[CMF-checkins] CVS: CMF/CMFDefault - Image.py:1.21 File.py:1.23

Tres Seaver tseaver@zope.com
07 Aug 2002 09:29:46 -0400


On Tue, 2002-08-06 at 20:53, Sidnei da Silva wrote:
> Update of /cvs-repository/CMF/CMFDefault
> In directory cvs.zope.org:/tmp/cvs-serv13739
> 
> Modified Files:
> 	Image.py File.py 
> Log Message:
> Someone forgot to fix some security declarations. Fixed.

My bad.  I made and tested the patch on the 1.3 branch, where the
permissions are still used in "qualified" form;  I neglected to re-run
the tests on the head after applying the patch.  Thanks for the catch.

> 
> === CMF/CMFDefault/Image.py 1.20 => 1.21 ===
>          #    return self.view(self, REQUEST)
>          return OFS.Image.Image.index_html(self, REQUEST, RESPONSE)
>  
> -    security.declareProtected(CMFCorePermissions.ModifyPortalContent, 'PUT')
> +    security.declareProtected(ModifyPortalContent, 'PUT')
>      def PUT(self, REQUEST, RESPONSE):
>          """ Handle HTTP (and presumably FTP?) PUT requests """
>          OFS.Image.Image.PUT( self, REQUEST, RESPONSE )
> 
> 
> === CMF/CMFDefault/File.py 1.22 => 1.23 ===
>                             'attachment; filename=%s' % self.getId())
>          return OFS.Image.File.index_html(self, REQUEST, RESPONSE)
>  
> -    security.declareProtected(CMFCorePermissions.ModifyPortalContent, 'PUT')
> +    security.declareProtected(ModifyPortalContent, 'PUT')
>      def PUT(self, REQUEST, RESPONSE):
>          """ Handle HTTP (and presumably FTP?) PUT requests """
>          OFS.Image.File.PUT( self, REQUEST, RESPONSE )
> 
Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com