[Erp5-report] r36530 ivan - /erp5/trunk/products/ERP5/Document/Document.py

nobody at svn.erp5.org nobody at svn.erp5.org
Wed Jun 23 12:12:29 CEST 2010 

Author: ivan
Date: Wed Jun 23 12:12:25 2010
New Revision: 36530

URL: http://svn.erp5.org?rev=36530&view=rev
Log:
Split force user authentication to a seperate method which can be reused.

Modified:
    erp5/trunk/products/ERP5/Document/Document.py

Modified: erp5/trunk/products/ERP5/Document/Document.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Document/Document.py?rev=36530&r1=36529&r2=36530&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/Document/Document.py [utf8] (original)
+++ erp5/trunk/products/ERP5/Document/Document.py [utf8] Wed Jun 23 12:12:25 2010
@@ -129,12 +129,9 @@ class PermanentURLMixIn(ExtensibleTraver
   # Declarative security
   security = ClassSecurityInfo()
 
-  ### Extensible content
-  def _getExtensibleContent(self, request, name):
-    # Permanent URL traversal
-    # First we must get the logged user by forcing identification
+  def _forceIdentification(self, request):
+    # force identification (usable for extensible content)
     cache = getReadOnlyTransactionCache(self)
-    # LOG('getReadOnlyTransactionCache', 0, repr(cache)) # Currently, it is always None
     if cache is not None:
       key = ('__bobo_traverse__', self, 'user')
       try:
@@ -180,14 +177,23 @@ class PermanentURLMixIn(ExtensibleTraver
                     # do not try to change SecurityManager
       if cache is not None:
         cache[key] = user
+
+    old_manager = None
     if user is not None:
       # We need to perform identification
       old_manager = getSecurityManager()
       newSecurityManager(get_request(), user)
+
+    return old_manager, user
+
+  ### Extensible content
+  def _getExtensibleContent(self, request, name):
+    # Permanent URL traversal
+    old_manager, user = self._forceIdentification(request)
     # Next get the document per name
     portal = self.getPortalObject()
     document = self.getDocumentValue(name=name, portal=portal)
-    # Last, cleanup everything
+    # restore original security context if there's a logged in user
     if user is not None:
       setSecurityManager(old_manager)
     if document is not None:

More information about the Erp5-report mailing list