[Checkins] SVN: plone.z3cform/trunk/ Apply patch from dukebody
Martin Aspeli
optilude at gmx.net
Mon Jul 5 10:52:24 EDT 2010
Log message for revision 114211:
Apply patch from dukebody
Changed:
U plone.z3cform/trunk/docs/HISTORY.txt
U plone.z3cform/trunk/plone/z3cform/interfaces.py
U plone.z3cform/trunk/plone/z3cform/traversal.py
-=-
Modified: plone.z3cform/trunk/docs/HISTORY.txt
===================================================================
--- plone.z3cform/trunk/docs/HISTORY.txt 2010-07-05 14:15:34 UTC (rev 114210)
+++ plone.z3cform/trunk/docs/HISTORY.txt 2010-07-05 14:52:24 UTC (rev 114211)
@@ -4,6 +4,11 @@
0.6.1 - unreleased
------------------
+* Add a marker interface which can be used by widgets to defer any security
+ checks they may be doing when they are set up during traversal with the
+ ++widgets++ namespace
+ [dukebody]
+
* Fix re-ordering of fields not in the default fieldset. Thanks to Thomas
Buchberger for the patch.
[optilude]
Modified: plone.z3cform/trunk/plone/z3cform/interfaces.py
===================================================================
--- plone.z3cform/trunk/plone/z3cform/interfaces.py 2010-07-05 14:15:34 UTC (rev 114210)
+++ plone.z3cform/trunk/plone/z3cform/interfaces.py 2010-07-05 14:52:24 UTC (rev 114211)
@@ -47,3 +47,10 @@
This allows different handling of templates, for example.
"""
+
+class IDeferSecurityCheck(Interface):
+ """Marker interface applied to the request during traversal.
+
+ This can be used by other code that wants to skip security
+ checks during traversal.
+ """
Modified: plone.z3cform/trunk/plone/z3cform/traversal.py
===================================================================
--- plone.z3cform/trunk/plone/z3cform/traversal.py 2010-07-05 14:15:34 UTC (rev 114210)
+++ plone.z3cform/trunk/plone/z3cform/traversal.py 2010-07-05 14:52:24 UTC (rev 114211)
@@ -1,4 +1,6 @@
from zope.interface import implements
+from zope.interface import alsoProvides
+from zope.interface import noLongerProvides
from zope.component import adapts
from zope.traversing.interfaces import ITraversable
@@ -7,6 +9,7 @@
from z3c.form.interfaces import IForm
from plone.z3cform.interfaces import IFormWrapper
+from plone.z3cform.interfaces import IDeferSecurityCheck
from plone.z3cform import z2
from Acquisition import aq_inner
@@ -45,8 +48,12 @@
def traverse(self, name, ignored):
form = self._prepareForm()
-
+
+ # Since we cannot check security during traversal,
+ # we delegate the check to the widget view.
+ alsoProvides(self.request, IDeferSecurityCheck)
form.update()
+ noLongerProvides(self.request, IDeferSecurityCheck)
# Find the widget - it may be in a group
if name in form.widgets:
More information about the checkins
mailing list