Use new module level aq_inContextOf method, so this works for non-wrappers as...

Use new module level aq_inContextOf method, so this works for non-wrappers as well. Still needs to be made aware of __parent__ pointers

Use new module level aq_inContextOf method, so this works for non-wrappers as...
Use new module level aq_inContextOf method, so this works for non-wrappers as well. Still needs to be made aware of __parent__ pointers
95e69c37 · Hanno Schlichting · 14c42d22 · 95e69c37 · 95e69c37
Commit 95e69c37 authored Jul 28, 2007 by Hanno Schlichting
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 19 deletions

lib/python/AccessControl/ImplPython.py lib/python/AccessControl/ImplPython.py +5 -11

lib/python/AccessControl/User.py lib/python/AccessControl/User.py +5 -8

No files found.
--- a/lib/python/AccessControl/ImplPython.py
+++ b/lib/python/AccessControl/ImplPython.py
@@ -20,6 +20,7 @@ from logging import getLogger
 from Acquisition import aq_base
 from Acquisition import aq_parent
 from Acquisition import aq_inner
+from Acquisition import aq_inContextOf
 from Acquisition import aq_acquire
 from ExtensionClass import Base
 from zope.interface import implements
@@ -840,17 +841,10 @@ def verifyAcquisitionContext(user, object, object_roles=None):
            # This is a strange rule, though
            # it doesn't cause any security holes. SDH
            return 1
-        if not hasattr(object, 'aq_inContextOf'):
        if hasattr(object, 'im_self'):
            # This is a method.  Grab its self.
            object=object.im_self
-            if not hasattr(object, 'aq_inContextOf'):
-                # object is not wrapped, therefore we
-                # can't determine context.
-                # Fail the access attempt.  Otherwise
-                # this would be a security hole.
-                return None
-        if not object.aq_inContextOf(ucontext, 1):
+        if not aq_inContextOf(object, ucontext, 1):
            if 'Shared' in object_roles:
                # Old role setting. Waaa
                object_roles=user._shared_roles(object)

--- a/lib/python/AccessControl/User.py
+++ b/lib/python/AccessControl/User.py
@@ -20,6 +20,7 @@ import re
 import socket
 from base64 import decodestring

+from Acquisition import aq_inContextOf
 from Acquisition import Implicit
 from App.Management import Navigation, Tabs
 from Globals import DTMLFile, MessageDialog, Persistent, PersistentMapping
@@ -165,14 +166,10 @@ class BasicUser(Implicit):
        if context is not None:
            if object is None:
                return 1
-            if not hasattr(object, 'aq_inContextOf'):
            if hasattr(object, 'im_self'):
                # This is a method.  Grab its self.
                object=object.im_self
-                if not hasattr(object, 'aq_inContextOf'):
-                    # Object is not wrapped, so return false.
-                    return 0
-            return object.aq_inContextOf(context, 1)
+            return aq_inContextOf(object, context, 1)

        # This is lame, but required to keep existing behavior.
        return 1