Commit 95ac6cf7 authored by Alexandre Boeglin's avatar Alexandre Boeglin

Made a reusable method out of last Base.py commit.

Reused the method in manage_copyObjects.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4079 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent e7010195
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import ExtensionClass import ExtensionClass
from Globals import InitializeClass, DTMLFile, PersistentMapping from Globals import InitializeClass, DTMLFile, PersistentMapping
from AccessControl import ClassSecurityInfo, getSecurityManager from AccessControl import ClassSecurityInfo
from AccessControl.Permission import pname, Permission from AccessControl.Permission import pname, Permission
from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain
...@@ -51,11 +51,10 @@ from Products.ERP5Type.XMLExportImport import Base_asXML ...@@ -51,11 +51,10 @@ from Products.ERP5Type.XMLExportImport import Base_asXML
from Products.CMFCore.WorkflowCore import ObjectDeleted from Products.CMFCore.WorkflowCore import ObjectDeleted
from Accessor import WorkflowState from Accessor import WorkflowState
from OFS.CopySupport import CopyError
from ZopePatch import ERP5PropertyManager from ZopePatch import ERP5PropertyManager
from CopySupport import CopyContainer from CopySupport import CopyContainer, CopyError,\
tryMethodCallWithTemporaryPermission
from Errors import DeferredCatalogError from Errors import DeferredCatalogError
from Products.CMFActivity.ActiveObject import ActiveObject from Products.CMFActivity.ActiveObject import ActiveObject
from Products.ERP5Type.Accessor.Accessor import Accessor as Method from Products.ERP5Type.Accessor.Accessor import Accessor as Method
...@@ -961,30 +960,8 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ): ...@@ -961,30 +960,8 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ):
# Do not rename until everything flushed # Do not rename until everything flushed
self.recursiveFlushActivity(invoke=1) self.recursiveFlushActivity(invoke=1)
previous_relative_url = self.getRelativeUrl() previous_relative_url = self.getRelativeUrl()
try: tryMethodCallWithTemporaryPermission(self, 'Copy or Move',
self.aq_parent.manage_renameObject(self.id, id) self.aq_parent.manage_renameObject, (self.id, id), {}, CopyError)
except CopyError:
# we want to catch the explicit security check done in
# manage_renameObject and bypass it. for this, we temporarily give the
# Copy or Move right to the user. We assume that if the user has enough
# rights to pass the "declareProtected" check around "setId", he should
# be really able to rename the object.
user = getSecurityManager().getUser()
user_role_list = user.getRolesInContext(self)
if len(user_role_list) > 0:
perm_list = self.ac_inherited_permissions()
for p in perm_list:
if p[0] == 'Copy or Move':
name, value = p[:2]
break
else:
name, value = ('Copy or Move', ())
p = Permission(name,value,self)
old_role_list = p.getRoles(default=[])
p.setRoles(user_role_list)
self.aq_parent.manage_renameObject(self.id, id)
p.setRoles(old_role_list)
new_relative_url = self.getRelativeUrl() new_relative_url = self.getRelativeUrl()
if reindex: if reindex:
self.flushActivity(invoke=1) # Required if we wish that news ids appear instantly self.flushActivity(invoke=1) # Required if we wish that news ids appear instantly
......
...@@ -13,7 +13,8 @@ ...@@ -13,7 +13,8 @@
############################################################################## ##############################################################################
from OFS import Moniker from OFS import Moniker
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.Permission import Permission
from OFS.ObjectManager import ObjectManager from OFS.ObjectManager import ObjectManager
from OFS.CopySupport import CopyContainer as OriginalCopyContainer from OFS.CopySupport import CopyContainer as OriginalCopyContainer
from OFS.CopySupport import CopyError from OFS.CopySupport import CopyError
...@@ -54,7 +55,9 @@ class CopyContainer: ...@@ -54,7 +55,9 @@ class CopyContainer:
#LOG("Manage Copy",0, "ids:%s uids:%s" % (str(ids), str(uids))) #LOG("Manage Copy",0, "ids:%s uids:%s" % (str(ids), str(uids)))
if ids is not None: if ids is not None:
# Use default methode # Use default methode
return OriginalCopyContainer.manage_copyObjects(self, ids, REQUEST, RESPONSE) return tryMethodCallWithTemporaryPermission(self, 'Copy or Move',
OriginalCopyContainer.manage_copyObjects, (self, ids, REQUEST,
RESPONSE), {}, CopyError)
if uids is None and REQUEST is not None: if uids is None and REQUEST is not None:
return eNoItemsSpecified return eNoItemsSpecified
elif uids is None: elif uids is None:
...@@ -189,7 +192,7 @@ class CopyContainer: ...@@ -189,7 +192,7 @@ class CopyContainer:
# Pass - need to find a way to pass calls... # Pass - need to find a way to pass calls...
self.notifyWorkflowCreated() self.notifyWorkflowCreated()
# Add info about copy to edit workflow # Add info about copy to edit workflow
REQUEST = get_request() REQUEST = get_request()
if REQUEST is not None and REQUEST.get('__cp', None) : if REQUEST is not None and REQUEST.get('__cp', None) :
...@@ -287,4 +290,32 @@ class CopyContainer: ...@@ -287,4 +290,32 @@ class CopyContainer:
if catalog is not None: if catalog is not None:
catalog.moveObject(self, idxs=idxs) catalog.moveObject(self, idxs=idxs)
#### Helper methods
def tryMethodCallWithTemporaryPermission(context, permission, method,
method_argv, method_kw, exception):
# we want to catch the explicit security check done in manage_renameObject
# and bypass it. for this, we temporarily give the Copy or Move right to the
# user. We assume that if the user has enough rights to pass the
# "declareProtected" check around "setId", he should be really able to
# rename the object.
try:
return method(*method_argv, **method_kw)
except exception:
user = getSecurityManager().getUser()
user_role_list = user.getRolesInContext(context)
if len(user_role_list) > 0:
perm_list = context.ac_inherited_permissions()
for p in perm_list:
if p[0] == permission:
name, value = p[:2]
break
else:
name, value = (permission, ())
p = Permission(name,value,context)
old_role_list = p.getRoles(default=[])
p.setRoles(user_role_list)
result = method(*method_argv, **method_kw)
p.setRoles(old_role_list)
return result
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment