Commit 95e69c37 authored by Hanno Schlichting's avatar Hanno Schlichting

Use new module level aq_inContextOf method, so this works for non-wrappers as...

Use new module level aq_inContextOf method, so this works for non-wrappers as well. Still needs to be made aware of __parent__ pointers
parent 14c42d22
...@@ -20,6 +20,7 @@ from logging import getLogger ...@@ -20,6 +20,7 @@ from logging import getLogger
from Acquisition import aq_base from Acquisition import aq_base
from Acquisition import aq_parent from Acquisition import aq_parent
from Acquisition import aq_inner from Acquisition import aq_inner
from Acquisition import aq_inContextOf
from Acquisition import aq_acquire from Acquisition import aq_acquire
from ExtensionClass import Base from ExtensionClass import Base
from zope.interface import implements from zope.interface import implements
...@@ -840,17 +841,10 @@ def verifyAcquisitionContext(user, object, object_roles=None): ...@@ -840,17 +841,10 @@ def verifyAcquisitionContext(user, object, object_roles=None):
# This is a strange rule, though # This is a strange rule, though
# it doesn't cause any security holes. SDH # it doesn't cause any security holes. SDH
return 1 return 1
if not hasattr(object, 'aq_inContextOf'):
if hasattr(object, 'im_self'): if hasattr(object, 'im_self'):
# This is a method. Grab its self. # This is a method. Grab its self.
object=object.im_self object=object.im_self
if not hasattr(object, 'aq_inContextOf'): if not aq_inContextOf(object, ucontext, 1):
# object is not wrapped, therefore we
# can't determine context.
# Fail the access attempt. Otherwise
# this would be a security hole.
return None
if not object.aq_inContextOf(ucontext, 1):
if 'Shared' in object_roles: if 'Shared' in object_roles:
# Old role setting. Waaa # Old role setting. Waaa
object_roles=user._shared_roles(object) object_roles=user._shared_roles(object)
......
...@@ -20,6 +20,7 @@ import re ...@@ -20,6 +20,7 @@ import re
import socket import socket
from base64 import decodestring from base64 import decodestring
from Acquisition import aq_inContextOf
from Acquisition import Implicit from Acquisition import Implicit
from App.Management import Navigation, Tabs from App.Management import Navigation, Tabs
from Globals import DTMLFile, MessageDialog, Persistent, PersistentMapping from Globals import DTMLFile, MessageDialog, Persistent, PersistentMapping
...@@ -165,14 +166,10 @@ class BasicUser(Implicit): ...@@ -165,14 +166,10 @@ class BasicUser(Implicit):
if context is not None: if context is not None:
if object is None: if object is None:
return 1 return 1
if not hasattr(object, 'aq_inContextOf'):
if hasattr(object, 'im_self'): if hasattr(object, 'im_self'):
# This is a method. Grab its self. # This is a method. Grab its self.
object=object.im_self object=object.im_self
if not hasattr(object, 'aq_inContextOf'): return aq_inContextOf(object, context, 1)
# Object is not wrapped, so return false.
return 0
return object.aq_inContextOf(context, 1)
# This is lame, but required to keep existing behavior. # This is lame, but required to keep existing behavior.
return 1 return 1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment