Commit b2745f35 authored by Jim Fulton's avatar Jim Fulton

Took out unquoting in unrestrictedTraversal. TraversalPaths are never

quoted.

Implemented restrictedTraverse.

Finished implementing the requirement to pass an object
implementing the TraversalRequest interface to __bobo_traverse__.
parent af21ab5d
...@@ -89,8 +89,8 @@ Aqueduct database adapters, etc. ...@@ -89,8 +89,8 @@ Aqueduct database adapters, etc.
This module can also be used as a simple template for implementing new This module can also be used as a simple template for implementing new
item types. item types.
$Id: SimpleItem.py,v 1.74 2000/05/31 18:46:38 shane Exp $''' $Id: SimpleItem.py,v 1.75 2000/06/01 17:29:37 jim Exp $'''
__version__='$Revision: 1.74 $'[11:-2] __version__='$Revision: 1.75 $'[11:-2]
import regex, sys, Globals, App.Management, Acquisition, App.Undo import regex, sys, Globals, App.Management, Acquisition, App.Undo
import AccessControl.Role, AccessControl.Owned, App.Common import AccessControl.Role, AccessControl.Owned, App.Common
...@@ -362,56 +362,85 @@ class Item(Base, Resource, CopySource, App.Management.Tabs, ...@@ -362,56 +362,85 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
return path return path
unrestrictedTraverse__roles__=() unrestrictedTraverse__roles__=()
def unrestrictedTraverse(self, path, default=_marker): def unrestrictedTraverse(self, path, default=_marker, restricted=0):
if not path: return self if not path: return self
object = self
get=getattr get=getattr
N=None N=None
M=_marker M=_marker
if type(path) is StringType: if type(path) is StringType: path = split(path,'/')
path = map(unquote, split(path,'/'))
else: path=list(path) else: path=list(path)
REQUEST={'path': path} REQUEST={'TraversalRequestNameStack': path}
path.reverse() path.reverse()
pop=path.pop pop=path.pop
# If the path starts with an empty string, go to the root first. if not path[-1]:
if len(path) > 0 and not path[-1]: # If the path starts with an empty string, go to the root first.
object = self.getPhysicalRoot()
pop() pop()
self=self.getPhysicalRoot()
try: try:
object = self
while path: while path:
name=pop() name=pop()
if name[0] == '_':
# Never allowed in a URL.
raise 'NotFound', name
if name=='..': if name=='..':
o=getattr(object, 'aq_parent', M) o=getattr(object, 'aq_parent', M)
if o is not M: if o is not M:
if (restricted and
not getSecurityManager().validate(object, object, name, o)):
raise 'Unauthorized', name
object=o object=o
continue continue
if name[0] == '_':
# Never allowed in a URL.
raise 'NotFound', name
t=get(object, '__bobo_traverse__', N) t=get(object, '__bobo_traverse__', N)
if t is not N: if t is not N:
object=t(N, name) o=t(REQUEST, name)
# Note we pass no container, because we have no
# way of knowing what it is
if (restricted and not getSecurityManager().validate(object, None, name, o)):
raise 'Unauthorized', name
else: else:
v=get(object, name, M) o=get(object, name, M)
if v is not M: if o is not M:
object=v if restricted:
# waaaa
if hasattr(get(object,'aq_base',object), name):
# value wasn't acquired
if not getSecurityManager().validate(object, object, name, o):
raise 'Unauthorized', name
else:
if not getSecurityManager().validate(object, None, name, o):
raise 'Unauthorized', name
else: else:
object=object[name] o=object[name]
if (restricted and not getSecurityManager().validate(object, object, None, o)):
raise 'Unauthorized', name
object=o
return object return object
except: except:
if default==_marker: raise if default==_marker: raise
return default return default
restrictedTraverse__roles__=()
def restrictedTraverse(self, path, default=_marker, restricted=0):
return self.unrestrictedTraverse(path, default, restricted=1)
Globals.default__class_init__(Item) Globals.default__class_init__(Item)
class Item_w__name__(Item): class Item_w__name__(Item):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment