- reverted workaround in '_verifyObjectPaste'; 'checkPermission' now respects proxy roles

a88b64fe · c1c380a8 · a88b64fe · a88b64fe
Commit a88b64fe authored Dec 05, 2005 by
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 54 deletions

lib/python/OFS/CopySupport.py lib/python/OFS/CopySupport.py +29 -51

lib/python/OFS/tests/testCopySupport.py lib/python/OFS/tests/testCopySupport.py +3 -3

No files found.
--- a/lib/python/OFS/CopySupport.py
+++ b/lib/python/OFS/CopySupport.py
@@ -472,7 +472,7 @@ class CopyContainer(ExtensionClass.Base):
        if not hasattr(object, 'meta_type'):
            raise CopyError, MessageDialog(
                  title   = 'Not Supported',
-                  message = ('The object <EM>%s</EM> does not support this' \
+                  message = ('The object <em>%s</em> does not support this' \
                             ' operation' % escape(absattr(object.id))),
                  action  = 'manage_main')
@@ -492,60 +492,38 @@ class CopyContainer(ExtensionClass.Base):
                mt_permission = d.get('permission')
                break
-        if method_name:
+        if mt_permission is not None:
-            try:
+            sm = getSecurityManager()
-                method = self.restrictedTraverse(method_name)
-                # method_name is e.g.
+            if sm.checkPermission(mt_permission, self):
-                # "manage_addProduct/PageTemplates/manage_addPageTemplateForm".
+                if validate_src:
-                # restrictedTraverse will raise Unauthorized if it
+                    # Ensure the user is allowed to access the object on the
-                # can't obtain the factory method by name due to a
+                    # clipboard.
-                # security restriction.  We depend on this side effect
+                    try:
-                # here!  Note that we use restrictedTraverse as
+                        parent = aq_parent(aq_inner(object))
-                # opposed to checkPermission to take into account the
+                    except:
-                # special security circumstances related to proxy
+                        parent = None
-                # roles.  See collector #78.
+                    if not sm.validate(None, parent, None, object):
-            except Unauthorized:
+                        raise Unauthorized(absattr(object.id))
-                if mt_permission:
+                    if validate_src == 2: # moving
+                        if not sm.checkPermission(DeleteObjects, parent):
+                            raise Unauthorized('Delete not allowed.')
+            else:
+                raise CopyError, MessageDialog(
+                    title = 'Insufficient Privileges',
                    message = ('You do not possess the %s permission in the '
                               'context of the container into which you are '
                               'pasting, thus you are not able to perform '
-                               'this operation.' % mt_permission)
+                               'this operation.' % mt_permission),
-                else:
+                    action = 'manage_main')
-                    message = ('You do not possess the permission required '
+        else:
-                               'to call %s in the context of the container '
-                               'into which you are pasting, thus you are not '
-                               'able to perform this operation.' % method_name)
-                raise CopyError, MessageDialog(
-                  title = 'Insufficient Privileges',
-                  message = message,
-                  action = 'manage_main')
-            if validate_src:
-                sm = getSecurityManager()
-                # Ensure the user is allowed to access the object on the
-                # clipboard.
-                try:
-                    parent = aq_parent(aq_inner(object))
-                except:
-                    parent = None
-                if not sm.validate(None,parent,None,object):
-                    raise Unauthorized, absattr(object.id)
-                if validate_src == 2: # moving
-                    if not sm.checkPermission(DeleteObjects, parent):
-                        raise Unauthorized, 'Delete not allowed.'
-        else: # /if method_name
            raise CopyError, MessageDialog(
-                  title   = 'Not Supported',
+                title = 'Not Supported',
-                  message = ('The object <EM>%s</EM> does not support this '
+                message = ('The object <em>%s</em> does not support this '
-                             'operation.' % escape(absattr(object.id))),
+                           'operation.' % escape(absattr(object.id))),
-                  action  = 'manage_main')
+                action = 'manage_main')
 Globals.default__class_init__(CopyContainer)

--- a/lib/python/OFS/tests/testCopySupport.py
+++ b/lib/python/OFS/tests/testCopySupport.py
@@ -489,10 +489,10 @@ class TestCopySupportSecurity( CopySupportTestBase ):
        folder1, folder2 = self._initFolders()
        folder2.all_meta_types = FILE_META_TYPES
-        def _no_manage_addFile( a, c, n, v, *args, **kw ):
+        def _no_add_images_and_files(permission, object, context):
-            return n != 'manage_addFile'
+            return permission != ADD_IMAGES_AND_FILES
-        self._initPolicyAndUser( v_lambda=_no_manage_addFile )
+        self._initPolicyAndUser( c_lambda=_no_add_images_and_files )
        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
        self._assertCopyErrorUnauth( folder2.manage_pasteObjects