[Checkins] SVN: Products.CMFDefault/trunk/Products/CMFDefault/ - changed the way add form permissions are configured and checked

Yvo Schubbe y.2009 at wcm-solutions.de
Fri Dec 4 04:43:52 EST 2009


Log message for revision 106203:
  - changed the way add form permissions are configured and checked

Changed:
  U   Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt
  U   Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml
  U   Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml
  U   Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py

-=-
Modified: Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt	2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/CHANGES.txt	2009-12-04 09:43:51 UTC (rev 106203)
@@ -4,6 +4,10 @@
 2.2.0-beta (unreleased)
 -----------------------
 
+- views: Improved ContentAddFormBase.
+  Permissions and container constraints are now checked by the '__call__'
+  method. There is no need to add security declarations for derived add forms.
+
 - upgrade: Added more upgrade steps.
   There is now support for upgrading the step registrations in the setup tool,
   the columns in the catalog tool and the icons in the actions tool and

Modified: Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml	2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/browser/configure.zcml	2009-12-04 09:43:51 UTC (rev 106203)
@@ -10,13 +10,13 @@
       template="templates/folder.pt"
       permission="zope2.View"
       />
-  
+
   <utility
       component=".folder.contents_delta_vocabulary"
       name="cmf.contents delta vocabulary"
       provides="zope.schema.interfaces.IVocabularyFactory"
       />
-      
+
   <browser:page
       for="Products.CMFCore.interfaces.IFolderish"
       layer="..interfaces.ICMFDefaultSkin"
@@ -86,13 +86,6 @@
       factory=".link.LinkAddView"
       />
 
-  <class class=".link.LinkAddView">
-    <require
-        permission="cmf.AddPortalContent"
-        interface="zope.formlib.interfaces.IPageForm"
-        />
-  </class>
-
   <browser:page
       for="..interfaces.ILink"
       layer="..interfaces.ICMFDefaultSkin"
@@ -117,13 +110,6 @@
       factory=".favorite.FavoriteAddView"
       />
 
-  <class class=".favorite.FavoriteAddView">
-    <require
-        permission="cmf.AddPortalContent"
-        interface="zope.formlib.interfaces.IPageForm"
-        />
-  </class>
-
   <browser:page
       for="..interfaces.IMutableFavorite"
       layer="..interfaces.ICMFDefaultSkin"
@@ -139,13 +125,6 @@
       factory=".file.FileAddView"
       />
 
-  <class class=".file.FileAddView">
-    <require
-        permission="cmf.AddPortalContent"
-        interface="zope.formlib.interfaces.IPageForm"
-        />
-  </class>
-
   <adapter
       name="cmf.image"
       factory=".file.FileAddView"

Modified: Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml	2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/formlib/configure.zcml	2009-12-04 09:43:51 UTC (rev 106203)
@@ -13,11 +13,4 @@
 
   <adapter factory=".form.FallbackAddView" />
 
-  <class class=".form.FallbackAddView">
-    <require
-        permission="cmf.AddPortalContent"
-        interface="zope.formlib.interfaces.IPageForm"
-        />
-  </class>
-
 </configure>

Modified: Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py
===================================================================
--- Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py	2009-12-04 00:50:00 UTC (rev 106202)
+++ Products.CMFDefault/trunk/Products/CMFDefault/formlib/form.py	2009-12-04 09:43:51 UTC (rev 106203)
@@ -18,6 +18,8 @@
 from datetime import datetime
 from sets import Set
 
+from AccessControl.SecurityInfo import ClassSecurityInfo
+from App.class_init import InitializeClass
 from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
 from Products.Five.formlib.formbase import PageAddForm
 from Products.Five.formlib.formbase import PageDisplayForm
@@ -39,6 +41,7 @@
 from Products.CMFDefault.exceptions import AccessControl_Unauthorized
 from Products.CMFDefault.formlib.widgets import IDInputWidget
 from Products.CMFDefault.interfaces import ICMFDefaultSkin
+from Products.CMFDefault.permissions import AddPortalContent
 from Products.CMFDefault.utils import Message as _
 from Products.CMFDefault.utils import translate
 
@@ -87,6 +90,9 @@
     adapts(IFolderish, ICMFDefaultSkin, ITypeInformation)
     implementsOnly(IPageForm)
 
+    security = ClassSecurityInfo()
+    security.declareObjectPrivate()
+
     actions = form.Actions(
         form.Action(
             name='add',
@@ -105,6 +111,24 @@
         self.request = request
         self.ti = ti
 
+    security.declareProtected(AddPortalContent, '__call__')
+    def __call__(self):
+        container = self.context
+        portal_type = self.ti.getId()
+
+        # check allowed (sometimes redundant, but better safe than sorry)
+        if not self.ti.isConstructionAllowed(container):
+            raise AccessControl_Unauthorized('Cannot create %s' % portal_type)
+
+        # check container constraints
+        ttool = self._getTool('portal_types')
+        container_ti = ttool.getTypeInfo(container)
+        if container_ti is not None and \
+                not container_ti.allowType(portal_type):
+            raise ValueError('Disallowed subobject type: %s' % portal_type)
+
+        return super(ContentAddFormBase, self).__call__()
+
     @property
     def label(self):
         obj_type = translate(self.ti.Title(), self.context)
@@ -136,19 +160,7 @@
 
     def add(self, obj):
         container = self.context
-        portal_type = self.ti.getId()
 
-        # check allowed (sometimes redundant, but better safe than sorry)
-        if not self.ti.isConstructionAllowed(container):
-            raise AccessControl_Unauthorized('Cannot create %s' % portal_type)
-
-        #check container constraints
-        ttool = self._getTool('portal_types')
-        container_ti = ttool.getTypeInfo(container)
-        if container_ti is not None and \
-                not container_ti.allowType(portal_type):
-            raise ValueError('Disallowed subobject type: %s' % portal_type)
-
         name = INameChooser(container).chooseName(obj.getId(), obj)
         obj.id = name
         container._setObject(name, obj)
@@ -169,7 +181,9 @@
         return '%s/%s?%s' % (obj.absolute_url(), self.ti.immediate_view,
                              make_query(portal_status_message=message))
 
+InitializeClass(ContentAddFormBase)
 
+
 class FallbackAddView(ContentAddFormBase):
 
     """Add view for IDynamicType content.



More information about the checkins mailing list