[Zope-Checkins] SVN: Zope/trunk/src/OFS/ - fixed permission check in ObjectManager
Yvo Schubbe
y.2010 at wcm-solutions.de
Tue Dec 28 08:57:36 EST 2010
Log message for revision 119199:
- fixed permission check in ObjectManager
Changed:
UU Zope/trunk/src/OFS/ObjectManager.py
UU Zope/trunk/src/OFS/tests/testObjectManager.py
-=-
Modified: Zope/trunk/src/OFS/ObjectManager.py
===================================================================
--- Zope/trunk/src/OFS/ObjectManager.py 2010-12-28 13:57:19 UTC (rev 119198)
+++ Zope/trunk/src/OFS/ObjectManager.py 2010-12-28 13:57:36 UTC (rev 119199)
@@ -266,15 +266,15 @@
def filtered_meta_types(self, user=None):
# Return a list of the types for which the user has
# adequate permission to add that type of object.
- user=getSecurityManager().getUser()
- meta_types=[]
+ sm = getSecurityManager()
+ meta_types = []
if callable(self.all_meta_types):
- all=self.all_meta_types()
+ all = self.all_meta_types()
else:
- all=self.all_meta_types
+ all = self.all_meta_types
for meta_type in all:
if meta_type.has_key('permission'):
- if user.has_permission(meta_type['permission'],self):
+ if sm.checkPermission(meta_type['permission'], self):
meta_types.append(meta_type)
else:
meta_types.append(meta_type)
Property changes on: Zope/trunk/src/OFS/ObjectManager.py
___________________________________________________________________
Deleted: svn:keywords
- Id
Modified: Zope/trunk/src/OFS/tests/testObjectManager.py
===================================================================
--- Zope/trunk/src/OFS/tests/testObjectManager.py 2010-12-28 13:57:19 UTC (rev 119198)
+++ Zope/trunk/src/OFS/tests/testObjectManager.py 2010-12-28 13:57:36 UTC (rev 119199)
@@ -1,23 +1,24 @@
import unittest
-from zope.component.testing import PlacelessSetup
-from zope.interface import implements
-
from AccessControl.owner import EmergencyUserCannotOwn
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManagement import noSecurityManager
+from AccessControl.SecurityManager import setSecurityPolicy
+from AccessControl.SpecialUsers import emergency_user, nobody, system
from AccessControl.User import User # before SpecialUsers
-from AccessControl.SpecialUsers import emergency_user, nobody, system
from Acquisition import aq_base
from Acquisition import Implicit
from App.config import getConfiguration
from logging import getLogger
+from zExceptions import BadRequest
+from zope.component.testing import PlacelessSetup
+from zope.interface import implements
+from Zope2.App import zcml
+
from OFS.interfaces import IItem
from OFS.metaconfigure import setDeprecatedManageAddDelete
from OFS.ObjectManager import ObjectManager
from OFS.SimpleItem import SimpleItem
-from Zope2.App import zcml
-from zExceptions import BadRequest
logger = getLogger('OFS.subscribers')
@@ -103,6 +104,26 @@
verifyClass(IContainer, ObjectManager)
verifyClass(IObjectManager, ObjectManager)
+ def test_filtered_meta_types(self):
+
+ class _DummySecurityPolicy(object):
+
+ def checkPermission(self, permission, object, context):
+ return permission == 'addFoo'
+
+ om = self._makeOne()
+ om.all_meta_types = ({'name': 'Foo', 'permission': 'addFoo'},
+ {'name': 'Bar', 'permission': 'addBar'},
+ {'name': 'Baz'})
+ try:
+ oldPolicy = setSecurityPolicy(_DummySecurityPolicy())
+ self.assertEqual(len(om.filtered_meta_types()), 2)
+ self.assertEqual(om.filtered_meta_types()[0]['name'], 'Foo')
+ self.assertEqual(om.filtered_meta_types()[1]['name'], 'Baz')
+ finally:
+ noSecurityManager()
+ setSecurityPolicy(oldPolicy)
+
def test_setObject_set_owner_with_no_user( self ):
om = self._makeOne()
newSecurityManager( None, None )
Property changes on: Zope/trunk/src/OFS/tests/testObjectManager.py
___________________________________________________________________
Deleted: svn:keywords
- Id
More information about the Zope-Checkins
mailing list