[Zope-CVS] CVS: Products/Hotfix-20040807 - __init__.py:1.3

Tres Seaver tseaver at zope.com
Sat Aug 7 20:05:55 EDT 2004 

Update of /cvs-repository/Products/Hotfix-20040807
In directory cvs.zope.org:/tmp/cvs-serv21825

Modified Files:
	__init__.py 
Log Message:


  - Incorporate other checks from PortalFolder's current
    '_verifyObjectPaste'.


=== Products/Hotfix-20040807/__init__.py 1.2 => 1.3 ===
--- Products/Hotfix-20040807/__init__.py:1.2	Sat Aug  7 19:52:11 2004
+++ Products/Hotfix-20040807/__init__.py	Sat Aug  7 20:05:54 2004
@@ -24,6 +24,8 @@
     from Products.CMFCore.PortalFolder import PortalFolder
 except ImportError:
     PortalFolder = None
+else:
+    from Products.CMFCore.utils import getToolByName
 
 
 def _patched_manage_pasteObjects(self, cb_copy_data=None, REQUEST=None):
@@ -215,6 +217,7 @@
     # This assists the version in OFS.CopySupport.
     # It enables the clipboard to function correctly
     # with objects created by a multi-factory.
+    securityChecksDone = 0
     sm = getSecurityManager()
     object_id = escape(object.getId())
     parent = aq_parent(aq_inner(object))
@@ -243,7 +246,7 @@
 
             if not validate_src:
                # We don't want to check the object on the clipboard
-               return
+               securityChecksDone = 1
 
             if not sm.validate(None, parent, None, object):
                 raise Unauthorized, object_id
@@ -252,6 +255,8 @@
                 if not sm.checkPermission(DeleteObjects, parent) :
                     raise Unauthorized, object_id
 
+            securityChecksDone = 1
+
         # Old validation for objects that may not have registered 
         # themselves in the proper fashion.
         #
@@ -270,7 +275,7 @@
             # Ensure the user is allowed to access the object on the
             # clipboard.
             if not validate_src:
-                return
+                securityChecksDone = 1
 
             if not sm.validate(None, parent, None, object):
                 raise Unauthorized, object_id
@@ -278,6 +283,24 @@
             if validate_src > 1 : # on move
                 if not sm.checkPermission(DeleteObjects, parent) :
                     raise Unauthorized, object_id
+
+            securityChecksDone = 1
+
+    # Call OFS' _verifyObjectPaste if necessary
+    if not securityChecksDone:
+        PortalFolder.inheritedAttribute(
+            '_verifyObjectPaste')(self, object, validate_src)
+
+    # Finally, check allowed content types
+    contentType = getattr(object, '_getPortalTypeName', None)
+    if contentType is not None:
+        contentType = contentType()
+        if contentType is not None:
+            pt = getToolByName(self, 'portal_types')
+            myType = pt.getTypeInfo(self)
+            if myType is not None and not myType.allowType(contentType):
+                raise ValueError, \
+                        "Cannot paste subobject type '%s'." % contentType
 
 
 def initialize(context):

More information about the Zope-CVS mailing list