- reverted workaround in '_verifyObjectPaste'; 'checkPermission' now respects proxy roles

a88b64fe · c1c380a8 · a88b64fe · a88b64fe
Commit a88b64fe authored Dec 05, 2005 by
Show whitespace changes
Inline Side-by-side

Showing with 32 additions and 54 deletions

lib/python/OFS/CopySupport.py lib/python/OFS/CopySupport.py +29 -51

lib/python/OFS/tests/testCopySupport.py lib/python/OFS/tests/testCopySupport.py +3 -3

No files found.
--- a/lib/python/OFS/CopySupport.py
+++ b/lib/python/OFS/CopySupport.py
@@ -472,7 +472,7 @@ class CopyContainer(ExtensionClass.Base):
        if not hasattr(object, 'meta_type'):
            raise CopyError, MessageDialog(
                  title   = 'Not Supported',
-                  message = ('The object <EM>%s</EM> does not support this' \
+                  message = ('The object <em>%s</em> does not support this' \
                             ' operation' % escape(absattr(object.id))),
                  action  = 'manage_main')
@@ -492,40 +492,11 @@ class CopyContainer(ExtensionClass.Base):
                mt_permission = d.get('permission')
                break
-        if method_name:
+        if mt_permission is not None:
-            try:
-                method = self.restrictedTraverse(method_name)
-                # method_name is e.g.
-                # "manage_addProduct/PageTemplates/manage_addPageTemplateForm".
-                # restrictedTraverse will raise Unauthorized if it
-                # can't obtain the factory method by name due to a
-                # security restriction.  We depend on this side effect
-                # here!  Note that we use restrictedTraverse as
-                # opposed to checkPermission to take into account the
-                # special security circumstances related to proxy
-                # roles.  See collector #78.
-            except Unauthorized:
-                if mt_permission:
-                    message = ('You do not possess the %s permission in the '
-                               'context of the container into which you are '
-                               'pasting, thus you are not able to perform '
-                               'this operation.' % mt_permission)
-                else:
-                    message = ('You do not possess the permission required '
-                               'to call %s in the context of the container '
-                               'into which you are pasting, thus you are not '
-                               'able to perform this operation.' % method_name)
-                raise CopyError, MessageDialog(
-                  title = 'Insufficient Privileges',
-                  message = message,
-                  action = 'manage_main')
-            if validate_src:
            sm = getSecurityManager()
+            if sm.checkPermission(mt_permission, self):
+                if validate_src:
                    # Ensure the user is allowed to access the object on the
                    # clipboard.
                    try:
@@ -533,17 +504,24 @@ class CopyContainer(ExtensionClass.Base):
                    except:
                        parent = None
-                if not sm.validate(None,parent,None,object):
+                    if not sm.validate(None, parent, None, object):
-                    raise Unauthorized, absattr(object.id)
+                        raise Unauthorized(absattr(object.id))
                    if validate_src == 2: # moving
                        if not sm.checkPermission(DeleteObjects, parent):
-                        raise Unauthorized, 'Delete not allowed.'
+                            raise Unauthorized('Delete not allowed.')
+            else:
-        else: # /if method_name
+                raise CopyError, MessageDialog(
+                    title = 'Insufficient Privileges',
+                    message = ('You do not possess the %s permission in the '
+                               'context of the container into which you are '
+                               'pasting, thus you are not able to perform '
+                               'this operation.' % mt_permission),
+                    action = 'manage_main')
+        else:
            raise CopyError, MessageDialog(
                title = 'Not Supported',
-                  message = ('The object <EM>%s</EM> does not support this '
+                message = ('The object <em>%s</em> does not support this '
                           'operation.' % escape(absattr(object.id))),
                action = 'manage_main')

--- a/lib/python/OFS/tests/testCopySupport.py
+++ b/lib/python/OFS/tests/testCopySupport.py
@@ -489,10 +489,10 @@ class TestCopySupportSecurity( CopySupportTestBase ):
        folder1, folder2 = self._initFolders()
        folder2.all_meta_types = FILE_META_TYPES
-        def _no_manage_addFile( a, c, n, v, *args, **kw ):
+        def _no_add_images_and_files(permission, object, context):
-            return n != 'manage_addFile'
+            return permission != ADD_IMAGES_AND_FILES
-        self._initPolicyAndUser( v_lambda=_no_manage_addFile )
+        self._initPolicyAndUser( c_lambda=_no_add_images_and_files )
        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
        self._assertCopyErrorUnauth( folder2.manage_pasteObjects