Added checked_permission support to all category accessors.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16518 20353a03-c40f-0410-a6d1-a30d3c3de9de

Added checked_permission support to all category accessors.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16518 20353a03-c40f-0410-a6d1-a30d3c3de9de
4baef747 · Jean-Paul Smets · a300098d · 4baef747 · 4baef747 · 4baef747
Commit 4baef747 authored Sep 20, 2007 by Jean-Paul Smets
5 changed files
--- a/product/CMFCategory/CategoryTool.py
+++ b/product/CMFCategory/CategoryTool.py
@@ -714,7 +714,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
    security.declareProtected( Permissions.AccessContentsInformation,
                                                        'getSingleCategoryMembershipList' )
    def getSingleCategoryMembershipList(self, context, base_category, base=0,
-                                          spec=(), filter=None, **kw):
+                                          spec=(), filter=None, checked_permission=None, **kw):
      """
        Returns the local membership of the context for a single base category
        represented as a list of relative URLs
@@ -733,15 +733,28 @@ class CategoryTool( UniqueObject, Folder, Base ):
      portal_type = kw.get('portal_type', ())
      if spec is (): spec = portal_type
+      # Build the ckecked_permission filter
+      if checked_permission is None:
+        permissionFilter = lambda x: x
+      else:
+        def permissionFilter(category_list):
+          filtered_category_list = []
+          checkPermission = self.portal_membership.checkPermission
+          for category in category_list:
+            object = self.unrestrictedTraverse(category)
+            if object is not None and checkPermission(checked_permission, object):
+              filtered_category_list.append(category)
+          return filtered_category_list
      # We must treat parent in a different way
      #LOG('getSingleCategoryMembershipList', 0, 'base_category = %s, spec = %s, base = %s, context = %s, context.aq_inner.aq_parent = %s' % (repr(base_category), repr(spec), repr(base), repr(context), repr(context.aq_inner.aq_parent)))
      if base_category == 'parent':
        parent = context.aq_inner.aq_parent # aq_inner is required to make sure we use containment
        if parent.portal_type in spec:
          if base:
-            return ['parent/' + parent.getRelativeUrl()]
+            return permissionFilter(['parent/' + parent.getRelativeUrl()])
          else:
-            return [parent.getRelativeUrl()]
+            return permissionFilter([parent.getRelativeUrl()])
        #LOG('getSingleCategoryMembershipList', 0, 'not in spec: parent.portal_type = %s, spec = %s' % (repr(parent.portal_type), repr(spec)))
        return []
@@ -777,7 +790,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
                    append(category_url)
                  else:
                    append(category_url[len(my_base_category)+1:])
-      return result
+      return permissionFilter(result)
    security.declareProtected( Permissions.AccessContentsInformation,
                                      'getSingleCategoryAcquiredMembershipList' )
@@ -820,6 +833,9 @@ class CategoryTool( UniqueObject, Folder, Base ):
        base          --    if set to 1, returns relative URLs to portal_categories
                            if set to 0, returns relative URLs to the base category
+        checked_permission        --    a string which defined the permission 
+                                        to filter the object on
        acquired_object_dict      --    this is the list of object used by acquisition, so
                                        we can check if we already have used this object

--- a/product/ERP5Type/Accessor/AcquiredProperty.py
+++ b/product/ERP5Type/Accessor/AcquiredProperty.py
@@ -94,6 +94,7 @@ class Getter(Method):
            alt_accessor_id=self._alt_accessor_id,
            is_list_type=self._is_list_type,
            is_tales_type=self._is_tales_type,
+            checked_permission=kw.get('checked_permission', None)
            )
      if value is not None:
        return value.getProperty(self._acquired_property, default, **kw)

--- a/product/ERP5Type/Accessor/Category.py
+++ b/product/ERP5Type/Accessor/Category.py
@@ -57,7 +57,8 @@ class ListSetter(Method):
                                      filter=kw.get('filter', None),
                                      portal_type=kw.get('portal_type',()),
                                      base=kw.get('base', 0),
-                                      keep_default=0)
+                                      keep_default=0,
+                                      checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -90,7 +91,8 @@ class DefaultSetter(Method):
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
                                                 portal_type=kw.get('portal_type',()),
-                                                 base=kw.get('base', 0))
+                                                 base=kw.get('base', 0),
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -133,7 +135,8 @@ class SetSetter(Method):
                                      filter=kw.get('filter', None),
                                      portal_type=kw.get('portal_type',()),
                                      base=kw.get('base', 0),
-                                      keep_default=1)
+                                      keep_default=1,
+                                      checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -168,7 +171,8 @@ class DefaultGetter(Method):
                                                      spec=kw.get('spec',()),
                                                      filter=kw.get('filter', None),
                                                      portal_type=kw.get('portal_type',()),
-                                                      base=kw.get('base',0), default=default)
+                                                      base=kw.get('base',0), default=default,
+                                                      checked_permission=kw.get('checked_permission', None))
    psyco.bind(__call__)
 class ListGetter(Method):

--- a/product/ERP5Type/Accessor/Value.py
+++ b/product/ERP5Type/Accessor/Value.py
--- a/product/ERP5Type/Base.py
+++ b/product/ERP5Type/Base.py