Commit 95ac6cf7 authored by Alexandre Boeglin's avatar Alexandre Boeglin

Made a reusable method out of last Base.py commit.

Reused the method in manage_copyObjects.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4079 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent e7010195
......@@ -28,7 +28,7 @@
import ExtensionClass
from Globals import InitializeClass, DTMLFile, PersistentMapping
from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl import ClassSecurityInfo
from AccessControl.Permission import pname, Permission
from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain
......@@ -51,11 +51,10 @@ from Products.ERP5Type.XMLExportImport import Base_asXML
from Products.CMFCore.WorkflowCore import ObjectDeleted
from Accessor import WorkflowState
from OFS.CopySupport import CopyError
from ZopePatch import ERP5PropertyManager
from CopySupport import CopyContainer
from CopySupport import CopyContainer, CopyError,\
tryMethodCallWithTemporaryPermission
from Errors import DeferredCatalogError
from Products.CMFActivity.ActiveObject import ActiveObject
from Products.ERP5Type.Accessor.Accessor import Accessor as Method
......@@ -961,30 +960,8 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ):
# Do not rename until everything flushed
self.recursiveFlushActivity(invoke=1)
previous_relative_url = self.getRelativeUrl()
try:
self.aq_parent.manage_renameObject(self.id, id)
except CopyError:
# we want to catch the explicit security check done in
# manage_renameObject and bypass it. for this, we temporarily give the
# Copy or Move right to the user. We assume that if the user has enough
# rights to pass the "declareProtected" check around "setId", he should
# be really able to rename the object.
user = getSecurityManager().getUser()
user_role_list = user.getRolesInContext(self)
if len(user_role_list) > 0:
perm_list = self.ac_inherited_permissions()
for p in perm_list:
if p[0] == 'Copy or Move':
name, value = p[:2]
break
else:
name, value = ('Copy or Move', ())
p = Permission(name,value,self)
old_role_list = p.getRoles(default=[])
p.setRoles(user_role_list)
self.aq_parent.manage_renameObject(self.id, id)
p.setRoles(old_role_list)
tryMethodCallWithTemporaryPermission(self, 'Copy or Move',
self.aq_parent.manage_renameObject, (self.id, id), {}, CopyError)
new_relative_url = self.getRelativeUrl()
if reindex:
self.flushActivity(invoke=1) # Required if we wish that news ids appear instantly
......
......@@ -13,7 +13,8 @@
##############################################################################
from OFS import Moniker
from AccessControl import ClassSecurityInfo
from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.Permission import Permission
from OFS.ObjectManager import ObjectManager
from OFS.CopySupport import CopyContainer as OriginalCopyContainer
from OFS.CopySupport import CopyError
......@@ -54,7 +55,9 @@ class CopyContainer:
#LOG("Manage Copy",0, "ids:%s uids:%s" % (str(ids), str(uids)))
if ids is not None:
# Use default methode
return OriginalCopyContainer.manage_copyObjects(self, ids, REQUEST, RESPONSE)
return tryMethodCallWithTemporaryPermission(self, 'Copy or Move',
OriginalCopyContainer.manage_copyObjects, (self, ids, REQUEST,
RESPONSE), {}, CopyError)
if uids is None and REQUEST is not None:
return eNoItemsSpecified
elif uids is None:
......@@ -189,7 +192,7 @@ class CopyContainer:
# Pass - need to find a way to pass calls...
self.notifyWorkflowCreated()
# Add info about copy to edit workflow
REQUEST = get_request()
if REQUEST is not None and REQUEST.get('__cp', None) :
......@@ -287,4 +290,32 @@ class CopyContainer:
if catalog is not None:
catalog.moveObject(self, idxs=idxs)
#### Helper methods
def tryMethodCallWithTemporaryPermission(context, permission, method,
method_argv, method_kw, exception):
# we want to catch the explicit security check done in manage_renameObject
# and bypass it. for this, we temporarily give the Copy or Move right to the
# user. We assume that if the user has enough rights to pass the
# "declareProtected" check around "setId", he should be really able to
# rename the object.
try:
return method(*method_argv, **method_kw)
except exception:
user = getSecurityManager().getUser()
user_role_list = user.getRolesInContext(context)
if len(user_role_list) > 0:
perm_list = context.ac_inherited_permissions()
for p in perm_list:
if p[0] == permission:
name, value = p[:2]
break
else:
name, value = (permission, ())
p = Permission(name,value,context)
old_role_list = p.getRoles(default=[])
p.setRoles(user_role_list)
result = method(*method_argv, **method_kw)
p.setRoles(old_role_list)
return result
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment