Log message for revision 119198: - fixed permission check in ObjectManager
Changed: U Zope/branches/2.13/doc/CHANGES.rst UU Zope/branches/2.13/src/OFS/ObjectManager.py UU Zope/branches/2.13/src/OFS/tests/testObjectManager.py -=- Modified: Zope/branches/2.13/doc/CHANGES.rst =================================================================== --- Zope/branches/2.13/doc/CHANGES.rst 2010-12-28 13:51:27 UTC (rev 119197) +++ Zope/branches/2.13/doc/CHANGES.rst 2010-12-28 13:57:19 UTC (rev 119198) @@ -11,6 +11,8 @@ Bugs Fixed ++++++++++ +- OFS: Fixed permission check in ObjectManager. + - webdav: Fixed permission check and error handling in DeleteCollection. - LP 686664: WebDAV Lock Manager ZMI view wasn't accessible. Modified: Zope/branches/2.13/src/OFS/ObjectManager.py =================================================================== --- Zope/branches/2.13/src/OFS/ObjectManager.py 2010-12-28 13:51:27 UTC (rev 119197) +++ Zope/branches/2.13/src/OFS/ObjectManager.py 2010-12-28 13:57:19 UTC (rev 119198) @@ -266,15 +266,15 @@ def filtered_meta_types(self, user=None): # Return a list of the types for which the user has # adequate permission to add that type of object. - user=getSecurityManager().getUser() - meta_types=[] + sm = getSecurityManager() + meta_types = [] if callable(self.all_meta_types): - all=self.all_meta_types() + all = self.all_meta_types() else: - all=self.all_meta_types + all = self.all_meta_types for meta_type in all: if meta_type.has_key('permission'): - if user.has_permission(meta_type['permission'],self): + if sm.checkPermission(meta_type['permission'], self): meta_types.append(meta_type) else: meta_types.append(meta_type) Property changes on: Zope/branches/2.13/src/OFS/ObjectManager.py ___________________________________________________________________ Deleted: svn:keywords - Id Modified: Zope/branches/2.13/src/OFS/tests/testObjectManager.py =================================================================== --- Zope/branches/2.13/src/OFS/tests/testObjectManager.py 2010-12-28 13:51:27 UTC (rev 119197) +++ Zope/branches/2.13/src/OFS/tests/testObjectManager.py 2010-12-28 13:57:19 UTC (rev 119198) @@ -1,23 +1,24 @@ import unittest -from zope.component.testing import PlacelessSetup -from zope.interface import implements - from AccessControl.owner import EmergencyUserCannotOwn from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import noSecurityManager +from AccessControl.SecurityManager import setSecurityPolicy +from AccessControl.SpecialUsers import emergency_user, nobody, system from AccessControl.User import User # before SpecialUsers -from AccessControl.SpecialUsers import emergency_user, nobody, system from Acquisition import aq_base from Acquisition import Implicit from App.config import getConfiguration from logging import getLogger +from zExceptions import BadRequest +from zope.component.testing import PlacelessSetup +from zope.interface import implements +from Zope2.App import zcml + from OFS.interfaces import IItem from OFS.metaconfigure import setDeprecatedManageAddDelete from OFS.ObjectManager import ObjectManager from OFS.SimpleItem import SimpleItem -from Zope2.App import zcml -from zExceptions import BadRequest logger = getLogger('OFS.subscribers') @@ -103,6 +104,26 @@ verifyClass(IContainer, ObjectManager) verifyClass(IObjectManager, ObjectManager) + def test_filtered_meta_types(self): + + class _DummySecurityPolicy(object): + + def checkPermission(self, permission, object, context): + return permission == 'addFoo' + + om = self._makeOne() + om.all_meta_types = ({'name': 'Foo', 'permission': 'addFoo'}, + {'name': 'Bar', 'permission': 'addBar'}, + {'name': 'Baz'}) + try: + oldPolicy = setSecurityPolicy(_DummySecurityPolicy()) + self.assertEqual(len(om.filtered_meta_types()), 2) + self.assertEqual(om.filtered_meta_types()[0]['name'], 'Foo') + self.assertEqual(om.filtered_meta_types()[1]['name'], 'Baz') + finally: + noSecurityManager() + setSecurityPolicy(oldPolicy) + def test_setObject_set_owner_with_no_user( self ): om = self._makeOne() newSecurityManager( None, None ) Property changes on: Zope/branches/2.13/src/OFS/tests/testObjectManager.py ___________________________________________________________________ Deleted: svn:keywords - Id _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins