[Checkins] SVN: Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py - refactored setProperties (no need to wrap the authenticated user again - 'self' should be the right member)
Yvo Schubbe
y.2011 at wcm-solutions.de
Tue Feb 22 11:11:47 EST 2011
Log message for revision 120514:
- refactored setProperties (no need to wrap the authenticated user again - 'self' should be the right member)
Changed:
U Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py
-=-
Modified: Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py 2011-02-22 12:44:59 UTC (rev 120513)
+++ Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py 2011-02-22 16:11:47 UTC (rev 120514)
@@ -15,6 +15,7 @@
from AccessControl.interfaces import IUser
from AccessControl.SecurityInfo import ClassSecurityInfo
+from AccessControl.SecurityManagement import getSecurityManager
from Acquisition import aq_base
from Acquisition import aq_inner
from Acquisition import aq_parent
@@ -273,19 +274,16 @@
'''
# XXX: this method violates the rules for tools/utilities:
# it depends on a non-utility tool
+ if self._user.getId() != getSecurityManager().getUser().getId():
+ raise BadRequest(u'Only own properties can be set.')
if properties is None:
properties = kw
- membership = getToolByName(self._tool, 'portal_membership')
- registration = getToolByName(self._tool, 'portal_registration', None)
- if not membership.isAnonymousUser():
- member = membership.getAuthenticatedMember()
- if registration:
- failMessage = registration.testPropertiesValidity(properties, member)
- if failMessage is not None:
- raise BadRequest(failMessage)
- member.setMemberProperties(properties)
- else:
- raise BadRequest('Not logged in.')
+ rtool = getToolByName(self._tool, 'portal_registration', None)
+ if rtool is not None:
+ failMessage = rtool.testPropertiesValidity(properties, self)
+ if failMessage is not None:
+ raise BadRequest(failMessage)
+ self.setMemberProperties(properties)
security.declarePrivate('setMemberProperties')
def setMemberProperties(self, mapping):
More information about the checkins
mailing list