[Zope-Checkins] SVN: Zope/branches/2.9/lib/python/OFS/ - reverted
workaround in '_verifyObjectPaste';
'checkPermission' now respects proxy roles
Yvo Schubbe
y.2005- at wcm-solutions.de
Mon Dec 5 13:26:32 EST 2005
Log message for revision 40551:
- reverted workaround in '_verifyObjectPaste'; 'checkPermission' now respects proxy roles
Changed:
U Zope/branches/2.9/lib/python/OFS/CopySupport.py
U Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py
-=-
Modified: Zope/branches/2.9/lib/python/OFS/CopySupport.py
===================================================================
--- Zope/branches/2.9/lib/python/OFS/CopySupport.py 2005-12-05 18:26:15 UTC (rev 40550)
+++ Zope/branches/2.9/lib/python/OFS/CopySupport.py 2005-12-05 18:26:31 UTC (rev 40551)
@@ -472,7 +472,7 @@
if not hasattr(object, 'meta_type'):
raise CopyError, MessageDialog(
title = 'Not Supported',
- message = ('The object <EM>%s</EM> does not support this' \
+ message = ('The object <em>%s</em> does not support this' \
' operation' % escape(absattr(object.id))),
action = 'manage_main')
@@ -492,60 +492,38 @@
mt_permission = d.get('permission')
break
- if method_name:
- try:
- method = self.restrictedTraverse(method_name)
- # method_name is e.g.
- # "manage_addProduct/PageTemplates/manage_addPageTemplateForm".
- # restrictedTraverse will raise Unauthorized if it
- # can't obtain the factory method by name due to a
- # security restriction. We depend on this side effect
- # here! Note that we use restrictedTraverse as
- # opposed to checkPermission to take into account the
- # special security circumstances related to proxy
- # roles. See collector #78.
+ if mt_permission is not None:
+ sm = getSecurityManager()
- except Unauthorized:
- if mt_permission:
+ if sm.checkPermission(mt_permission, self):
+ if validate_src:
+ # Ensure the user is allowed to access the object on the
+ # clipboard.
+ try:
+ parent = aq_parent(aq_inner(object))
+ except:
+ parent = None
+
+ if not sm.validate(None, parent, None, object):
+ raise Unauthorized(absattr(object.id))
+
+ if validate_src == 2: # moving
+ if not sm.checkPermission(DeleteObjects, parent):
+ raise Unauthorized('Delete not allowed.')
+ else:
+ raise CopyError, MessageDialog(
+ title = 'Insufficient Privileges',
message = ('You do not possess the %s permission in the '
'context of the container into which you are '
'pasting, thus you are not able to perform '
- 'this operation.' % mt_permission)
- else:
- message = ('You do not possess the permission required '
- 'to call %s in the context of the container '
- 'into which you are pasting, thus you are not '
- 'able to perform this operation.' % method_name)
-
- raise CopyError, MessageDialog(
- title = 'Insufficient Privileges',
- message = message,
- action = 'manage_main')
-
- if validate_src:
-
- sm = getSecurityManager()
-
- # Ensure the user is allowed to access the object on the
- # clipboard.
- try:
- parent = aq_parent(aq_inner(object))
- except:
- parent = None
-
- if not sm.validate(None,parent,None,object):
- raise Unauthorized, absattr(object.id)
-
- if validate_src == 2: # moving
- if not sm.checkPermission(DeleteObjects, parent):
- raise Unauthorized, 'Delete not allowed.'
-
- else: # /if method_name
+ 'this operation.' % mt_permission),
+ action = 'manage_main')
+ else:
raise CopyError, MessageDialog(
- title = 'Not Supported',
- message = ('The object <EM>%s</EM> does not support this '
- 'operation.' % escape(absattr(object.id))),
- action = 'manage_main')
+ title = 'Not Supported',
+ message = ('The object <em>%s</em> does not support this '
+ 'operation.' % escape(absattr(object.id))),
+ action = 'manage_main')
Globals.default__class_init__(CopyContainer)
Modified: Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py
===================================================================
--- Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py 2005-12-05 18:26:15 UTC (rev 40550)
+++ Zope/branches/2.9/lib/python/OFS/tests/testCopySupport.py 2005-12-05 18:26:31 UTC (rev 40551)
@@ -489,10 +489,10 @@
folder1, folder2 = self._initFolders()
folder2.all_meta_types = FILE_META_TYPES
- def _no_manage_addFile( a, c, n, v, *args, **kw ):
- return n != 'manage_addFile'
+ def _no_add_images_and_files(permission, object, context):
+ return permission != ADD_IMAGES_AND_FILES
- self._initPolicyAndUser( v_lambda=_no_manage_addFile )
+ self._initPolicyAndUser( c_lambda=_no_add_images_and_files )
cookie = folder1.manage_cutObjects( ids=( 'file', ) )
self._assertCopyErrorUnauth( folder2.manage_pasteObjects
More information about the Zope-Checkins
mailing list