[Zope-Checkins] SVN: Zope/branches/tseaver-collector_1774/lib/python/AccessControl/ImplPython.py Ensure that in the presence of proxy roles, if none match, then lose.

Tres Seaver tseaver at palladion.com
Wed Nov 30 18:35:15 EST 2005 

Log message for revision 40436:
  Ensure that in the presence of proxy roles, if none match, then lose.
  
  Use the "wrapped" owner when testing context inside proxy roles.
  
  Therfore, move check of user's roles to end, since  proxy roles make the user's
  roles irrelevant.  This also simplifies the C version, as well, since we don't
  need to worry about setting the result back to NULL if we haven't assigned it
  when an error occurs.
  
  Incorporate comments from the C version (so that correspondence is clearer).
  

Changed:
  U   Zope/branches/tseaver-collector_1774/lib/python/AccessControl/ImplPython.py

-=-
Modified: Zope/branches/tseaver-collector_1774/lib/python/AccessControl/ImplPython.py
===================================================================
--- Zope/branches/tseaver-collector_1774/lib/python/AccessControl/ImplPython.py	2005-11-30 23:20:42 UTC (rev 40435)
+++ Zope/branches/tseaver-collector_1774/lib/python/AccessControl/ImplPython.py	2005-11-30 23:35:15 UTC (rev 40436)
@@ -465,26 +465,38 @@
         roles = rolesForPermissionOn(permission, object)
         if isinstance(roles, basestring):
             roles = [roles]
-        result = context.user.allowed(object, roles)
 
         # check executable owner and proxy roles
         stack = context.stack
         if stack:
             eo = stack[-1]
+            # If the executable had an owner, can it execute?
             if self._ownerous:
                 owner = eo.getOwner()
                 if (owner is not None) and not owner.allowed(object, roles):
+                    # We don't want someone to acquire if they can't 
+                    # get an unacquired!
                     return 0
             proxy_roles = getattr(eo, '_proxy_roles', None)
             if proxy_roles:
-                if object is not aq_base(object):
-                    if not owner._check_context(object):
-                        return 0
+                # Verify that the owner actually can state the proxy role
+                # in the context of the accessed item; users in subfolders
+                # should not be able to use proxy roles to access items 
+                # above their subfolder!
+                owner = eo.getWrappedOwner()
+                if owner is not None:
+                    if object is not aq_base(object):
+                        if not owner._check_context(object):
+                            # object is higher up than the owner, 
+                            # deny access
+                            return 0
                 for r in proxy_roles:
                     if r in roles:
                         return 1
-        return result
+                return 0
 
+        return context.user.allowed(object, roles)
+
 # AccessControl.SecurityManager
 # -----------------------------

More information about the Zope-Checkins mailing list