policy fixes

2f8efb21 · Brian Lloyd · 1c5572b9 · 2f8efb21 · 2f8efb21
Commit 2f8efb21 authored Jan 27, 2004 by Brian Lloyd
Showing with 97 additions and 153 deletions

lib/python/AccessControl/ImplPython.py lib/python/AccessControl/ImplPython.py +23 -17

lib/python/AccessControl/cAccessControl.c lib/python/AccessControl/cAccessControl.c +74 -136

No files found.
--- a/lib/python/AccessControl/ImplPython.py
+++ b/lib/python/AccessControl/ImplPython.py
@@ -212,6 +212,13 @@ class ZopeSecurityPolicy:
            if name.startswith('aq_') and name not in valid_aq_:
                raise Unauthorized(name, value)
+        containerbase = aq_base(container)
+        accessedbase = aq_base(accessed)
+        if accessedbase is accessed:
+            # accessed is not a wrapper, so assume that the
+            # value could not have been acquired.
+            accessedbase = container
        ############################################################
        # If roles weren't passed in, we'll try to get them from the object
@@ -236,14 +243,16 @@ class ZopeSecurityPolicy:
            roles = getattr(container, '__roles__', roles)
            if roles is _noroles:
-                # Try to acquire __roles__.  If __roles__ can't be
+                if containerbase is container:
-                # acquired, the value is unprotected and roles is
+                    # Container is not wrapped.
-                # left set to _noroles.
+                    if containerbase is not accessedbase:
-                if aq_base(container) is not container:
+                        raise Unauthorized(name, value)
-                    try:
+                else:
-                        roles = container.aq_acquire('__roles__')
+                    # Try to acquire roles
+                    try: roles = container.aq_acquire('__roles__')
                    except AttributeError:
-                        pass
+                        if containerbase is not accessedbase:
+                            raise Unauthorized(name, value)
            # We need to make sure that we are allowed to
            # get unprotected attributes from the container. We are
@@ -308,18 +317,15 @@ class ZopeSecurityPolicy:
                # in the context of the accessed item; users in subfolders
                # should not be able to use proxy roles to access items
                # above their subfolder!
-                owner = eo.getOwner()
+                owner = eo.getWrappedOwner()
-                # Sigh; the default userfolder doesn't return users wrapped
-                if owner and not hasattr(owner, 'aq_parent'):
-                    udb = eo.getOwner(1)[0]
-                    root = container.getPhysicalRoot()
-                    udb = root.unrestrictedTraverse(udb)
-                    owner = owner.__of__(udb)
                if owner is not None:
-                    if not owner._check_context(container):
+                    if container is not containerbase:
-                        # container is higher up than the owner, deny access
+                        # Unwrapped objects don't need checking
-                        raise Unauthorized(name, value)
+                        if not owner._check_context(container):
+                            # container is higher up than the owner,
+                            # deny access
+                            raise Unauthorized(name, value)
                for r in proxy_roles:
                    if r in roles:

--- a/lib/python/AccessControl/cAccessControl.c
+++ b/lib/python/AccessControl/cAccessControl.c