[Zope-Checkins] CVS: Zope2 - User.py:1.152 ZopeSecurityPolicy.py:1.11

shane@digicool.com shane@digicool.com
Thu, 7 Jun 2001 18:36:44 -0400 (EDT) 

Update of /cvs-repository/Zope2/lib/python/AccessControl
In directory korak.digicool.com:/tmp/cvs-serv17056

Modified Files:
	User.py ZopeSecurityPolicy.py 
Log Message:
Because ZopeSecurityPolicy.checkPermission() used User.has_role(), it did
not behave as expected.  Permissions granted to Anonymous didn't
necessarily get granted to other roles, for one thing.  This is an
issue especially for the CMF.  User.allowed()
is practically the same thing with the parameters reversed, so I changed
checkPermission() to call User.allowed() instead.  We should be able to
deprecate User.has_role() now.  I also implemented a minor (micro?)
optimization by calling the aq_base module function instead of using getattr().



--- Updated File User.py in package Zope2 --
--- User.py	2001/06/07 22:18:43	1.151
+++ User.py	2001/06/07 22:36:43	1.152
@@ -245,6 +245,8 @@
         """Check whether the user has access to object. The user must
            have one of the roles in object_roles to allow access."""
 
+        if object_roles is _what_not_even_god_should_do: return 0
+
         # Short-circuit the common case of anonymous access.
         if object_roles is None or 'Anonymous' in object_roles:
             return 1

--- Updated File ZopeSecurityPolicy.py in package Zope2 --
--- ZopeSecurityPolicy.py	2001/04/27 20:27:37	1.10
+++ ZopeSecurityPolicy.py	2001/06/07 22:36:43	1.11
@@ -88,10 +88,13 @@
 $Id$'''
 __version__='$Revision$'[11:-2]
 
+from types import StringType
+
 import SimpleObjectPolicies
 from AccessControl import Unauthorized
 _noroles=SimpleObjectPolicies._noroles
 from zLOG import LOG, PROBLEM
+from Acquisition import aq_base
 
 from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
 
@@ -112,7 +115,7 @@
             if name[:3]=='aq_' and name not in valid_aq_:
                 return 0
 
-        containerbase=getattr(container, 'aq_base', container)
+        containerbase = aq_base(container)
         accessedbase=getattr(accessed, 'aq_base', container)
 
         ############################################################
@@ -231,8 +234,9 @@
 
     def checkPermission(self, permission, object, context):
         roles=rolesForPermissionOn(permission, object)
-        if roles is _what_not_even_god_should_do: return 0
-        return context.user.has_role(roles, object)
+        if type(roles) is StringType:
+            roles=[roles]
+        return context.user.allowed(object, roles)
     
 
 def cleanupName(name, value):