[Zope-Checkins] CVS: Zope/lib/python/AccessControl - cAccessControl.c:1.17.6.6

Brian Lloyd brian at zope.com
Tue Jan 27 10:27:18 EST 2004


Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv11230

Modified Files:
      Tag: Zope-2_6-branch
	cAccessControl.c 
Log Message:
merge TS changes


=== Zope/lib/python/AccessControl/cAccessControl.c 1.17.6.5 => 1.17.6.6 ===
--- Zope/lib/python/AccessControl/cAccessControl.c:1.17.6.5	Mon Jan 19 13:54:10 2004
+++ Zope/lib/python/AccessControl/cAccessControl.c	Tue Jan 27 10:27:17 2004
@@ -663,6 +663,7 @@
 static PyObject *aq_validate = NULL;
 static PyObject *aq_parent_str = NULL;
 static PyObject *_check_context_str = NULL;
+static PyObject *getWrappedOwner_str = NULL;
 
 static int ownerous = 1;
 static int authenticated = 1;
@@ -698,6 +699,8 @@
           return -1;
 	UNLESS (allowed_str = PyString_FromString("allowed")) return -1;
 	UNLESS (getOwner_str = PyString_FromString("getOwner")) return -1;
+	UNLESS (getWrappedOwner_str = PyString_FromString("getWrappedOwner")) 
+	  return -1;
 	UNLESS (getPhysicalRoot_str = PyString_FromString("getPhysicalRoot")) 
 	  return -1;
 	UNLESS (aq_parent_str = PyString_FromString("aq_parent")) return -1;
@@ -759,12 +762,8 @@
 	PyObject *stack = NULL;
 	PyObject *user = NULL;
 
-
 	PyObject *method = NULL;
 	PyObject *tmp = NULL;
-	PyObject *udb = NULL;
-	PyObject *root = NULL;
-	PyObject *item = NULL;
 
 	char *sname;
 
@@ -848,8 +847,7 @@
 
 		/*| roles = getattr(container, "__roles__", _noroles)
 		**| if roles is _noroles:
-		**|    aq = getattr(container, 'aq_acquire', None)
-		**|    if aq is None:
+		**|    if containerbase is container:
 		**|       roles = _noroles
 		**|       if containerbase is not accessedbase: return 0
 		**|    else:
@@ -1099,30 +1097,26 @@
 	**|        # in the context of the accessed item; users in subfolders
 	**|        # should not be able to use proxy roles to access items 
 	**|        # above their subfolder!
-	**|        owner = eo.getOwner()
-	**|        # Sigh; the default userfolder doesn't return users wrapped
-	**|        if owner and not hasattr(owner, 'aq_parent'):
-	**|            udb=eo.getOwner(1)[0]
-	**|            root=container.getPhysicalRoot()
-	**|            udb=root.unrestrictedTraverse(udb)
-	**|            owner=owner.__of__(udb)
+	**|        owner = eo.getWrappedOwner()
 	**|                        
 	**|        if owner is not None:
-	**|            if not owner._check_context(container):
-	**|                # container is higher up than the owner, deny
-	**|                # access
-	**|                raise Unauthorized(name, value)
+	**|            if container is not containerbase:
+        **|                # Unwrapped objects don't need checking
+	**|                if not owner._check_context(container):
+	**|                    # container is higher up than the owner, 
+	**|                    # deny access
+	**|                    raise Unauthorized(name, value)
 	**|
 	**|       for r in proxy_roles:
 	**|          if r in roles: return 1
 	**|
 	**|       # proxy roles actually limit access!
 	**|       if accessedbase is containerbase:
-	**|	     raise Unauthorized, ('You are not authorized to access'
-	**|		'<em>%s</em>.' % cleanupName(name, value))
+	**|	     raise Unauthorized(name, value)
 	**|
 	**|	  return 0
 	*/
+
 		proxy_roles = PyObject_GetAttr(eo, _proxy_roles_str);
 
 		if (proxy_roles == NULL) 
@@ -1133,9 +1127,7 @@
                 else if (PyObject_IsTrue(proxy_roles)) 
                   {
 
-		    /* patch!! --------------------------------  */
-
-		    method = PyObject_GetAttr(eo, getOwner_str);
+		    method = PyObject_GetAttr(eo, getWrappedOwner_str);
 		    if (method == NULL) {
 		      Py_DECREF(eo);
 		      Py_DECREF(proxy_roles);
@@ -1150,100 +1142,33 @@
 		      goto err;
 		    }
 
-		    if (PyObject_IsTrue(owner)) {
-		      if (!PyObject_HasAttr(owner, aq_parent_str)) {
-			item = PyInt_FromLong(1);
-			if (item == NULL) {
-			  Py_DECREF(eo);
-			  Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  goto err;
-			}
+		    Py_DECREF(eo);
 
-		        tmp = callmethod1(eo, getOwner_str, item);
-			Py_DECREF(item);
-			if (tmp == NULL) {
-			  Py_DECREF(eo);
-			  Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  goto err;
-			}
+		    if (owner != Py_None) {
 
-			udb = PySequence_GetItem(tmp, 0);
-			Py_DECREF(tmp);
-			if (udb == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  goto err;
-			}
+		      if (containerbase != container) {
 
-			method = PyObject_GetAttr(container, 
-						  getPhysicalRoot_str);
-			if (method == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
+			tmp = callmethod1(owner,_check_context_str,
+					  container
+					  );
+			if (tmp == NULL) {
+			  Py_DECREF(proxy_roles);
 			  Py_DECREF(owner);
-			  Py_DECREF(udb);
 			  goto err;
 			}
 
-			root = PyObject_CallObject(method, NULL);
-			Py_DECREF(method);
-			if (root == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
-			  Py_DECREF(owner);
-			  Py_DECREF(udb);
-			  goto err;
-			}
-			
-			ASSIGN(udb, callmethod1(root, unrestrictedTraverse_str,
-						udb)); 
-			Py_DECREF(root);
-			if (udb == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
+			if (!PyObject_IsTrue(tmp)) {
+			  Py_DECREF(proxy_roles);
 			  Py_DECREF(owner);
+			  Py_DECREF(tmp);
+			  unauthErr(name, value);
 			  goto err;
 			}
-
-			ASSIGN(owner, callmethod1(owner, __of__, udb));
-			Py_DECREF(udb);
-			if (owner == NULL) {
-			  Py_DECREF(eo);
-		          Py_DECREF(proxy_roles);
-			  goto err;
-			}
-
-		      }
-		    }
-
-		    Py_DECREF(eo);
-
-		    if (owner != Py_None) {
-		      tmp = callmethod1(owner,_check_context_str,
-					container
-					);
-		      if (tmp == NULL) {
-		        Py_DECREF(proxy_roles);
-			Py_DECREF(owner);
-			goto err;
-		      }
-
-		      if (!PyObject_IsTrue(tmp)) {
-	                Py_DECREF(proxy_roles);
-			Py_DECREF(owner);
 			Py_DECREF(tmp);
-			unauthErr(name, value);
-			goto err;
 		      }
+
 		      Py_DECREF(owner);
-		      Py_DECREF(tmp);
 		    }
-		    		    
-		    /* ------------------------------------------- */
-
 
 
                     contains = 0;




More information about the Zope-Checkins mailing list