[Checkins] SVN: hurry.workflow/trunk/ Fix check_security for fireTransitionToward.

Fri Feb 10 16:59:00 UTC 2012

Log message for revision 124365:
  Fix check_security for fireTransitionToward.
  

Changed:
  U   hurry.workflow/trunk/CHANGES.txt
  U   hurry.workflow/trunk/src/hurry/workflow/workflow.py
  U   hurry.workflow/trunk/src/hurry/workflow/workflow.txt

-=-
Modified: hurry.workflow/trunk/CHANGES.txt
===================================================================

--- hurry.workflow/trunk/CHANGES.txt	2012-02-10 14:59:45 UTC (rev 124364)
+++ hurry.workflow/trunk/CHANGES.txt	2012-02-10 16:58:59 UTC (rev 124365)
@@ -5,9 +5,14 @@
 0.12 (unreleased)
 =================
 
-- Make the info() and state() functions on the WorkflowInfo class into
+* Make the info() and state() functions on the WorkflowInfo class into
   classmethods as they are not of much use otherwise.
 
+* fireTransitionToward already accepted a check_security=False
+  argument, but it would not allow a transition that a user didn't
+  have the permission for to be fired after all, because the
+  transition wouldn't even be found in the first place. Now it works.
+
 0.11 (2010-04-16)
 =================
 

Modified: hurry.workflow/trunk/src/hurry/workflow/workflow.py
===================================================================
--- hurry.workflow/trunk/src/hurry/workflow/workflow.py	2012-02-10 14:59:45 UTC (rev 124364)
+++ hurry.workflow/trunk/src/hurry/workflow/workflow.py	2012-02-10 16:58:59 UTC (rev 124365)
@@ -197,7 +197,8 @@
 
     def fireTransitionToward(self, state, comment=None, side_effect=None,
                              check_security=True):
-        transition_ids = self.getFireableTransitionIdsToward(state)
+        transition_ids = self.getFireableTransitionIdsToward(state,
+                                                             check_security)
         if not transition_ids:
             raise interfaces.NoTransitionAvailableError
         if len(transition_ids) != 1:
@@ -231,11 +232,13 @@
         id = self.state(self.context).getId()
         return wf_versions.hasVersion(state, id)
 
-    def getManualTransitionIds(self):
+    def getManualTransitionIds(self, check_security=True):
         try:
             checkPermission = getInteraction().checkPermission
         except NoInteraction:
             checkPermission = nullCheckPermission
+        if not check_security:
+            checkPermission = nullCheckPermission
         return [transition.transition_id for transition in
                 sorted(self._getTransitions(MANUAL)) if
                 transition.condition(self, self.context) and
@@ -247,12 +250,13 @@
                 sorted(self._getTransitions(SYSTEM)) if
                 transition.condition(self, self.context)]
 
-    def getFireableTransitionIds(self):
-        return self.getManualTransitionIds() + self.getSystemTransitionIds()
+    def getFireableTransitionIds(self, check_security=True):
+        return (self.getManualTransitionIds(check_security) +
+                self.getSystemTransitionIds())
 
-    def getFireableTransitionIdsToward(self, state):
+    def getFireableTransitionIdsToward(self, state, check_security=True):
         result = []
-        for transition_id in self.getFireableTransitionIds():
+        for transition_id in self.getFireableTransitionIds(check_security):
             transition = self.wf.getTransitionById(transition_id)
             if transition.destination == state:
                 result.append(transition_id)

Modified: hurry.workflow/trunk/src/hurry/workflow/workflow.txt
===================================================================
--- hurry.workflow/trunk/src/hurry/workflow/workflow.txt	2012-02-10 14:59:45 UTC (rev 124364)
+++ hurry.workflow/trunk/src/hurry/workflow/workflow.txt	2012-02-10 16:58:59 UTC (rev 124365)
@@ -787,6 +787,16 @@
    ...     print "Got unauthorized"
    Got unauthorized
 
+It's also not allowed for ``fireTransitionToward``::
+
+  >>> info.fireTransitionToward(PUBLISHED)
+  Traceback (most recent call last):
+     ...
+  NoTransitionAvailableError
+
+In this case, the transition even't even available because the user
+doesn't have the right permission.
+
 The system user is however allowed to do it::
 
    >>> from zope.security.management import system_user
@@ -804,6 +814,12 @@
    >>> interfaces.IWorkflowState(document).setState(UNPUBLISHED)
    >>> info.fireTransition('publish', check_security=False)
 
+This also works with fireTransitionToward::
+
+   >>> interfaces.IWorkflowState(document).setState(UNPUBLISHED)
+   >>> info.fireTransitionToward(PUBLISHED, check_security=False)
+
+
 Side effects during transitions
 -------------------------------
 

