Commit 40f9a0f4 authored by Nicolas Delaby's avatar Nicolas Delaby

Add mechanism to avoid format permission checking for intermediate format which

can happen during conversions.
even if ODT => HTML is permitted,
conversion raise Unauthorized because it needs access to raw format.
This patch address this issue: inside convert no more checking are computed.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@35998 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 3f74f375
...@@ -31,7 +31,10 @@ from AccessControl import ClassSecurityInfo, Unauthorized ...@@ -31,7 +31,10 @@ from AccessControl import ClassSecurityInfo, Unauthorized
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from OFS.Image import Pdata from OFS.Image import Pdata
from cStringIO import StringIO from cStringIO import StringIO
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
_MARKER = [] _MARKER = []
LOCK_PERMISSION_KEY = 'TRANSACTIONAL_VARIABLE_FORMAT_PERMISSION_LOCK_FLAG'
class DocumentMixin: class DocumentMixin:
""" """
...@@ -58,8 +61,14 @@ class DocumentMixin: ...@@ -58,8 +61,14 @@ class DocumentMixin:
string (ex. jpeg, html, text, txt, etc.) string (ex. jpeg, html, text, txt, etc.)
**kw can be various things - e.g. resolution **kw can be various things - e.g. resolution
""" """
self._checkConversionFormatPermission(format, **kw) transaction_variable = getTransactionalVariable(self.getPortalObject())
return self._convert(format, **kw) if LOCK_PERMISSION_KEY in transaction_variable:
del transaction_variable[LOCK_PERMISSION_KEY]
self._checkConversionFormatPermission(format, lock_checking=True, **kw)
result = self._convert(format, **kw)
if LOCK_PERMISSION_KEY in transaction_variable:
del transaction_variable[LOCK_PERMISSION_KEY]
return result
def _convert(self, format, **kw): def _convert(self, format, **kw):
"""Private method which make the transformation. """Private method which make the transformation.
...@@ -80,10 +89,15 @@ class DocumentMixin: ...@@ -80,10 +89,15 @@ class DocumentMixin:
else: else:
return True return True
def _checkConversionFormatPermission(self, format, **kw): def _checkConversionFormatPermission(self, format, lock_checking=False, **kw):
"""Private method to check permission when access specified format. """Private method to check permission when access specified format.
This method raises This method raises
""" """
transaction_variable = getTransactionalVariable(self.getPortalObject())
if transaction_variable.get(LOCK_PERMISSION_KEY, False):
# Permission already checked in convert with final format,
# do not check permission for intermediate formats
return True
# XXX cache result in TV # XXX cache result in TV
method = self._getTypeBasedMethod('checkConversionFormatPermission', method = self._getTypeBasedMethod('checkConversionFormatPermission',
fallback_script_id='Document_checkConversionFormatPermission') fallback_script_id='Document_checkConversionFormatPermission')
...@@ -98,6 +112,7 @@ class DocumentMixin: ...@@ -98,6 +112,7 @@ class DocumentMixin:
raise Unauthorized('Document: user does not have enough permission'\ raise Unauthorized('Document: user does not have enough permission'\
' to access document in %s format' %\ ' to access document in %s format' %\
(format or 'original')) (format or 'original'))
transaction_variable[LOCK_PERMISSION_KEY] = lock_checking
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'isSupportBaseDataConversion') 'isSupportBaseDataConversion')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment