, thus you are not '
-                               'able to perform this operation.' % method_name)
-
-                raise CopyError, MessageDialog(
-                  title = 'Insufficient Privileges',
-                  message = message,
-                  action = 'manage_main')
-
-            if validate_src:
-
-                sm = getSecurityManager()
-
-                # Ensure the user is allowed to access the object on the
-                # clipboard.
-                try:
-                    parent = aq_parent(aq_inner(object))
-                except:
-                    parent = None
-
-                if not sm.validate(None,parent,None,object):
-                    raise Unauthorized, absattr(object.id)
-
-                if validate_src == 2: # moving
-                    if not sm.checkPermission(DeleteObjects, parent):
-                        raise Unauthorized, 'Delete not allowed.'
-
-        else: # /if method_name
+                               'this operation.' % mt_permission),
+                    action = 'manage_main')
+        else:
             raise CopyError, MessageDialog(
-                  title   = 'Not Supported',
-                  message = ('The object <EM>%s</EM> does not support this '
-                             'operation.' % escape(absattr(object.id))),
-                  action  = 'manage_main')
+                title = 'Not Supported',
+                message = ('The object <em>%s</em> does not support this '
+                           'operation.' % escape(absattr(object.id))),
+                action = 'manage_main')
 
 Globals.default__class_init__(CopyContainer)
 

Modified: Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py
===================================================================
--- Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py	2005-12-05 18:26:15 UTC (rev 40550)
+++ Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py	2005-12-05 18:26:31 UTC (rev 40551)
@@ -489,10 +489,10 @@
         folder1, folder2 = self._initFolders()
         folder2.all_meta_types = FILE_META_TYPES
 
-        def _no_manage_addFile( a, c, n, v, *args, **kw ):
-            return n != 'manage_addFile'
+        def _no_add_images_and_files(permission, object, context):
+            return permission != ADD_IMAGES_AND_FILES
 
-        self._initPolicyAndUser( v_lambda=_no_manage_addFile )
+        self._initPolicyAndUser( c_lambda=_no_add_images_and_files )
 
         cookie = folder1.manage_cutObjects( ids=( 'file', ) )
         self._assertCopyErrorUnauth( folder2.manage_pasteObjects



More information about the Zope-Checkins mailing list