[Erp5-report] r21086 - /erp5/trunk/products/ERP5Type/Accessor/Base.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri May 23 10:17:04 CEST 2008
Author: aurel
Date: Fri May 23 10:17:02 2008
New Revision: 21086
URL: http://svn.erp5.org?rev=21086&view=rev
Log:
make the security works on accessors
if no security defined use a default one
Modified:
erp5/trunk/products/ERP5Type/Accessor/Base.py
Modified: erp5/trunk/products/ERP5Type/Accessor/Base.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/Accessor/Base.py?rev=21086&r1=21085&r2=21086&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/Accessor/Base.py (original)
+++ erp5/trunk/products/ERP5Type/Accessor/Base.py Fri May 23 10:17:02 2008
@@ -36,6 +36,7 @@
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type.PsycoWrapper import psyco
+from AccessControl.ImplPython import rolesForPermissionOn
# Creation of default constructor
class func_code: pass
@@ -193,3 +194,30 @@
def __call__(self, instance, *args, **kw):
return getattr(aq_base(instance), self._storage_id, None) not in self._null
+
+try:
+ from ZODB.Transaction import Transaction
+ # Zope 2.7 do not patch
+except ImportError:
+ # Zope 2.8, patch
+ class __roles__:
+ @staticmethod
+ def rolesForPermissionOn(ob):
+ roles = getattr(ob.im_self, '%s__roles__' % ob.__name__, None)
+ if roles is None:
+ return rolesForPermissionOn(None, ob.im_self, ('Manager',),
+ '_Modify_portal_content_Permission')
+ else:
+ return roles
+ Setter.__roles__ = __roles__
+
+ class __roles__:
+ @staticmethod
+ def rolesForPermissionOn(ob):
+ roles = getattr(ob.im_self, '%s__roles__' % ob.__name__, None)
+ if roles is None:
+ return rolesForPermissionOn(None, ob.im_self, ('Manager',),
+ '_Access_contents_information_Permission')
+ else:
+ return roles
+ Getter.__roles__ = __roles__
More information about the Erp5-report
mailing list