diff --git a/product/ERP5Type/patches/PythonScript.py b/product/ERP5Type/patches/PythonScript.py index 71a6eb56c5c8d372e10451e6aa59adbcf85f3501..4335f1040d3bee4a33cf881d60e711ec29937e44 100644 --- a/product/ERP5Type/patches/PythonScript.py +++ b/product/ERP5Type/patches/PythonScript.py @@ -10,13 +10,13 @@ # FOR A PARTICULAR PURPOSE # ############################################################################## -from Products.CMFCore.utils import _checkPermission from Products.DCWorkflow.Guard import Guard from Products.PythonScripts.PythonScript import PythonScript from App.special_dtml import DTMLFile from Products.ERP5Type import _dtmldir from AccessControl import ClassSecurityInfo, getSecurityManager from AccessControl.class_init import InitializeClass +from AccessControl.PermissionRole import rolesForPermissionOn from OFS.misc_ import p_ from App.ImageFile import ImageFile from Acquisition import aq_base, aq_parent @@ -109,27 +109,32 @@ def checkGuard(guard, ob): # returns 1 if guard passes against ob, else 0. # TODO : implement TALES evaluation by defining an appropriate # context. - sm = None + u_roles = None + def getRoles(): + sm = getSecurityManager() + u = sm.getUser() + stack = sm._context.stack + if stack and len(stack) > 1: + eo = stack[-2] # -1 is the current script. + proxy_roles = getattr(eo, '_proxy_roles', None) + if proxy_roles: + roles = proxy_roles + return proxy_roles + roles = u.getRolesInContext(ob) + return roles if guard.permissions: + # Require at least one role for required roles for the given permission. + if u_roles is None: + u_roles = getRoles() for p in guard.permissions: - if _checkPermission(p, ob): + if set(rolesForPermissionOn(p, ob)).intersection(u_roles): break - else: - return 0 + else: + return 0 if guard.roles: - if sm is None: - sm = getSecurityManager() - u = sm.getUser() - def getRoles(): - stack = sm._context.stack - if stack and len(stack) > 1: - eo = stack[-2] # -1 is the current script. - proxy_roles = getattr(eo, '_proxy_roles', None) - if proxy_roles: - return proxy_roles - return u.getRolesInContext(ob) # Require at least one of the given roles. - u_roles = getRoles() + if u_roles is None: + u_roles = getRoles() for role in guard.roles: if role in u_roles: break @@ -137,9 +142,8 @@ def checkGuard(guard, ob): return 0 if guard.groups: # Require at least one of the specified groups. - if sm is None: - sm = getSecurityManager() - u = sm.getUser() + sm = getSecurityManager() + u = sm.getUser() b = aq_base( u ) if hasattr( b, 'getGroupsInContext' ): u_groups = u.getGroupsInContext( ob )