[Checkins] SVN: zope-foundation-admin/trunk/vote/vote.py Added
access check to make sure people not in the group cannot even
Jim Fulton
jim at zope.com
Tue Jun 6 12:35:35 EDT 2006
Log message for revision 68509:
Added access check to make sure people not in the group cannot even
try to vote.
chmod vots to prevent other than the voter from reading them.
Changed:
U zope-foundation-admin/trunk/vote/vote.py
-=-
Modified: zope-foundation-admin/trunk/vote/vote.py
===================================================================
--- zope-foundation-admin/trunk/vote/vote.py 2006-06-06 16:34:27 UTC (rev 68508)
+++ zope-foundation-admin/trunk/vote/vote.py 2006-06-06 16:35:34 UTC (rev 68509)
@@ -68,6 +68,9 @@
if not os.path.isdir(issuefolder):
error("Invalid issue id")
+ if not os.access(issuefolder, os.X_OK):
+ error("You are not permitted to vote on this issue.")
+
if not os.access(issuefolder, os.W_OK):
error("Voting is closed")
@@ -80,7 +83,9 @@
uname = pwd.getpwuid(os.geteuid())[0]
if args:
validate(issuefolder, args)
- open(os.path.join(issuefolder, uname), 'w').write('\n'.join(args))
+ votefile = os.path.join(issuefolder, uname)
+ open(votefile, 'w').write('\n'.join(args))
+ os.chmod(votefile, 0700)
if os.access(issuefolder, os.R_OK):
count(issuefolder, uname)
More information about the Checkins
mailing list