[CMF-checkins] CVS: CMF/CMFStaging - LockTool.py:1.12

[Chris McDonough]

Update of /cvs-repository/CMF/CMFStaging
In directory cvs.zope.org:/tmp/cvs-serv16323

Modified Files:
	LockTool.py 
Log Message:
Don't try to protect tool methods with LockObjects/UnlockObjects permissions.  We don't really care what permissions the user has against the tool, we care about the permissions the user has against the object.  We inline the permission tests inside the various tool methods to provide access control.


=== CMF/CMFStaging/LockTool.py 1.11 => 1.12 ===
--- CMF/CMFStaging/LockTool.py:1.11	Mon Apr 28 15:29:04 2003
+++ CMF/CMFStaging/LockTool.py	Thu May 22 11:24:03 2003
@@ -81,9 +81,11 @@
     #   'LockTool' interface methods
     #
 
-    security.declareProtected(LockObjects, 'lock')
+    security.declarePublic('lock')
     def lock(self, object):
         '''Locks an object'''
+        if not _checkPermission(LockObjects, object):
+            raise LockingError, 'Inadequate permissions to lock %s' % object
         locker = self.locker(object)
         if locker:
             raise LockingError, '%s is already locked' % pathOf(object)
@@ -100,7 +102,7 @@
         object.wl_setLock(lockitem.getLockToken(), lockitem)
 
 
-    security.declareProtected(UnlockObjects, 'breaklock')
+    security.declarePublic('breaklock')
     def breaklock(self, object, message=''):
         """emergency breaklock...."""
         locker = self.locker(object)
@@ -113,9 +115,12 @@
             if vt is not None:
                 vt.checkin(object, message)
 
-    security.declareProtected(UnlockObjects, 'unlock')
+    security.declarePublic('unlock')
     def unlock(self, object, message=''):
         '''Unlocks an object'''
+        if not _checkPermission(UnlockObjects, object):
+            raise LockingError, "Inadequate permissions to unlock %s" % object
+
         locker = self.locker(object)
         if not locker:
             raise LockingError, ("Unlocking an unlocked item: %s" %