[Zope-Checkins] CVS: Packages/OFS - CopySupport.py:1.85.2.7

Tres Seaver tseaver at zope.com
Sat Aug 7 13:16:18 EDT 2004


Update of /cvs-repository/Packages/OFS
In directory cvs.zope.org:/tmp/cvs-serv31145/lib/python/OFS

Modified Files:
      Tag: Zope-2_7-branch
	CopySupport.py 
Log Message:


  - Removed DWIM'y attempt to filter acquired-but-not-aceessible
    results from 'guarded_getattr'.


=== Packages/OFS/CopySupport.py 1.85.2.6 => 1.85.2.7 ===
--- Packages/OFS/CopySupport.py:1.85.2.6	Mon Jan 19 14:46:44 2004
+++ Packages/OFS/CopySupport.py	Sat Aug  7 13:15:48 2004
@@ -20,6 +20,7 @@
 
 from App.Dialogs import MessageDialog
 from AccessControl import getSecurityManager
+from AccessControl.Permissions import delete_objects as DeleteObjects
 from Acquisition import aq_base, aq_inner, aq_parent
 from zExceptions import Unauthorized, BadRequest
 from webdav.Lockable import ResourceLockedError
@@ -151,7 +152,7 @@
             m = Moniker.loadMoniker(mdata)
             try: ob = m.bind(app)
             except: raise CopyError, eNotFound
-            self._verifyObjectPaste(ob)
+            self._verifyObjectPaste(ob, validate_src=op+1)
             oblist.append(ob)
 
         if op==0:
@@ -378,12 +379,22 @@
                   action = 'manage_main')
 
             if validate_src:
+
+                sm = getSecurityManager()
+
                 # Ensure the user is allowed to access the object on the
                 # clipboard.
-                try:    parent = aq_parent(aq_inner(object))
-                except: parent = None
-                if not getSecurityManager().validate(None,parent,None,object):
+                try:
+                    parent = aq_parent(aq_inner(object))
+                except:
+                    parent = None
+
+                if not sm.validate(None,parent,None,object):
                     raise Unauthorized, absattr(object.id)
+
+                if validate_src == 2: # moving
+                    if not sm.checkPermission(DeleteObjects, parent):
+                        raise Unauthorized, 'Delete not allowed.'
 
         else: # /if method_name
             raise CopyError, MessageDialog(



More information about the Zope-Checkins mailing list