do not check 'Add portal content' permission if 'Add Permission' is set.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16972 20353a03-c40f-0410-a6d1-a30d3c3de9de

do not check 'Add portal content' permission if 'Add Permission' is set.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16972 20353a03-c40f-0410-a6d1-a30d3c3de9de
f4e7481f · Kazuhiko Shiozaki · 381281eb · f4e7481f · f4e7481f
Commit f4e7481f authored Oct 12, 2007 by Kazuhiko Shiozaki
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 19 deletions

product/ERP5Type/Core/Folder.py product/ERP5Type/Core/Folder.py +0 -8

product/ERP5Type/ERP5Type.py product/ERP5Type/ERP5Type.py +36 -11

No files found.
--- a/product/ERP5Type/Core/Folder.py
+++ b/product/ERP5Type/Core/Folder.py
@@ -1220,10 +1220,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn,
      hidden content types. It allows to be much faster when only the type id
      is needed.
    """
-    if not getSecurityManager().checkPermission(
-                      Permissions.AddPortalContent, self):
-      return []
    portal = self.getPortalObject()
    def _getVisibleAllowedContentTypeList():
@@ -1264,10 +1260,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn,
    # permission that "Add portal content". For now, this is only the case for
    # Role Definition objects, but this shows that generally speaking, this is
    # not the right approach.
-    if not getSecurityManager().checkPermission(
-                      Permissions.AddPortalContent, self):
-      return []
    def _allowedContentTypes( portal_type=None, user=None, portal_path=None ):
      # Sort the list for convenience -yo
      # XXX This is not the best solution, because this does not take

--- a/product/ERP5Type/ERP5Type.py
+++ b/product/ERP5Type/ERP5Type.py
@@ -58,7 +58,9 @@ from RoleInformation import ori
 from TranslationProviderBase import TranslationProviderBase
-from zLOG import LOG
+from sys import exc_info
+from zLOG import LOG, ERROR
+from Products.CMFCore.exceptions import zExceptions_Unauthorized
 ERP5TYPE_SECURITY_GROUP_ID_GENERATION_SCRIPT = 'ERP5Type_asSecurityGroupId'
@@ -205,16 +207,39 @@ class ERP5TypeInformation( FactoryTypeInformation,
    #
    #   Agent methods
    #
-    security.declarePublic('isConstructionAllowed')
+    def _queryFactoryMethod(self, container, default=None):
-    def isConstructionAllowed( self, container ):
-        """
+        if not self.product or not self.factory or container is None:
-        Does the current user have the permission required in
+            return default
-        order to construct an instance?
-        """
+        # In case we aren't wrapped.
-        permission = self.permission
+        dispatcher = getattr(container, 'manage_addProduct', None)
-        if permission and not _checkPermission( permission, container ):
-            return 0
+        if dispatcher is None:
-        return FactoryTypeInformation.isConstructionAllowed(self, container)
+            return default
+        try:
+            p = dispatcher[self.product]
+        except AttributeError:
+            LOG('Types Tool', ERROR, '_queryFactoryMethod raised an exception',
+                error=exc_info())
+            return default
+        m = getattr(p, self.factory, None)
+        if m:
+            try:
+                # validate() can either raise Unauthorized or return 0 to
+                # mean unauthorized.
+                permission = self.permission
+                if permission and _checkPermission( permission, container ):
+                    return m
+                elif getSecurityManager().validate(p, p, self.factory, m):
+                    return m
+            except zExceptions_Unauthorized:  # Catch *all* Unauths!
+                pass
+        return default
    def _getFactoryMethod(self, container, check_security=1):
        if not self.product or not self.factory: