From 93a7c56e25db8047284df6cb21e6ecdc00385d18 Mon Sep 17 00:00:00 2001 From: Ivan Tyagov <ivan@nexedi.com> Date: Wed, 23 Jun 2010 10:12:25 +0000 Subject: [PATCH] Split force user authentication to a seperate method which can be reused. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@36530 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5/Document/Document.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/product/ERP5/Document/Document.py b/product/ERP5/Document/Document.py index 0e7259d28d..5e9ce2a738 100644 --- a/product/ERP5/Document/Document.py +++ b/product/ERP5/Document/Document.py @@ -129,12 +129,9 @@ class PermanentURLMixIn(ExtensibleTraversableMixIn): # Declarative security security = ClassSecurityInfo() - ### Extensible content - def _getExtensibleContent(self, request, name): - # Permanent URL traversal - # First we must get the logged user by forcing identification + def _forceIdentification(self, request): + # force identification (usable for extensible content) cache = getReadOnlyTransactionCache(self) - # LOG('getReadOnlyTransactionCache', 0, repr(cache)) # Currently, it is always None if cache is not None: key = ('__bobo_traverse__', self, 'user') try: @@ -180,14 +177,23 @@ class PermanentURLMixIn(ExtensibleTraversableMixIn): # do not try to change SecurityManager if cache is not None: cache[key] = user + + old_manager = None if user is not None: # We need to perform identification old_manager = getSecurityManager() newSecurityManager(get_request(), user) + + return old_manager, user + + ### Extensible content + def _getExtensibleContent(self, request, name): + # Permanent URL traversal + old_manager, user = self._forceIdentification(request) # Next get the document per name portal = self.getPortalObject() document = self.getDocumentValue(name=name, portal=portal) - # Last, cleanup everything + # restore original security context if there's a logged in user if user is not None: setSecurityManager(old_manager) if document is not None: -- 2.30.9