[Checkins] SVN: plone.z3cform/trunk/ Apply patch from dukebody

Martin Aspeli optilude at gmx.net
Mon Jul 5 10:52:24 EDT 2010 

Log message for revision 114211:
  Apply patch from dukebody

Changed:
  U   plone.z3cform/trunk/docs/HISTORY.txt
  U   plone.z3cform/trunk/plone/z3cform/interfaces.py
  U   plone.z3cform/trunk/plone/z3cform/traversal.py

-=-
Modified: plone.z3cform/trunk/docs/HISTORY.txt
===================================================================
--- plone.z3cform/trunk/docs/HISTORY.txt	2010-07-05 14:15:34 UTC (rev 114210)
+++ plone.z3cform/trunk/docs/HISTORY.txt	2010-07-05 14:52:24 UTC (rev 114211)
@@ -4,6 +4,11 @@
 0.6.1 - unreleased
 ------------------
 
+* Add a marker interface which can be used by widgets to defer any security
+  checks they may be doing when they are set up during traversal with the
+  ++widgets++ namespace
+  [dukebody]
+
 * Fix re-ordering of fields not in the default fieldset. Thanks to Thomas
   Buchberger for the patch.
   [optilude]

Modified: plone.z3cform/trunk/plone/z3cform/interfaces.py
===================================================================
--- plone.z3cform/trunk/plone/z3cform/interfaces.py	2010-07-05 14:15:34 UTC (rev 114210)
+++ plone.z3cform/trunk/plone/z3cform/interfaces.py	2010-07-05 14:52:24 UTC (rev 114211)
@@ -47,3 +47,10 @@
     
     This allows different handling of templates, for example.
     """
+
+class IDeferSecurityCheck(Interface):
+    """Marker interface applied to the request during traversal.
+    
+    This can be used by other code that wants to skip security
+    checks during traversal.
+    """

Modified: plone.z3cform/trunk/plone/z3cform/traversal.py
===================================================================
--- plone.z3cform/trunk/plone/z3cform/traversal.py	2010-07-05 14:15:34 UTC (rev 114210)
+++ plone.z3cform/trunk/plone/z3cform/traversal.py	2010-07-05 14:52:24 UTC (rev 114211)
@@ -1,4 +1,6 @@
 from zope.interface import implements
+from zope.interface import alsoProvides
+from zope.interface import noLongerProvides
 from zope.component import adapts
 
 from zope.traversing.interfaces import ITraversable
@@ -7,6 +9,7 @@
 from z3c.form.interfaces import IForm
 
 from plone.z3cform.interfaces import IFormWrapper
+from plone.z3cform.interfaces import IDeferSecurityCheck
 from plone.z3cform import z2
 
 from Acquisition import aq_inner
@@ -45,8 +48,12 @@
     def traverse(self, name, ignored):
         
         form = self._prepareForm()
-        
+
+        # Since we cannot check security during traversal,
+        # we delegate the check to the widget view.
+        alsoProvides(self.request, IDeferSecurityCheck)
         form.update()
+        noLongerProvides(self.request, IDeferSecurityCheck)
         
         # Find the widget - it may be in a group
         if name in form.widgets:

More information about the checkins mailing list