diff --git a/product/ERP5Type/ERP5Type.py b/product/ERP5Type/ERP5Type.py
index befd918d6eea09643cd0e1dcdb5baaf38a84ab47..d51bba6600e1e37492dcc336bcb4853099f35b69 100644
--- a/product/ERP5Type/ERP5Type.py
+++ b/product/ERP5Type/ERP5Type.py
@@ -299,45 +299,48 @@ class ERP5TypeInformation(XMLObject,
"""
return default
- #
- # Agent methods
- #
- def _queryFactoryMethod(self, container, default=None):
-
- if not self.product or not self.factory or container is None:
- return default
-
- # In case we aren't wrapped.
- dispatcher = getattr(container, 'manage_addProduct', None)
-
- if dispatcher is None:
- return default
-
- try:
- p = dispatcher[self.product]
- except AttributeError:
- LOG('Types Tool', ERROR, '_queryFactoryMethod raised an exception',
- error=exc_info())
- return default
-
- m = getattr(p, self.factory, None)
-
- if m is not None:
- try:
- # validate() can either raise Unauthorized or return 0 to
- # mean unauthorized.
- permission = self.permission
- if permission:
- if _checkPermission(permission, container):
- return m
- else:
- return default
- elif getSecurityManager().validate(p, p, self.factory, m):
- return m
- except zExceptions_Unauthorized: # Catch *all* Unauths!
- pass
-
- return default
+ # The following 2 methods should not be used.
+ _getFactoryMethod = deprecated(FactoryTypeInformation._getFactoryMethod)
+ _constructInstance = deprecated(FactoryTypeInformation._constructInstance)
+
+ def _queryFactoryMethod(self, container, temp_object=0):
+ product = self.product
+ factory = self.factory
+ if not product or not factory:
+ return ValueError('Product factory for %s was undefined'
+ % self.getId())
+ try:
+ p = container.manage_addProduct[product]
+ except AttributeError:
+ pass
+ else:
+ if temp_object:
+ factory = factory[:3] == 'add' and 'newTemp' + factory[3:] or ''
+ m = getattr(p, factory, None)
+ if m is None:
+ return ValueError('Product factory for %s was invalid'
+ % self.getId())
+ if temp_object:
+ return m
+ permission = self.permission
+ if permission:
+ if _checkPermission(permission, container):
+ return m
+ else:
+ try:
+ # validate() can either raise Unauthorized or return 0 to
+ # mean unauthorized.
+ if getSecurityManager().validate(p, p, factory, m):
+ return m
+ except zExceptions_Unauthorized, e:
+ return e
+ return AccessControl_Unauthorized('Cannot create %s' % self.getId())
+
+ security.declarePublic('isConstructionAllowed')
+ def isConstructionAllowed(self, container):
+ """Test if user is allowed to create an instance in the given container
+ """
+ return not isinstance(self._queryFactoryMethod(container), Exception)
security.declarePublic('constructInstance')
def constructInstance(self, container, id, created_by_builder=0,
@@ -348,34 +351,20 @@ class ERP5TypeInformation(XMLObject,
Call the init_script for the portal_type.
Returns the object.
"""
- if temp_object:
- if not self.factory or not self.factory.startswith('add'):
- raise ValueError('Product factory for %s is invalid: %s'
- % (self.getId(), self.factory))
- p = container.manage_addProduct[self.product]
- m = getattr(p, 'newTemp' + self.factory[3:])
- ob = m(id, container)
- if hasattr(ob, '_setPortalTypeName'):
- ob.portal_type = self.getId()
- else:
- # This is part is copied from CMFCore/TypesTool/constructInstance
- # In case of temp object, we don't want to check security
- if (not (hasattr(container, 'isTempObject')
- and container.isTempObject())
- and not self.isConstructionAllowed(container)):
- raise AccessControl_Unauthorized('Cannot create %s' % self.getId())
-
- # Then keep on the construction process
- ob = self._constructInstance(container, id, *args, **kw)
-
- # Portal type has to be set before setting other attributes
- # in order to initialize aq_dynamic
- if hasattr(ob, '_setPortalTypeName'):
- #ob._setPortalTypeName(self.getId())
- # XXX rafael: if we use _set because it is trigger by interaction
- # workflow and it is annoyning without security setted
- ob.portal_type = self.getId()
-
+ m = self._queryFactoryMethod(container, temp_object)
+ if isinstance(m, Exception):
+ raise m
+ ob = m(id, **kw)
+
+ # Portal type has to be set before setting other attributes
+ # in order to initialize aq_dynamic
+ if hasattr(ob, '_setPortalTypeName'):
+ #ob._setPortalTypeName(self.getId())
+ # XXX rafael: if we use _set because it is trigger by interaction
+ # workflow and it is annoyning without security setted
+ ob.portal_type = self.getId()
+
+ if not temp_object:
self.updateLocalRolesOnDocument(ob, reindex=False)
# notify workflow after generating local roles, in order to prevent
diff --git a/product/ERP5Type/Utils.py b/product/ERP5Type/Utils.py
index f199254e3cf8f16b390c5823dd9323b7ece87796..feed33933fd2e10517f803def297e235cd4711c4 100644
--- a/product/ERP5Type/Utils.py
+++ b/product/ERP5Type/Utils.py
@@ -457,6 +457,7 @@ class DocumentConstructor(Method):
if kw: o._edit(force_update=1, **kw)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect( 'manage_main' )
+ return o
class TempDocumentConstructor(DocumentConstructor):
@@ -480,9 +481,8 @@ class TempDocumentConstructor(DocumentConstructor):
self.klass = TempDocument
- def __call__(self, folder, id, REQUEST=None, **kw):
- # CMF constructInstance is never used to build temp objects
- # so we never return the id.
+ def __call__(self, folder, id, REQUEST=None,
+ activate_kw=None, is_indexable=None, reindex_kw=None, **kw):
o = self.klass(id)
if folder.isTempObject():
folder._setObject(id, o)