Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
c6446fe3
Commit
c6446fe3
authored
Sep 23, 2003
by
Chris McDonough
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Collector 78: proxy roles aren't respected when calling manage_pasteObjects.
parent
28f9618a
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
59 additions
and
56 deletions
+59
-56
lib/python/OFS/CopySupport.py
lib/python/OFS/CopySupport.py
+59
-56
No files found.
lib/python/OFS/CopySupport.py
View file @
c6446fe3
...
@@ -11,7 +11,7 @@
...
@@ -11,7 +11,7 @@
#
#
##############################################################################
##############################################################################
__doc__
=
"""Copy interface"""
__doc__
=
"""Copy interface"""
__version__
=
'$Revision: 1.8
5
$'
[
11
:
-
2
]
__version__
=
'$Revision: 1.8
6
$'
[
11
:
-
2
]
import
sys
,
Globals
,
Moniker
,
tempfile
,
ExtensionClass
import
sys
,
Globals
,
Moniker
,
tempfile
,
ExtensionClass
from
marshal
import
loads
,
dumps
from
marshal
import
loads
,
dumps
...
@@ -320,71 +320,74 @@ class CopyContainer(ExtensionClass.Base):
...
@@ -320,71 +320,74 @@ class CopyContainer(ExtensionClass.Base):
# existing context, such as checking an object during an import
# existing context, such as checking an object during an import
# (the object will not yet have been connected to the acquisition
# (the object will not yet have been connected to the acquisition
# heirarchy).
# heirarchy).
if
not
hasattr
(
object
,
'meta_type'
):
if
not
hasattr
(
object
,
'meta_type'
):
raise
CopyError
,
MessageDialog
(
raise
CopyError
,
MessageDialog
(
title
=
'Not Supported'
,
title
=
'Not Supported'
,
message
=
'The object <EM>%s</EM> does not support this'
\
message
=
(
'The object <EM>%s</EM> does not support this'
\
' operation'
%
absattr
(
object
.
id
),
' operation'
%
absattr
(
object
.
id
)
),
action
=
'manage_main'
)
action
=
'manage_main'
)
mt
=
object
.
meta_type
if
not
hasattr
(
self
,
'all_meta_types'
):
if
not
hasattr
(
self
,
'all_meta_types'
):
raise
CopyError
,
MessageDialog
(
raise
CopyError
,
MessageDialog
(
title
=
'Not Supported'
,
title
=
'Not Supported'
,
message
=
'Cannot paste into this object.'
,
message
=
'Cannot paste into this object.'
,
action
=
'manage_main'
)
action
=
'manage_main'
)
method_name
=
None
mt_permission
=
None
meta_types
=
absattr
(
self
.
all_meta_types
)
method_name
=
None
mt_permission
=
None
meta_types
=
absattr
(
self
.
all_meta_types
)
for
d
in
meta_types
:
for
d
in
meta_types
:
if
d
[
'name'
]
==
mt
:
if
d
[
'name'
]
==
object
.
meta_type
:
method_name
=
d
[
'action'
]
method_name
=
d
[
'action'
]
mt_permission
=
d
.
get
(
'permission'
,
None
)
mt_permission
=
d
.
get
(
'permission'
)
break
break
if
mt_permission
is
not
None
:
if
method_name
:
if
getSecurityManager
().
checkPermission
(
mt_permission
,
self
):
try
:
if
not
validate_src
:
method
=
self
.
restrictedTraverse
(
method_name
)
return
# method_name is e.g.
# Ensure the user is allowed to access the object on the
# "manage_addProduct/PageTemplates/manage_addPageTemplateForm".
# clipboard.
# restrictedTraverse will raise Unauthorized if it
try
:
parent
=
aq_parent
(
aq_inner
(
object
))
# can't obtain the factory method by name due to a
except
:
parent
=
None
# security restriction. We depend on this side effect
if
getSecurityManager
().
validate
(
None
,
parent
,
None
,
object
):
# here! Note that we use restrictedTraverse as
return
# opposed to checkPermission to take into account the
raise
Unauthorized
,
absattr
(
object
.
id
)
# special security circumstances related to proxy
# roles. See collector #78.
except
Unauthorized
:
if
mt_permission
:
message
=
(
'You do not possess the %s permission in the '
'context of the container into which you are '
'pasting, thus you are not able to perform '
'this operation.'
%
mt_permission
)
else
:
else
:
raise
Unauthorized
(
permission
=
mt_permission
)
message
=
(
'You do not possess the permission required '
#
'to call %s in the context of the container '
# XXX: Ancient cruft, left here in true co-dependent fashion
'into which you are pasting, thus you are not '
# to keep from breaking old products which don't put
'able to perform this operation.'
%
method_name
)
# permissions on their metadata registry entries.
#
raise
CopyError
,
MessageDialog
(
if
method_name
is
not
None
:
title
=
'Insufficient Privileges'
,
meth
=
self
.
unrestrictedTraverse
(
method_name
)
message
=
message
,
if
hasattr
(
meth
,
'im_self'
):
action
=
'manage_main'
)
parent
=
meth
.
im_self
else
:
if
validate_src
:
try
:
parent
=
aq_parent
(
aq_inner
(
meth
))
except
:
parent
=
None
if
getSecurityManager
().
validate
(
None
,
parent
,
None
,
meth
):
# Ensure the user is allowed to access the object on the
# Ensure the user is allowed to access the object on the
# clipboard.
# clipboard.
if
not
validate_src
:
try
:
parent
=
aq_parent
(
aq_inner
(
object
))
return
except
:
parent
=
None
try
:
parent
=
aq_parent
(
aq_inner
(
object
))
if
not
getSecurityManager
().
validate
(
None
,
parent
,
None
,
object
):
except
:
parent
=
None
if
getSecurityManager
().
validate
(
None
,
parent
,
None
,
object
):
return
raise
Unauthorized
,
absattr
(
object
.
id
)
raise
Unauthorized
,
absattr
(
object
.
id
)
else
:
raise
Unauthorized
,
method_name
else
:
# /if method_name
raise
CopyError
,
MessageDialog
(
raise
CopyError
,
MessageDialog
(
title
=
'Not Supported'
,
title
=
'Not Supported'
,
message
=
'The object <EM>%s</EM> does not support this '
\
message
=
(
'The object <EM>%s</EM> does not support this '
'operation.'
%
absattr
(
object
.
id
),
'operation.'
%
absattr
(
object
.
id
)
),
action
=
'manage_main'
)
action
=
'manage_main'
)
Globals
.
default__class_init__
(
CopyContainer
)
Globals
.
default__class_init__
(
CopyContainer
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment