Log message for revision 119202:
  - fixed some permission checks

Changed:
  UU  Zope/trunk/src/HelpSys/HelpSys.py
  UU  Zope/trunk/src/HelpSys/HelpTopic.py

-=-
Modified: Zope/trunk/src/HelpSys/HelpSys.py
===================================================================
--- Zope/trunk/src/HelpSys/HelpSys.py   2010-12-28 17:10:19 UTC (rev 119201)
+++ Zope/trunk/src/HelpSys/HelpSys.py   2010-12-28 17:10:33 UTC (rev 119202)
@@ -17,6 +17,7 @@
 from AccessControl.Permissions import add_documents_images_and_files
 from AccessControl.Permissions import view as View
 from AccessControl.SecurityInfo import ClassSecurityInfo
+from AccessControl.SecurityManagement import getSecurityManager
 from Acquisition import Implicit
 from App.special_dtml import DTMLFile
 from App.special_dtml import HTML
@@ -24,12 +25,12 @@
 from OFS.SimpleItem import Item
 from Persistence import Persistent
 from Products.PluginIndexes.KeywordIndex.KeywordIndex import KeywordIndex
-from Products.ZCatalog.ZCatalog import ZCatalog
 from Products.ZCatalog.Lazy import LazyCat
-from Products.ZCTextIndex.OkapiIndex import OkapiIndex
-from Products.ZCTextIndex.Lexicon import CaseNormalizer
+from Products.ZCatalog.ZCatalog import ZCatalog
 from Products.ZCTextIndex.HTMLSplitter import HTMLWordSplitter
+from Products.ZCTextIndex.Lexicon import CaseNormalizer
 from Products.ZCTextIndex.Lexicon import StopWordRemover
+from Products.ZCTextIndex.OkapiIndex import OkapiIndex
 from Products.ZCTextIndex.ZCTextIndex import PLexicon
 from Products.ZCTextIndex.ZCTextIndex import ZCTextIndex
 
@@ -72,13 +73,13 @@
     def __call__(self, REQUEST=None, **kw):
         "Searchable interface"
         if REQUEST is not None:
-            perms=[]
-            user=REQUEST.AUTHENTICATED_USER
-            for p in self.ac_inherited_permissions():
-                if user.has_permission(p[0], self):
+            perms = []
+            sm = getSecurityManager()
+            for p in self.ac_inherited_permissions(all=True):
+                if sm.checkPermission(p[0], self):
                     perms.append(p[0])
-            REQUEST.set('permissions',perms)
-        results=[]
+            REQUEST.set('permissions', perms)
+        results = []
         for ph in self.helpValues():
             results.append(apply(getattr(ph, '__call__'), (REQUEST,) , kw))
         return LazyCat(results)
@@ -268,11 +269,9 @@
         Help Topics for which the user is not authorized
         are not listed.
         """
-        topics=self.objectValues('Help Topic')
-        if REQUEST is None:
-            return topics
-        return filter(
-            lambda ht, u=REQUEST.AUTHENTICATED_USER: ht.authorized(u), topics)
+        topics = self.objectValues('Help Topic')
+        sm = getSecurityManager()
+        return [ t for t in topics if t.authorized(sm) ]
 
     def tpValues(self):
         """


Property changes on: Zope/trunk/src/HelpSys/HelpSys.py
___________________________________________________________________
Deleted: svn:keywords
   - Id

Modified: Zope/trunk/src/HelpSys/HelpTopic.py
===================================================================
--- Zope/trunk/src/HelpSys/HelpTopic.py 2010-12-28 17:10:19 UTC (rev 119201)
+++ Zope/trunk/src/HelpSys/HelpTopic.py 2010-12-28 17:10:33 UTC (rev 119202)
@@ -58,14 +58,11 @@
     def helpValues(self, REQUEST=None):
         return ()
 
-    def authorized(self, user):
+    def authorized(self, sm):
         "Is a given user authorized to view this Help Topic?"
         if not self.permissions:
-            return 1
-        for perm in self.permissions:
-            if user.has_permission(perm, self):
-                return 1
-        return 0
+            return True
+        return any( sm.checkPermission(p, self) for p in self.permissions )
 
     # Indexable methods
     # -----------------


Property changes on: Zope/trunk/src/HelpSys/HelpTopic.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.19

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to