[Erp5-dev] owner in catalog and security
bartek
bartek at erp5.pl
Thu Aug 16 18:01:45 CEST 2007
Jérome Perrin wrote:
> bartek a écrit :
>> I think I see where the problem comes from: Owner role has View
>> permission, yes, but I don't have this role, somebody else has it. So
>> the problem with getViewPermissionOwner is that if Owner role has View
>> permission it returns the user who created the object, NOT the user
>> who currently has the Owner local role.
>
> Yes, being the owner and having an Owner local role in zope is different
> things. So this method does not support the case where the owner does
> not have an Owner local role.
> Maybe we should simply check that the owner has the view permission,
> like in this attached patch ?
I applied the patch, reindexed, and everything is fine. Thanks. Will you
commit it?
B.
>
>> The use case is the following: the object in question is a document
>> which has been ingested by email. The 'creator', and initial owner, of
>> the doc is the user used by mailin script to log into zope; but as the
>> doc was sent by someone else, the ingestion script adjusted Owner
>> local role accordingly. The getViewPermissionOwner function apparently
>> does not provide for such situation.
>
> I see, for this, maybe you should use "changeOwnership" method from this
> script (from AccessControl/Owned.py) .
>
> Jérome
>
>
> ------------------------------------------------------------------------
>
> Index: Base.py
> ===================================================================
> --- Base.py (rĂŠvision 15661)
> +++ Base.py (copie de travail)
> @@ -1435,10 +1435,9 @@
> Returns the user ID of the owner if Owner role
> has View permission. Returns None else.
> """
> - path, user_id = self.getOwnerTuple()
> - if 'Owner' in rolesForPermissionOn(Permissions.View, self):
> - path, user_id = self.getOwnerTuple()
> - return user_id
> + owner = self.getWrappedOwner()
> + if owner is not None and owner.has_permission(Permissions.View, self):
> + return str(owner)
> return None
>
> # Private accessors for the implementation of relations based on
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Erp5-dev mailing list
> Erp5-dev at erp5.org
> http://erp5.org/mailman/listinfo/erp5-dev
--
"feelings affect productivity. (...) unhappy people write worse
software, and less of it."
Karl Fogel, "Producing Open Source Software"
More information about the Erp5-dev
mailing list