Add mechanism to avoid format permission checking for intermediate format which

can happen during conversions. even if ODT => HTML is permitted, conversion raise Unauthorized because it needs access to raw format. This patch address this issue: inside convert no more checking are computed. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@35998 20353a03-c40f-0410-a6d1-a30d3c3de9de

Add mechanism to avoid format permission checking for intermediate format which
can happen during conversions. even if ODT => HTML is permitted, conversion raise Unauthorized because it needs access to raw format. This patch address this issue: inside convert no more checking are computed. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@35998 20353a03-c40f-0410-a6d1-a30d3c3de9de
40f9a0f4 · Nicolas Delaby · 3f74f375 · 40f9a0f4
Commit 40f9a0f4 authored Jun 04, 2010 by Nicolas Delaby
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 3 deletions

product/ERP5/mixin/document.py product/ERP5/mixin/document.py +18 -3

No files found.
--- a/product/ERP5/mixin/document.py
+++ b/product/ERP5/mixin/document.py
@@ -31,7 +31,10 @@ from AccessControl import ClassSecurityInfo, Unauthorized
 from Products.ERP5Type import Permissions
 from OFS.Image import Pdata
 from cStringIO import StringIO
+from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
 _MARKER = []
+LOCK_PERMISSION_KEY = 'TRANSACTIONAL_VARIABLE_FORMAT_PERMISSION_LOCK_FLAG'
 class DocumentMixin:
  """
@@ -58,8 +61,14 @@ class DocumentMixin:
      string (ex. jpeg, html, text, txt, etc.)
      **kw can be various things - e.g. resolution
    """
-    self._checkConversionFormatPermission(format, **kw)
+    transaction_variable = getTransactionalVariable(self.getPortalObject())
-    return self._convert(format, **kw)
+    if LOCK_PERMISSION_KEY in transaction_variable:
+      del transaction_variable[LOCK_PERMISSION_KEY]
+    self._checkConversionFormatPermission(format, lock_checking=True, **kw)
+    result = self._convert(format, **kw)
+    if LOCK_PERMISSION_KEY in transaction_variable:
+      del transaction_variable[LOCK_PERMISSION_KEY]
+    return result
  def _convert(self, format, **kw):
    """Private method which make the transformation.
@@ -80,10 +89,15 @@ class DocumentMixin:
    else:
      return True
-  def _checkConversionFormatPermission(self, format, **kw):
+  def _checkConversionFormatPermission(self, format, lock_checking=False, **kw):
    """Private method to check permission when access specified format.
    This method raises
    """
+    transaction_variable = getTransactionalVariable(self.getPortalObject())
+    if transaction_variable.get(LOCK_PERMISSION_KEY, False):
+      # Permission already checked in convert with final format,
+      # do not check permission for intermediate formats
+      return True
    # XXX cache result in TV
    method = self._getTypeBasedMethod('checkConversionFormatPermission',
                 fallback_script_id='Document_checkConversionFormatPermission')
@@ -98,6 +112,7 @@ class DocumentMixin:
      raise Unauthorized('Document: user does not have enough permission'\
                         ' to access document in %s format' %\
                                                        (format or 'original'))
+    transaction_variable[LOCK_PERMISSION_KEY] = lock_checking
  security.declareProtected(Permissions.AccessContentsInformation,
                                                 'isSupportBaseDataConversion')