[Zope3-checkins] CVS: Zope3/src/zope/app/security/grants -
principalrole.py:1.3
Garrett Smith
cvs-admin at zope.org
Thu Oct 23 11:04:57 EDT 2003
Update of /cvs-repository/Zope3/src/zope/app/security/grants
In directory cvs.zope.org:/tmp/cvs-serv4125/src/zope/app/security/grants
Modified Files:
principalrole.py
Log Message:
The use of trustedRemoveSecurityProxy here addresses the case when
self._context implements IAnnotations. In such a case, zapi.getAdapter
will return self._context unmodified, which, if self._context is security
proxied, can cause unexpected authorization failure when looking up
roles for security checks.
=== Zope3/src/zope/app/security/grants/principalrole.py 1.2 => 1.3 ===
--- Zope3/src/zope/app/security/grants/principalrole.py:1.2 Sat Jun 7 01:46:03 2003
+++ Zope3/src/zope/app/security/grants/principalrole.py Thu Oct 23 11:04:56 2003
@@ -16,6 +16,8 @@
from zope.component import getAdapter
from zope.interface import implements
+from zope.security.proxy import trustedRemoveSecurityProxy
+
from zope.app.interfaces.annotation import IAnnotations
from zope.app.interfaces.security import IPrincipalRoleManager
from zope.app.interfaces.security import IPrincipalRoleMap
@@ -89,7 +91,7 @@
creating one if necessary """
annotations = getAdapter(self._context, IAnnotations)
try:
- return annotations[annotation_key]
+ return trustedRemoveSecurityProxy(annotations)[annotation_key]
except KeyError:
if create:
rp = annotations[annotation_key] = PersistentSecurityMap()
More information about the Zope3-Checkins
mailing list