[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security - ZopeSecurityPolicy.py:1.1.2.20
Steve Alexander
steve@cat-box.net
Fri, 1 Mar 2002 06:21:55 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security
In directory cvs.zope.org:/tmp/cvs-serv6480
Modified Files:
Tag: Zope-3x-branch
ZopeSecurityPolicy.py
Log Message:
changed validate so that the methods bound to an instance that declares
__allow_access_to_unprotected_subobjects__ are allowed as if protected
with Zope.Public, provided they are not protected by a __permission__
otherwise.
=== Zope3/lib/python/Zope/App/Security/ZopeSecurityPolicy.py 1.1.2.19 => 1.1.2.20 ===
from Zope.App.Security.Settings import Allow, Deny, Assign, Remove, Unset
-from types import StringTypes, ListType, IntType
+from types import StringTypes, ListType, IntType, MethodType
getPermissionsForPrincipal = \
principalPermissionManager.getPermissionsForPrincipal
@@ -88,8 +88,18 @@
# Also, respect the attribute
# __allow_access_to_unprotected_subobjects__
# as used in TALES iterators and other places
+ # Also, respect __aatus__ for accessing methods of objects
+ # (un)protected by it.
+ # This is still a hack, and still incomplete, and just here
+ # to get the ZMI working.
+
if (isinstance(value, (ListType, StringTypes, IntType)) or
getattr(value,'__allow_access_to_unprotected_subobjects__',0)):
+ permission = 'Zope.Public'
+ elif (isinstance(value, MethodType) and
+ getattr(value.im_self,
+ '__allow_access_to_unprotected_subobjects__',
+ 0)):
permission = 'Zope.Public'
else:
raise Forbidden(name, value, 'No permission set')