Commit 50e21bf5 authored by Jérome Perrin's avatar Jérome Perrin

explain problem with allowedContentTypes caching strategy and make a quick and dirty workaround



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@9431 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent de9729b9
......@@ -650,12 +650,24 @@ be a problem)."""
# Optimized Menu System
security.declarePublic('allowedContentTypes')
def allowedContentTypes( self ):
"""
List portal_types which can be added in this folder / object.
Cache results. This requires restarting Zope to update values.
"""
""" List portal_types which can be added in this folder / object.
Cache results.
"""
# if we don't have add portal content permission, return directly.
# this prevents returning cached allowed types when the user no longer have
# the permission to any content type. (security definitions in workflows
# usually remove some permission once an object is "Valid")
# This also prevents filling the cache with an empty list, when the user
# does not have the permission to add any content yet.
# XXX this works just fine, unless some objects can be added with another
# permission that "Add portal content". For now, this is only the case for
# Role Definition objects, but this shows that generally speaking, this is
# not the right approach.
if not getSecurityManager().checkPermission(
Permissions.AddPortalContent, self):
Permissions.AddPortalContent, self) and\
not getSecurityManager().checkPermission(
Permissions.ChangeLocalRoles, self):
return []
def _allowedContentTypes( portal_type=None, user=None, portal_path=None ):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment