[Zope-Checkins] SVN: Zope/branches/2.13/ - fixed some permission checks

Yvo Schubbe y.2010 at wcm-solutions.de
Tue Dec 28 12:10:19 EST 2010 

Log message for revision 119201:
  - fixed some permission checks

Changed:
  U   Zope/branches/2.13/doc/CHANGES.rst
  UU  Zope/branches/2.13/src/HelpSys/HelpSys.py
  UU  Zope/branches/2.13/src/HelpSys/HelpTopic.py

-=-
Modified: Zope/branches/2.13/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.13/doc/CHANGES.rst	2010-12-28 15:16:52 UTC (rev 119200)
+++ Zope/branches/2.13/doc/CHANGES.rst	2010-12-28 17:10:19 UTC (rev 119201)
@@ -11,6 +11,8 @@
 Bugs Fixed
 ++++++++++
 
+- HelpSys: Fixed some permission checks.
+
 - OFS: Fixed permission check in ObjectManager.
 
 - webdav: Fixed permission check and error handling in DeleteCollection.

Modified: Zope/branches/2.13/src/HelpSys/HelpSys.py
===================================================================
--- Zope/branches/2.13/src/HelpSys/HelpSys.py	2010-12-28 15:16:52 UTC (rev 119200)
+++ Zope/branches/2.13/src/HelpSys/HelpSys.py	2010-12-28 17:10:19 UTC (rev 119201)
@@ -17,6 +17,7 @@
 from AccessControl.Permissions import add_documents_images_and_files
 from AccessControl.Permissions import view as View
 from AccessControl.SecurityInfo import ClassSecurityInfo
+from AccessControl.SecurityManagement import getSecurityManager
 from Acquisition import Implicit
 from App.special_dtml import DTMLFile
 from App.special_dtml import HTML
@@ -24,12 +25,12 @@
 from OFS.SimpleItem import Item
 from Persistence import Persistent
 from Products.PluginIndexes.KeywordIndex.KeywordIndex import KeywordIndex
-from Products.ZCatalog.ZCatalog import ZCatalog
 from Products.ZCatalog.Lazy import LazyCat
-from Products.ZCTextIndex.OkapiIndex import OkapiIndex
-from Products.ZCTextIndex.Lexicon import CaseNormalizer
+from Products.ZCatalog.ZCatalog import ZCatalog
 from Products.ZCTextIndex.HTMLSplitter import HTMLWordSplitter
+from Products.ZCTextIndex.Lexicon import CaseNormalizer
 from Products.ZCTextIndex.Lexicon import StopWordRemover
+from Products.ZCTextIndex.OkapiIndex import OkapiIndex
 from Products.ZCTextIndex.ZCTextIndex import PLexicon
 from Products.ZCTextIndex.ZCTextIndex import ZCTextIndex
 
@@ -72,13 +73,13 @@
     def __call__(self, REQUEST=None, **kw):
         "Searchable interface"
         if REQUEST is not None:
-            perms=[]
-            user=REQUEST.AUTHENTICATED_USER
-            for p in self.ac_inherited_permissions():
-                if user.has_permission(p[0], self):
+            perms = []
+            sm = getSecurityManager()
+            for p in self.ac_inherited_permissions(all=True):
+                if sm.checkPermission(p[0], self):
                     perms.append(p[0])
-            REQUEST.set('permissions',perms)
-        results=[]
+            REQUEST.set('permissions', perms)
+        results = []
         for ph in self.helpValues():
             results.append(apply(getattr(ph, '__call__'), (REQUEST,) , kw))
         return LazyCat(results)
@@ -268,11 +269,9 @@
         Help Topics for which the user is not authorized
         are not listed.
         """
-        topics=self.objectValues('Help Topic')
-        if REQUEST is None:
-            return topics
-        return filter(
-            lambda ht, u=REQUEST.AUTHENTICATED_USER: ht.authorized(u), topics)
+        topics = self.objectValues('Help Topic')
+        sm = getSecurityManager()
+        return [ t for t in topics if t.authorized(sm) ]
 
     def tpValues(self):
         """


Property changes on: Zope/branches/2.13/src/HelpSys/HelpSys.py
___________________________________________________________________
Deleted: svn:keywords
   - Id

Modified: Zope/branches/2.13/src/HelpSys/HelpTopic.py
===================================================================
--- Zope/branches/2.13/src/HelpSys/HelpTopic.py	2010-12-28 15:16:52 UTC (rev 119200)
+++ Zope/branches/2.13/src/HelpSys/HelpTopic.py	2010-12-28 17:10:19 UTC (rev 119201)
@@ -58,14 +58,11 @@
     def helpValues(self, REQUEST=None):
         return ()
 
-    def authorized(self, user):
+    def authorized(self, sm):
         "Is a given user authorized to view this Help Topic?"
         if not self.permissions:
-            return 1
-        for perm in self.permissions:
-            if user.has_permission(perm, self):
-                return 1
-        return 0
+            return True
+        return any( sm.checkPermission(p, self) for p in self.permissions )
 
     # Indexable methods
     # -----------------


Property changes on: Zope/branches/2.13/src/HelpSys/HelpTopic.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.19

More information about the Zope-Checkins mailing list