Skip to content

Z
Zope
Commit 3f935935 authored by Shane Hathaway's avatar Shane Hathaway
Browse files
Options

Added a variable called PUBLISHED to REQUEST and made standard user folders 

use it instead of PARENTS.
parent 18ad0bb5
Hide whitespace changes
Inline Side-by-side
Showing with 71 additions and 78 deletions
doc/CHANGES.txt
View file @ 3f935935
......@@ -39,6 +39,10 @@ Zope changes
- Corrected local role computation (Hotfix 2000-12-15)
- Added a variable called PUBLISHED to REQUEST. From now on,
this variable should be used instead of PARENTS for user
validation.
Zope 2.3.0 alpha 1
Features Added
......
lib/python/AccessControl/User.py
View file @ 3f935935
......@@ -84,7 +84,7 @@
##############################################################################
"""Access control package"""
__version__='$Revision: 1.120 $'[11:-2]
__version__='$Revision: 1.121 $'[11:-2]
import Globals, socket, ts_regex, SpecialUsers
import os
......@@ -449,10 +449,9 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if roles is _what_not_even_god_should_do:
request.response.notFoundError()
parents=request.get('PARENTS', [])
if not parents:
parent=self.aq_parent
else: parent=parents[0]
published = request.get('PUBLISHED', None)
if published is None:
published = self
# If no authorization, only a user with a domain spec and no
# passwd or nobody can match. We cache reverse DNS before
......@@ -478,11 +477,11 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
domains=ob.getDomains()
if domains:
if ob.authenticate('', request):
if ob.allowed(parent, roles):
if ob.allowed(published, roles):
ob=ob.__of__(self)
return ob
nobody=self._nobody
if self._isTop() and nobody.allowed(parent, roles):
if self._isTop() and nobody.allowed(published, roles):
ob=nobody.__of__(self)
return ob
return None
......@@ -506,7 +505,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
# If the user was not found and we are the top level user
# database and the Anonymous user is allowed to access the
# requested object, return the Anonymous user.
if self._isTop() and self._nobody.allowed(parent, roles):
if self._isTop() and self._nobody.allowed(published, roles):
user=self._nobody.__of__(self)
return user
......@@ -521,7 +520,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
# If no user was authenticated and we are the top level user
# database and the Anonymous user is allowed to access the
# requested object, return the Anonymous user.
if self._isTop() and self._nobody.allowed(parent, roles):
if self._isTop() and self._nobody.allowed(published, roles):
user=self._nobody.__of__(self)
return user
......@@ -534,7 +533,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
user=user.__of__(self)
# Try to authorize user
if user.allowed(parent, roles):
if user.allowed(published, roles):
return user
return None
......@@ -543,7 +542,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
if _remote_user_mode:
def validate(self,request,auth='',roles=None):
parent=request['PARENTS'][0]
published = request['PUBLISHED']
e=request.environ
if e.has_key('REMOTE_USER'):
name=e['REMOTE_USER']
......@@ -552,11 +551,11 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
domains=ob.getDomains()
if domains:
if ob.authenticate('', request):
if ob.allowed(parent, roles):
if ob.allowed(published, roles):
ob=ob.__of__(self)
return ob
nobody=self._nobody
if self._isTop() and nobody.allowed(parent, roles):
if self._isTop() and nobody.allowed(published, roles):
ob=nobody.__of__(self)
return ob
return None
......@@ -576,7 +575,7 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
user=user.__of__(self)
# Try to authorize user
if user.allowed(parent, roles):
if user.allowed(published, roles):
return user
return None
......
lib/python/ZPublisher/BaseRequest.py
View file @ 3f935935
......@@ -82,7 +82,7 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
__version__='$Revision: 1.32 $'[11:-2]
__version__='$Revision: 1.33 $'[11:-2]
from string import join, split, find, rfind, lower, upper
from urllib import quote
......@@ -392,80 +392,70 @@ class BaseRequest:
finally:
parents.reverse()
popped_last = 0
# parents.pop(0) # Get rid of final method object
request['PUBLISHED'] = parents[0]
parents.pop(0) # Get rid of final method object
# Do authorization checks
user=groups=None
i=0
try:
if roles is not None:
last_parent_index=len(parents)
if hasattr(object, '__allow_groups__'):
groups=object.__allow_groups__
inext=0
else:
inext=None
for i in range(last_parent_index):
if hasattr(parents[i],'__allow_groups__'):
groups=parents[i].__allow_groups__
inext=i+1
break
if inext is not None:
i=inext
if hasattr(groups, 'validate'): v=groups.validate
if roles is not None:
last_parent_index=len(parents)
if hasattr(object, '__allow_groups__'):
groups=object.__allow_groups__
inext=0
else:
inext=None
for i in range(last_parent_index):
if hasattr(parents[i],'__allow_groups__'):
groups=parents[i].__allow_groups__
inext=i+1
break
if inext is not None:
i=inext
if hasattr(groups, 'validate'): v=groups.validate
else: v=old_validation
auth=request._auth
if v is old_validation and roles is UNSPECIFIED_ROLES:
# No roles, so if we have a named group, get roles from
# group keys
if hasattr(groups,'keys'): roles=groups.keys()
else:
try: groups=groups()
except: pass
try: roles=groups.keys()
except: pass
if groups is None:
# Public group, hack structures to get it to validate
roles=None
auth=''
if v is old_validation:
user=old_validation(groups, request, auth, roles)
elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
else: user=v(request, auth, roles)
while user is None and i < last_parent_index:
parent=parents[i]
i=i+1
if hasattr(parent, '__allow_groups__'):
groups=parent.__allow_groups__
else: continue
if hasattr(groups,'validate'): v=groups.validate
else: v=old_validation
auth=request._auth
if v is old_validation and roles is UNSPECIFIED_ROLES:
# No roles, so if we have a named group, get roles from
# group keys
if hasattr(groups,'keys'): roles=groups.keys()
else:
try: groups=groups()
except: pass
try: roles=groups.keys()
except: pass
if groups is None:
# Public group, hack structures to get it to validate
roles=None
auth=''
if v is old_validation:
user=old_validation(groups, request, auth, roles)
elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
else: user=v(request, auth, roles)
while user is None and i < last_parent_index:
parent=parents[i]
i=i+1
if hasattr(parent, '__allow_groups__'):
groups=parent.__allow_groups__
else: continue
if hasattr(groups,'validate'): v=groups.validate
else: v=old_validation
if v is old_validation:
user=old_validation(groups, request, auth, roles)
elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
else: user=v(request, auth, roles)
if not popped_last:
# Get rid of final method object
parents.pop(0)
popped_last=1
if user is None and roles != UNSPECIFIED_ROLES:
response.unauthorized()
finally:
# Get rid of final method object
if not popped_last:
parents.pop(0)
if user is None and roles != UNSPECIFIED_ROLES:
response.unauthorized()
if user is not None:
if validated_hook is not None: validated_hook(self, user)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7