Commit ca9cb0c0 authored by Jérome Perrin's avatar Jérome Perrin

38412 was not working when security implementation was set set to python, the

isinstance check was returning false


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38449 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent f24b9247
...@@ -109,23 +109,16 @@ class Setter(Method): ...@@ -109,23 +109,16 @@ class Setter(Method):
def rolesForPermissionOn(ob): def rolesForPermissionOn(ob):
im_self = ob.im_self im_self = ob.im_self
name = '%s__roles__' % ob.__name__ name = '%s__roles__' % ob.__name__
# we explictly call _aq_dynamic to prevent acquiering the attribute # Lookup on the class, as getRoles gives priority to ob.__roles__
# over class.ob__roles__, this way we have an opportunity to define
# security on the class for generated methods.
# We explictly call _aq_dynamic to prevent acquiering the attribute
# from container # from container
roles = im_self._aq_dynamic(name) roles = getattr(im_self.__class__, name, im_self._aq_dynamic(name))
if roles is None: if roles is None:
# lookup on the class, as getRoles gives priority to ob.__roles__ return rolesForPermissionOn(None, im_self, ('Manager',),
# over class.ob__roles__, this way we have an opportunity to define '_Modify_portal_content_Permission')
# security on the class for generated methods. return roles.__of__(im_self)
class_role = getattr(im_self.__class__, name, im_self)
if class_role is not im_self:
if isinstance(class_role, PermissionRole):
return class_role.__of__(im_self)
return class_role
return rolesForPermissionOn(None, im_self, ('Manager',),
'_Modify_portal_content_Permission')
else:
# wrap explicitly, because we used _aq_dynamic
return roles.__of__(im_self)
from Products.CMFCore.Expression import Expression from Products.CMFCore.Expression import Expression
...@@ -198,18 +191,11 @@ class Getter(Method): ...@@ -198,18 +191,11 @@ class Getter(Method):
name = '%s__roles__' % ob.__name__ name = '%s__roles__' % ob.__name__
# we explictly call _aq_dynamic to prevent acquiering the attribute # we explictly call _aq_dynamic to prevent acquiering the attribute
# from container # from container
roles = im_self._aq_dynamic(name) roles = getattr(im_self.__class__, name, im_self._aq_dynamic(name))
if roles is None: if roles is None:
class_role = getattr(im_self.__class__, name, im_self) return rolesForPermissionOn(None, im_self, ('Manager',),
if class_role is not im_self: '_Access_contents_information_Permission')
if isinstance(class_role, PermissionRole): return roles.__of__(im_self)
return class_role.__of__(im_self)
return class_role
return rolesForPermissionOn(None, im_self, ('Manager',),
'_Access_contents_information_Permission')
else:
# wrap explicitly, because we used _aq_dynamic
return roles.__of__(im_self)
class Tester(Method): class Tester(Method):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment