[Erp5-report] r16972 - in /erp5/trunk/products/ERP5Type: Core/Folder.py ERP5Type.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Oct 12 10:40:06 CEST 2007
Author: kazuhiko
Date: Fri Oct 12 10:40:05 2007
New Revision: 16972
URL: http://svn.erp5.org?rev=16972&view=rev
Log:
do not check 'Add portal content' permission if 'Add Permission' is set.
Modified:
erp5/trunk/products/ERP5Type/Core/Folder.py
erp5/trunk/products/ERP5Type/ERP5Type.py
Modified: erp5/trunk/products/ERP5Type/Core/Folder.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/Core/Folder.py?rev=16972&r1=16971&r2=16972&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/Core/Folder.py (original)
+++ erp5/trunk/products/ERP5Type/Core/Folder.py Fri Oct 12 10:40:05 2007
@@ -1220,10 +1220,6 @@
hidden content types. It allows to be much faster when only the type id
is needed.
"""
- if not getSecurityManager().checkPermission(
- Permissions.AddPortalContent, self):
- return []
-
portal = self.getPortalObject()
def _getVisibleAllowedContentTypeList():
@@ -1264,10 +1260,6 @@
# permission that "Add portal content". For now, this is only the case for
# Role Definition objects, but this shows that generally speaking, this is
# not the right approach.
- if not getSecurityManager().checkPermission(
- Permissions.AddPortalContent, self):
- return []
-
def _allowedContentTypes( portal_type=None, user=None, portal_path=None ):
# Sort the list for convenience -yo
# XXX This is not the best solution, because this does not take
Modified: erp5/trunk/products/ERP5Type/ERP5Type.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/ERP5Type.py?rev=16972&r1=16971&r2=16972&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/ERP5Type.py (original)
+++ erp5/trunk/products/ERP5Type/ERP5Type.py Fri Oct 12 10:40:05 2007
@@ -58,7 +58,9 @@
from TranslationProviderBase import TranslationProviderBase
-from zLOG import LOG
+from sys import exc_info
+from zLOG import LOG, ERROR
+from Products.CMFCore.exceptions import zExceptions_Unauthorized
ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId'
@@ -205,16 +207,39 @@
#
# Agent methods
#
- security.declarePublic('isConstructionAllowed')
- def isConstructionAllowed( self, container ):
- """
- Does the current user have the permission required in
- order to construct an instance?
- """
- permission = self.permission
- if permission and not _checkPermission( permission, container ):
- return 0
- return FactoryTypeInformation.isConstructionAllowed(self, container)
+ def _queryFactoryMethod(self, container, default=None):
+
+ if not self.product or not self.factory or container is None:
+ return default
+
+ # In case we aren't wrapped.
+ dispatcher = getattr(container, 'manage_addProduct', None)
+
+ if dispatcher is None:
+ return default
+
+ try:
+ p = dispatcher[self.product]
+ except AttributeError:
+ LOG('Types Tool', ERROR, '_queryFactoryMethod raised an exception',
+ error=exc_info())
+ return default
+
+ m = getattr(p, self.factory, None)
+
+ if m:
+ try:
+ # validate() can either raise Unauthorized or return 0 to
+ # mean unauthorized.
+ permission = self.permission
+ if permission and _checkPermission( permission, container ):
+ return m
+ elif getSecurityManager().validate(p, p, self.factory, m):
+ return m
+ except zExceptions_Unauthorized: # Catch *all* Unauths!
+ pass
+
+ return default
def _getFactoryMethod(self, container, check_security=1):
if not self.product or not self.factory:
More information about the Erp5-report
mailing list