[Checkins] SVN: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py Extract _canMasquerade method.
Stefan H. Holek
stefan at epy.co.at
Sat Feb 28 17:37:48 EST 2009
Log message for revision 97388:
Extract _canMasquerade method.
Changed:
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
-=-
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-02-28 17:43:41 UTC (rev 97387)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-02-28 22:37:48 UTC (rev 97388)
@@ -725,6 +725,24 @@
return PropertiedUser( user_id, name ).__of__( self )
+ security.declarePrivate( '_canMasquerade' )
+ def _canMasquerade( self, plugins, user_id, name=None, request=None ):
+
+ """ Return True if user_id has the Manager role.
+ """
+ user = PropertiedUser( user_id, name )
+
+ rolemakers = plugins.listPlugins( IRolesPlugin )
+
+ for rolemaker_id, rolemaker in rolemakers:
+
+ roles = rolemaker.getRolesForPrincipal( user, request )
+
+ if roles and 'Manager' in roles:
+ return True
+
+ return False
+
security.declarePrivate( '_findUser' )
def _findUser( self, plugins, user_id, name=None, request=None ):
@@ -746,14 +764,11 @@
# Masquerading: Check if auth_user is eligible for masquerading
if role_user_id is not None:
- rolemakers = plugins.listPlugins( IRolesPlugin )
- auth_user = PropertiedUser( auth_user_id, auth_user_id )
- auth_user_roles = []
- for rolemaker_id, rolemaker in rolemakers:
- roles = rolemaker.getRolesForPrincipal( auth_user, request )
- if roles:
- auth_user_roles.extend(roles)
- if 'Manager' in auth_user_roles:
+ if self._canMasquerade( plugins
+ , auth_user_id
+ , auth_user_login
+ , request
+ ):
logger.info('Masquerading allowed: %s' % (saved_id,))
else:
logger.warn('Masquerading denied: %s' % (saved_id,))
More information about the Checkins
mailing list