Commit 4baef747 authored by Jean-Paul Smets's avatar Jean-Paul Smets

Added checked_permission support to all category accessors.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16518 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent a300098d
...@@ -714,7 +714,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -714,7 +714,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
security.declareProtected( Permissions.AccessContentsInformation, security.declareProtected( Permissions.AccessContentsInformation,
'getSingleCategoryMembershipList' ) 'getSingleCategoryMembershipList' )
def getSingleCategoryMembershipList(self, context, base_category, base=0, def getSingleCategoryMembershipList(self, context, base_category, base=0,
spec=(), filter=None, **kw): spec=(), filter=None, checked_permission=None, **kw):
""" """
Returns the local membership of the context for a single base category Returns the local membership of the context for a single base category
represented as a list of relative URLs represented as a list of relative URLs
...@@ -733,15 +733,28 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -733,15 +733,28 @@ class CategoryTool( UniqueObject, Folder, Base ):
portal_type = kw.get('portal_type', ()) portal_type = kw.get('portal_type', ())
if spec is (): spec = portal_type if spec is (): spec = portal_type
# Build the ckecked_permission filter
if checked_permission is None:
permissionFilter = lambda x: x
else:
def permissionFilter(category_list):
filtered_category_list = []
checkPermission = self.portal_membership.checkPermission
for category in category_list:
object = self.unrestrictedTraverse(category)
if object is not None and checkPermission(checked_permission, object):
filtered_category_list.append(category)
return filtered_category_list
# We must treat parent in a different way # We must treat parent in a different way
#LOG('getSingleCategoryMembershipList', 0, 'base_category = %s, spec = %s, base = %s, context = %s, context.aq_inner.aq_parent = %s' % (repr(base_category), repr(spec), repr(base), repr(context), repr(context.aq_inner.aq_parent))) #LOG('getSingleCategoryMembershipList', 0, 'base_category = %s, spec = %s, base = %s, context = %s, context.aq_inner.aq_parent = %s' % (repr(base_category), repr(spec), repr(base), repr(context), repr(context.aq_inner.aq_parent)))
if base_category == 'parent': if base_category == 'parent':
parent = context.aq_inner.aq_parent # aq_inner is required to make sure we use containment parent = context.aq_inner.aq_parent # aq_inner is required to make sure we use containment
if parent.portal_type in spec: if parent.portal_type in spec:
if base: if base:
return ['parent/' + parent.getRelativeUrl()] return permissionFilter(['parent/' + parent.getRelativeUrl()])
else: else:
return [parent.getRelativeUrl()] return permissionFilter([parent.getRelativeUrl()])
#LOG('getSingleCategoryMembershipList', 0, 'not in spec: parent.portal_type = %s, spec = %s' % (repr(parent.portal_type), repr(spec))) #LOG('getSingleCategoryMembershipList', 0, 'not in spec: parent.portal_type = %s, spec = %s' % (repr(parent.portal_type), repr(spec)))
return [] return []
...@@ -777,7 +790,7 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -777,7 +790,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
append(category_url) append(category_url)
else: else:
append(category_url[len(my_base_category)+1:]) append(category_url[len(my_base_category)+1:])
return result return permissionFilter(result)
security.declareProtected( Permissions.AccessContentsInformation, security.declareProtected( Permissions.AccessContentsInformation,
'getSingleCategoryAcquiredMembershipList' ) 'getSingleCategoryAcquiredMembershipList' )
...@@ -820,6 +833,9 @@ class CategoryTool( UniqueObject, Folder, Base ): ...@@ -820,6 +833,9 @@ class CategoryTool( UniqueObject, Folder, Base ):
base -- if set to 1, returns relative URLs to portal_categories base -- if set to 1, returns relative URLs to portal_categories
if set to 0, returns relative URLs to the base category if set to 0, returns relative URLs to the base category
checked_permission -- a string which defined the permission
to filter the object on
acquired_object_dict -- this is the list of object used by acquisition, so acquired_object_dict -- this is the list of object used by acquisition, so
we can check if we already have used this object we can check if we already have used this object
......
...@@ -94,6 +94,7 @@ class Getter(Method): ...@@ -94,6 +94,7 @@ class Getter(Method):
alt_accessor_id=self._alt_accessor_id, alt_accessor_id=self._alt_accessor_id,
is_list_type=self._is_list_type, is_list_type=self._is_list_type,
is_tales_type=self._is_tales_type, is_tales_type=self._is_tales_type,
checked_permission=kw.get('checked_permission', None)
) )
if value is not None: if value is not None:
return value.getProperty(self._acquired_property, default, **kw) return value.getProperty(self._acquired_property, default, **kw)
......
...@@ -57,7 +57,8 @@ class ListSetter(Method): ...@@ -57,7 +57,8 @@ class ListSetter(Method):
filter=kw.get('filter', None), filter=kw.get('filter', None),
portal_type=kw.get('portal_type',()), portal_type=kw.get('portal_type',()),
base=kw.get('base', 0), base=kw.get('base', 0),
keep_default=0) keep_default=0,
checked_permission=kw.get('checked_permission', None))
if self._reindex: if self._reindex:
warnings.warn("The reindexing accessors are deprecated.\n" warnings.warn("The reindexing accessors are deprecated.\n"
"Please use Alias.Reindex instead.", "Please use Alias.Reindex instead.",
...@@ -90,7 +91,8 @@ class DefaultSetter(Method): ...@@ -90,7 +91,8 @@ class DefaultSetter(Method):
spec=kw.get('spec',()), spec=kw.get('spec',()),
filter=kw.get('filter', None), filter=kw.get('filter', None),
portal_type=kw.get('portal_type',()), portal_type=kw.get('portal_type',()),
base=kw.get('base', 0)) base=kw.get('base', 0),
checked_permission=kw.get('checked_permission', None))
if self._reindex: if self._reindex:
warnings.warn("The reindexing accessors are deprecated.\n" warnings.warn("The reindexing accessors are deprecated.\n"
"Please use Alias.Reindex instead.", "Please use Alias.Reindex instead.",
...@@ -133,7 +135,8 @@ class SetSetter(Method): ...@@ -133,7 +135,8 @@ class SetSetter(Method):
filter=kw.get('filter', None), filter=kw.get('filter', None),
portal_type=kw.get('portal_type',()), portal_type=kw.get('portal_type',()),
base=kw.get('base', 0), base=kw.get('base', 0),
keep_default=1) keep_default=1,
checked_permission=kw.get('checked_permission', None))
if self._reindex: if self._reindex:
warnings.warn("The reindexing accessors are deprecated.\n" warnings.warn("The reindexing accessors are deprecated.\n"
"Please use Alias.Reindex instead.", "Please use Alias.Reindex instead.",
...@@ -168,7 +171,8 @@ class DefaultGetter(Method): ...@@ -168,7 +171,8 @@ class DefaultGetter(Method):
spec=kw.get('spec',()), spec=kw.get('spec',()),
filter=kw.get('filter', None), filter=kw.get('filter', None),
portal_type=kw.get('portal_type',()), portal_type=kw.get('portal_type',()),
base=kw.get('base',0), default=default) base=kw.get('base',0), default=default,
checked_permission=kw.get('checked_permission', None))
psyco.bind(__call__) psyco.bind(__call__)
class ListGetter(Method): class ListGetter(Method):
......
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment