[Zope-Checkins] SVN: Zope/trunk/src/OFS/ - fixed permission check in ObjectManager

Yvo Schubbe y.2010 at wcm-solutions.de
Tue Dec 28 08:57:36 EST 2010


Log message for revision 119199:
  - fixed permission check in ObjectManager

Changed:
  UU  Zope/trunk/src/OFS/ObjectManager.py
  UU  Zope/trunk/src/OFS/tests/testObjectManager.py

-=-
Modified: Zope/trunk/src/OFS/ObjectManager.py
===================================================================
--- Zope/trunk/src/OFS/ObjectManager.py	2010-12-28 13:57:19 UTC (rev 119198)
+++ Zope/trunk/src/OFS/ObjectManager.py	2010-12-28 13:57:36 UTC (rev 119199)
@@ -266,15 +266,15 @@
     def filtered_meta_types(self, user=None):
         # Return a list of the types for which the user has
         # adequate permission to add that type of object.
-        user=getSecurityManager().getUser()
-        meta_types=[]
+        sm = getSecurityManager()
+        meta_types = []
         if callable(self.all_meta_types):
-            all=self.all_meta_types()
+            all = self.all_meta_types()
         else:
-            all=self.all_meta_types
+            all = self.all_meta_types
         for meta_type in all:
             if meta_type.has_key('permission'):
-                if user.has_permission(meta_type['permission'],self):
+                if sm.checkPermission(meta_type['permission'], self):
                     meta_types.append(meta_type)
             else:
                 meta_types.append(meta_type)


Property changes on: Zope/trunk/src/OFS/ObjectManager.py
___________________________________________________________________
Deleted: svn:keywords
   - Id

Modified: Zope/trunk/src/OFS/tests/testObjectManager.py
===================================================================
--- Zope/trunk/src/OFS/tests/testObjectManager.py	2010-12-28 13:57:19 UTC (rev 119198)
+++ Zope/trunk/src/OFS/tests/testObjectManager.py	2010-12-28 13:57:36 UTC (rev 119199)
@@ -1,23 +1,24 @@
 import unittest
 
-from zope.component.testing import PlacelessSetup
-from zope.interface import implements
-
 from AccessControl.owner import EmergencyUserCannotOwn
 from AccessControl.SecurityManagement import newSecurityManager
 from AccessControl.SecurityManagement import noSecurityManager
+from AccessControl.SecurityManager import setSecurityPolicy
+from AccessControl.SpecialUsers import emergency_user, nobody, system
 from AccessControl.User import User # before SpecialUsers
-from AccessControl.SpecialUsers import emergency_user, nobody, system
 from Acquisition import aq_base
 from Acquisition import Implicit
 from App.config import getConfiguration
 from logging import getLogger
+from zExceptions import BadRequest
+from zope.component.testing import PlacelessSetup
+from zope.interface import implements
+from Zope2.App import zcml
+
 from OFS.interfaces import IItem
 from OFS.metaconfigure import setDeprecatedManageAddDelete
 from OFS.ObjectManager import ObjectManager
 from OFS.SimpleItem import SimpleItem
-from Zope2.App import zcml
-from zExceptions import BadRequest
 
 logger = getLogger('OFS.subscribers')
 
@@ -103,6 +104,26 @@
         verifyClass(IContainer, ObjectManager)
         verifyClass(IObjectManager, ObjectManager)
 
+    def test_filtered_meta_types(self):
+
+        class _DummySecurityPolicy(object):
+
+            def checkPermission(self, permission, object, context):
+                return permission == 'addFoo'
+
+        om = self._makeOne()
+        om.all_meta_types = ({'name': 'Foo', 'permission': 'addFoo'},
+                             {'name': 'Bar', 'permission': 'addBar'},
+                             {'name': 'Baz'})
+        try:
+            oldPolicy = setSecurityPolicy(_DummySecurityPolicy())
+            self.assertEqual(len(om.filtered_meta_types()), 2)
+            self.assertEqual(om.filtered_meta_types()[0]['name'], 'Foo')
+            self.assertEqual(om.filtered_meta_types()[1]['name'], 'Baz')
+        finally:
+            noSecurityManager()
+            setSecurityPolicy(oldPolicy)
+
     def test_setObject_set_owner_with_no_user( self ):
         om = self._makeOne()
         newSecurityManager( None, None )


Property changes on: Zope/trunk/src/OFS/tests/testObjectManager.py
___________________________________________________________________
Deleted: svn:keywords
   - Id



More information about the Zope-Checkins mailing list