Log message for revision 119201: - fixed some permission checks Changed: U Zope/branches/2.13/doc/CHANGES.rst UU Zope/branches/2.13/src/HelpSys/HelpSys.py UU Zope/branches/2.13/src/HelpSys/HelpTopic.py
-=- Modified: Zope/branches/2.13/doc/CHANGES.rst =================================================================== --- Zope/branches/2.13/doc/CHANGES.rst 2010-12-28 15:16:52 UTC (rev 119200) +++ Zope/branches/2.13/doc/CHANGES.rst 2010-12-28 17:10:19 UTC (rev 119201) @@ -11,6 +11,8 @@ Bugs Fixed ++++++++++ +- HelpSys: Fixed some permission checks. + - OFS: Fixed permission check in ObjectManager. - webdav: Fixed permission check and error handling in DeleteCollection. Modified: Zope/branches/2.13/src/HelpSys/HelpSys.py =================================================================== --- Zope/branches/2.13/src/HelpSys/HelpSys.py 2010-12-28 15:16:52 UTC (rev 119200) +++ Zope/branches/2.13/src/HelpSys/HelpSys.py 2010-12-28 17:10:19 UTC (rev 119201) @@ -17,6 +17,7 @@ from AccessControl.Permissions import add_documents_images_and_files from AccessControl.Permissions import view as View from AccessControl.SecurityInfo import ClassSecurityInfo +from AccessControl.SecurityManagement import getSecurityManager from Acquisition import Implicit from App.special_dtml import DTMLFile from App.special_dtml import HTML @@ -24,12 +25,12 @@ from OFS.SimpleItem import Item from Persistence import Persistent from Products.PluginIndexes.KeywordIndex.KeywordIndex import KeywordIndex -from Products.ZCatalog.ZCatalog import ZCatalog from Products.ZCatalog.Lazy import LazyCat -from Products.ZCTextIndex.OkapiIndex import OkapiIndex -from Products.ZCTextIndex.Lexicon import CaseNormalizer +from Products.ZCatalog.ZCatalog import ZCatalog from Products.ZCTextIndex.HTMLSplitter import HTMLWordSplitter +from Products.ZCTextIndex.Lexicon import CaseNormalizer from Products.ZCTextIndex.Lexicon import StopWordRemover +from Products.ZCTextIndex.OkapiIndex import OkapiIndex from Products.ZCTextIndex.ZCTextIndex import PLexicon from Products.ZCTextIndex.ZCTextIndex import ZCTextIndex @@ -72,13 +73,13 @@ def __call__(self, REQUEST=None, **kw): "Searchable interface" if REQUEST is not None: - perms=[] - user=REQUEST.AUTHENTICATED_USER - for p in self.ac_inherited_permissions(): - if user.has_permission(p[0], self): + perms = [] + sm = getSecurityManager() + for p in self.ac_inherited_permissions(all=True): + if sm.checkPermission(p[0], self): perms.append(p[0]) - REQUEST.set('permissions',perms) - results=[] + REQUEST.set('permissions', perms) + results = [] for ph in self.helpValues(): results.append(apply(getattr(ph, '__call__'), (REQUEST,) , kw)) return LazyCat(results) @@ -268,11 +269,9 @@ Help Topics for which the user is not authorized are not listed. """ - topics=self.objectValues('Help Topic') - if REQUEST is None: - return topics - return filter( - lambda ht, u=REQUEST.AUTHENTICATED_USER: ht.authorized(u), topics) + topics = self.objectValues('Help Topic') + sm = getSecurityManager() + return [ t for t in topics if t.authorized(sm) ] def tpValues(self): """ Property changes on: Zope/branches/2.13/src/HelpSys/HelpSys.py ___________________________________________________________________ Deleted: svn:keywords - Id Modified: Zope/branches/2.13/src/HelpSys/HelpTopic.py =================================================================== --- Zope/branches/2.13/src/HelpSys/HelpTopic.py 2010-12-28 15:16:52 UTC (rev 119200) +++ Zope/branches/2.13/src/HelpSys/HelpTopic.py 2010-12-28 17:10:19 UTC (rev 119201) @@ -58,14 +58,11 @@ def helpValues(self, REQUEST=None): return () - def authorized(self, user): + def authorized(self, sm): "Is a given user authorized to view this Help Topic?" if not self.permissions: - return 1 - for perm in self.permissions: - if user.has_permission(perm, self): - return 1 - return 0 + return True + return any( sm.checkPermission(p, self) for p in self.permissions ) # Indexable methods # ----------------- Property changes on: Zope/branches/2.13/src/HelpSys/HelpTopic.py ___________________________________________________________________ Deleted: cvs2svn:cvs-rev - 1.19 _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins