[Checkins] SVN: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py Extract _canMasquerade method.

Stefan H. Holek stefan at epy.co.at
Sat Feb 28 17:37:48 EST 2009


Log message for revision 97388:
  Extract _canMasquerade method.

Changed:
  U   Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py

-=-
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py	2009-02-28 17:43:41 UTC (rev 97387)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py	2009-02-28 22:37:48 UTC (rev 97388)
@@ -725,6 +725,24 @@
 
         return PropertiedUser( user_id, name ).__of__( self )
 
+    security.declarePrivate( '_canMasquerade' )
+    def _canMasquerade( self, plugins, user_id, name=None, request=None ):
+
+        """ Return True if user_id has the Manager role.
+        """
+        user = PropertiedUser( user_id, name )
+
+        rolemakers = plugins.listPlugins( IRolesPlugin )
+
+        for rolemaker_id, rolemaker in rolemakers:
+
+            roles = rolemaker.getRolesForPrincipal( user, request )
+
+            if roles and 'Manager' in roles:
+                return True
+
+        return False
+
     security.declarePrivate( '_findUser' )
     def _findUser( self, plugins, user_id, name=None, request=None ):
 
@@ -746,14 +764,11 @@
 
         # Masquerading: Check if auth_user is eligible for masquerading
         if role_user_id is not None:
-            rolemakers = plugins.listPlugins( IRolesPlugin )
-            auth_user = PropertiedUser( auth_user_id, auth_user_id )
-            auth_user_roles = []
-            for rolemaker_id, rolemaker in rolemakers:
-                roles = rolemaker.getRolesForPrincipal( auth_user, request )
-                if roles:
-                    auth_user_roles.extend(roles)
-            if 'Manager' in auth_user_roles:
+            if self._canMasquerade( plugins
+                                  , auth_user_id
+                                  , auth_user_login
+                                  , request
+                                  ):
                 logger.info('Masquerading allowed: %s' % (saved_id,))
             else:
                 logger.warn('Masquerading denied: %s' % (saved_id,))



More information about the Checkins mailing list