Commit 50e21bf5 authored by Jérome Perrin's avatar Jérome Perrin

explain problem with allowedContentTypes caching strategy and make a quick and dirty workaround


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@9431 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent de9729b9
...@@ -650,12 +650,24 @@ be a problem).""" ...@@ -650,12 +650,24 @@ be a problem)."""
# Optimized Menu System # Optimized Menu System
security.declarePublic('allowedContentTypes') security.declarePublic('allowedContentTypes')
def allowedContentTypes( self ): def allowedContentTypes( self ):
""" """ List portal_types which can be added in this folder / object.
List portal_types which can be added in this folder / object. Cache results.
Cache results. This requires restarting Zope to update values. """
""" # if we don't have add portal content permission, return directly.
# this prevents returning cached allowed types when the user no longer have
# the permission to any content type. (security definitions in workflows
# usually remove some permission once an object is "Valid")
# This also prevents filling the cache with an empty list, when the user
# does not have the permission to add any content yet.
# XXX this works just fine, unless some objects can be added with another
# permission that "Add portal content". For now, this is only the case for
# Role Definition objects, but this shows that generally speaking, this is
# not the right approach.
if not getSecurityManager().checkPermission( if not getSecurityManager().checkPermission(
Permissions.AddPortalContent, self): Permissions.AddPortalContent, self) and\
not getSecurityManager().checkPermission(
Permissions.ChangeLocalRoles, self):
return [] return []
def _allowedContentTypes( portal_type=None, user=None, portal_path=None ): def _allowedContentTypes( portal_type=None, user=None, portal_path=None ):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment