[Zope-CMF] [dev] CMF 1.4 alpha

David Harvey (Hamish) david.harvey@bristol.ac.uk
Thu, 20 Feb 2003 11:07:35 +0000


--Boundary-00=_3bLV+aeKZdKLb4H
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Thursday 20 Feb 2003 10:42 am, Yuppie wrote:

> <http://collector.zope.org/CMF/114>
> Restriction of content type addition based upon user roles (ie: user x
> can enter types y and z).
> (ChrisW ?)
>

I've got a patch that might do this. It seems to work for me, but I've been 
running with a monkey patch doing the same thing for a while, so this isn't a 
reasonable test. It's possibly a bit crude. It's a reworking as a direct 
patch against CMFCore of the monkey patch on which ChrisW's suggestion was 
based, so should conform exactly to that in terms of behaviour, with the 
exception that the permission name became "Add content instances".

I tried to add it as a followup to http://collector.zope.org/CMF/114 but keep 
getting a login screen. Perhaps I can only follow up my own submissions.  
It's only wee, so I attach it here.

Cheers,
Hamish

--Boundary-00=_3bLV+aeKZdKLb4H
Content-Type: text/x-diff;
  charset="iso-8859-1";
  name="add_content_restriction.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="add_content_restriction.diff"

Index: CMFCorePermissions.py
===================================================================
RCS file: /cvs-repository/CMF/CMFCore/CMFCorePermissions.py,v
retrieving revision 1.12
diff -u -r1.12 CMFCorePermissions.py
--- CMFCorePermissions.py	10 Dec 2002 21:44:39 -0000	1.12
+++ CMFCorePermissions.py	20 Feb 2003 10:54:00 -0000
@@ -81,6 +81,9 @@
 AddPortalContent = 'Add portal content'
 setDefaultRoles(AddPortalContent, ('Owner','Manager',))  # + Member
 
+AddContentInstances = 'Add content instances'
+setDefaultRoles( AddContentInstances, ( 'Owner', 'Manager', 'Member',))
+
 AddPortalMember = 'Add portal member'
 setDefaultRoles(AddPortalMember, ('Anonymous', 'Manager',))
 
Index: TypesTool.py
===================================================================
RCS file: /cvs-repository/CMF/CMFCore/TypesTool.py,v
retrieving revision 1.47
diff -u -r1.47 TypesTool.py
--- TypesTool.py	6 Jan 2003 20:37:06 -0000	1.47
+++ TypesTool.py	20 Feb 2003 10:54:00 -0000
@@ -32,6 +32,7 @@
 from CMFCorePermissions import View
 from CMFCorePermissions import ManagePortal
 from CMFCorePermissions import AccessContentsInformation
+from CMFCorePermissions import AddContentInstances
 
 from interfaces.portal_types import ContentTypeInformation as ITypeInformation
 from interfaces.portal_types import portal_types as ITypesTool
@@ -451,6 +452,12 @@
     #
     #   Agent methods
     #
+    security.declareProtected(AddContentInstances, '_testCreationPermission')
+    def _testCreationPermission(self):
+        # Dummy method on which to test AddContentInstances
+        # permission before allowing creation of content
+        pass
+
     def _getFactoryMethod(self, container):
         if not self.product or not self.factory:
             raise ValueError, ('Product factory for %s was undefined' %
@@ -460,7 +467,8 @@
         if m is None:
             raise ValueError, ('Product factory for %s was invalid' %
                                self.getId())
-        if getSecurityManager().validate(p, p, self.factory, m):
+        if getSecurityManager().validate(p, p, self.factory, m) \
+            and getSecurityManager().validate(self, self, '_testCreationPermission', self._testCreationPermission):
             return m
         raise Unauthorized, ('Cannot create %s' % self.getId())
 
@@ -475,7 +483,8 @@
             try:
                 # validate() can either raise Unauthorized or return 0 to
                 # mean unauthorized.
-                if getSecurityManager().validate(p, p, self.factory, m):
+                if getSecurityManager().validate(p, p, self.factory, m) \
+                    and getSecurityManager().validate(self, self, '_testCreationPermission', self._testCreationPermission):
                     return m
             except Unauthorized:
                 pass

--Boundary-00=_3bLV+aeKZdKLb4H--