Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
a88b64fe
Commit
a88b64fe
authored
Dec 05, 2005
by
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- reverted workaround in '_verifyObjectPaste'; 'checkPermission' now respects proxy roles
parent
c1c380a8
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
54 deletions
+32
-54
lib/python/OFS/CopySupport.py
lib/python/OFS/CopySupport.py
+29
-51
lib/python/OFS/tests/testCopySupport.py
lib/python/OFS/tests/testCopySupport.py
+3
-3
No files found.
lib/python/OFS/CopySupport.py
View file @
a88b64fe
...
@@ -472,7 +472,7 @@ class CopyContainer(ExtensionClass.Base):
...
@@ -472,7 +472,7 @@ class CopyContainer(ExtensionClass.Base):
if
not
hasattr
(
object
,
'meta_type'
):
if
not
hasattr
(
object
,
'meta_type'
):
raise
CopyError
,
MessageDialog
(
raise
CopyError
,
MessageDialog
(
title
=
'Not Supported'
,
title
=
'Not Supported'
,
message
=
(
'The object <
EM>%s</EM
> does not support this'
\
message
=
(
'The object <
em>%s</em
> does not support this'
\
' operation'
%
escape
(
absattr
(
object
.
id
))),
' operation'
%
escape
(
absattr
(
object
.
id
))),
action
=
'manage_main'
)
action
=
'manage_main'
)
...
@@ -492,60 +492,38 @@ class CopyContainer(ExtensionClass.Base):
...
@@ -492,60 +492,38 @@ class CopyContainer(ExtensionClass.Base):
mt_permission
=
d
.
get
(
'permission'
)
mt_permission
=
d
.
get
(
'permission'
)
break
break
if
method_name
:
if
mt_permission
is
not
None
:
try
:
sm
=
getSecurityManager
()
method
=
self
.
restrictedTraverse
(
method_name
)
# method_name is e.g.
if
sm
.
checkPermission
(
mt_permission
,
self
):
# "manage_addProduct/PageTemplates/manage_addPageTemplateForm".
if
validate_src
:
# restrictedTraverse will raise Unauthorized if it
# Ensure the user is allowed to access the object on the
# can't obtain the factory method by name due to a
# clipboard.
# security restriction. We depend on this side effect
try
:
# here! Note that we use restrictedTraverse as
parent
=
aq_parent
(
aq_inner
(
object
))
# opposed to checkPermission to take into account the
except
:
# special security circumstances related to proxy
parent
=
None
# roles. See collector #78.
if
not
sm
.
validate
(
None
,
parent
,
None
,
object
):
except
Unauthorized
:
raise
Unauthorized
(
absattr
(
object
.
id
))
if
mt_permission
:
if
validate_src
==
2
:
# moving
if
not
sm
.
checkPermission
(
DeleteObjects
,
parent
):
raise
Unauthorized
(
'Delete not allowed.'
)
else
:
raise
CopyError
,
MessageDialog
(
title
=
'Insufficient Privileges'
,
message
=
(
'You do not possess the %s permission in the '
message
=
(
'You do not possess the %s permission in the '
'context of the container into which you are '
'context of the container into which you are '
'pasting, thus you are not able to perform '
'pasting, thus you are not able to perform '
'this operation.'
%
mt_permission
)
'this operation.'
%
mt_permission
),
else
:
action
=
'manage_main'
)
message
=
(
'You do not possess the permission required '
else
:
'to call %s in the context of the container '
'into which you are pasting, thus you are not '
'able to perform this operation.'
%
method_name
)
raise
CopyError
,
MessageDialog
(
title
=
'Insufficient Privileges'
,
message
=
message
,
action
=
'manage_main'
)
if
validate_src
:
sm
=
getSecurityManager
()
# Ensure the user is allowed to access the object on the
# clipboard.
try
:
parent
=
aq_parent
(
aq_inner
(
object
))
except
:
parent
=
None
if
not
sm
.
validate
(
None
,
parent
,
None
,
object
):
raise
Unauthorized
,
absattr
(
object
.
id
)
if
validate_src
==
2
:
# moving
if
not
sm
.
checkPermission
(
DeleteObjects
,
parent
):
raise
Unauthorized
,
'Delete not allowed.'
else
:
# /if method_name
raise
CopyError
,
MessageDialog
(
raise
CopyError
,
MessageDialog
(
title
=
'Not Supported'
,
title
=
'Not Supported'
,
message
=
(
'The object <EM>%s</EM
> does not support this '
message
=
(
'The object <em>%s</em
> does not support this '
'operation.'
%
escape
(
absattr
(
object
.
id
))),
'operation.'
%
escape
(
absattr
(
object
.
id
))),
action
=
'manage_main'
)
action
=
'manage_main'
)
Globals
.
default__class_init__
(
CopyContainer
)
Globals
.
default__class_init__
(
CopyContainer
)
...
...
lib/python/OFS/tests/testCopySupport.py
View file @
a88b64fe
...
@@ -489,10 +489,10 @@ class TestCopySupportSecurity( CopySupportTestBase ):
...
@@ -489,10 +489,10 @@ class TestCopySupportSecurity( CopySupportTestBase ):
folder1
,
folder2
=
self
.
_initFolders
()
folder1
,
folder2
=
self
.
_initFolders
()
folder2
.
all_meta_types
=
FILE_META_TYPES
folder2
.
all_meta_types
=
FILE_META_TYPES
def
_no_
manage_addFile
(
a
,
c
,
n
,
v
,
*
args
,
**
kw
):
def
_no_
add_images_and_files
(
permission
,
object
,
context
):
return
n
!=
'manage_addFile'
return
permission
!=
ADD_IMAGES_AND_FILES
self
.
_initPolicyAndUser
(
v_lambda
=
_no_manage_addFile
)
self
.
_initPolicyAndUser
(
c_lambda
=
_no_add_images_and_files
)
cookie
=
folder1
.
manage_cutObjects
(
ids
=
(
'file'
,
)
)
cookie
=
folder1
.
manage_cutObjects
(
ids
=
(
'file'
,
)
)
self
.
_assertCopyErrorUnauth
(
folder2
.
manage_pasteObjects
self
.
_assertCopyErrorUnauth
(
folder2
.
manage_pasteObjects
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment