Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
aac2005b
Commit
aac2005b
authored
Dec 28, 2010
by
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- fixed permission check in ObjectManager
parent
3004ee2a
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
34 additions
and
11 deletions
+34
-11
doc/CHANGES.rst
doc/CHANGES.rst
+2
-0
src/OFS/ObjectManager.py
src/OFS/ObjectManager.py
+5
-5
src/OFS/tests/testObjectManager.py
src/OFS/tests/testObjectManager.py
+27
-6
No files found.
doc/CHANGES.rst
View file @
aac2005b
...
...
@@ -11,6 +11,8 @@ http://docs.zope.org/zope2/releases/.
Bugs Fixed
++++++++++
- OFS: Fixed permission check in ObjectManager.
- webdav: Fixed permission check and error handling in DeleteCollection.
- LP 686664: WebDAV Lock Manager ZMI view wasn't accessible.
...
...
src/OFS/ObjectManager.py
View file @
aac2005b
...
...
@@ -266,15 +266,15 @@ class ObjectManager(CopyContainer,
def
filtered_meta_types
(
self
,
user
=
None
):
# Return a list of the types for which the user has
# adequate permission to add that type of object.
user
=
getSecurityManager
().
getUs
er
()
meta_types
=
[]
sm
=
getSecurityManag
er
()
meta_types
=
[]
if
callable
(
self
.
all_meta_types
):
all
=
self
.
all_meta_types
()
all
=
self
.
all_meta_types
()
else
:
all
=
self
.
all_meta_types
all
=
self
.
all_meta_types
for
meta_type
in
all
:
if
meta_type
.
has_key
(
'permission'
):
if
user
.
has_permission
(
meta_type
[
'permission'
],
self
):
if
sm
.
checkPermission
(
meta_type
[
'permission'
],
self
):
meta_types
.
append
(
meta_type
)
else
:
meta_types
.
append
(
meta_type
)
...
...
src/OFS/tests/testObjectManager.py
View file @
aac2005b
import
unittest
from
zope.component.testing
import
PlacelessSetup
from
zope.interface
import
implements
from
AccessControl.owner
import
EmergencyUserCannotOwn
from
AccessControl.SecurityManagement
import
newSecurityManager
from
AccessControl.SecurityManagement
import
noSecurityManager
from
AccessControl.
User
import
User
# before SpecialUsers
from
AccessControl.
SecurityManager
import
setSecurityPolicy
from
AccessControl.SpecialUsers
import
emergency_user
,
nobody
,
system
from
AccessControl.User
import
User
# before SpecialUsers
from
Acquisition
import
aq_base
from
Acquisition
import
Implicit
from
App.config
import
getConfiguration
from
logging
import
getLogger
from
zExceptions
import
BadRequest
from
zope.component.testing
import
PlacelessSetup
from
zope.interface
import
implements
from
Zope2.App
import
zcml
from
OFS.interfaces
import
IItem
from
OFS.metaconfigure
import
setDeprecatedManageAddDelete
from
OFS.ObjectManager
import
ObjectManager
from
OFS.SimpleItem
import
SimpleItem
from
Zope2.App
import
zcml
from
zExceptions
import
BadRequest
logger
=
getLogger
(
'OFS.subscribers'
)
...
...
@@ -103,6 +104,26 @@ class ObjectManagerTests(PlacelessSetup, unittest.TestCase):
verifyClass
(
IContainer
,
ObjectManager
)
verifyClass
(
IObjectManager
,
ObjectManager
)
def
test_filtered_meta_types
(
self
):
class
_DummySecurityPolicy
(
object
):
def
checkPermission
(
self
,
permission
,
object
,
context
):
return
permission
==
'addFoo'
om
=
self
.
_makeOne
()
om
.
all_meta_types
=
({
'name'
:
'Foo'
,
'permission'
:
'addFoo'
},
{
'name'
:
'Bar'
,
'permission'
:
'addBar'
},
{
'name'
:
'Baz'
})
try
:
oldPolicy
=
setSecurityPolicy
(
_DummySecurityPolicy
())
self
.
assertEqual
(
len
(
om
.
filtered_meta_types
()),
2
)
self
.
assertEqual
(
om
.
filtered_meta_types
()[
0
][
'name'
],
'Foo'
)
self
.
assertEqual
(
om
.
filtered_meta_types
()[
1
][
'name'
],
'Baz'
)
finally
:
noSecurityManager
()
setSecurityPolicy
(
oldPolicy
)
def
test_setObject_set_owner_with_no_user
(
self
):
om
=
self
.
_makeOne
()
newSecurityManager
(
None
,
None
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment