[Zope-CVS] CVS: Products/Transience - Transience.py:1.12
Matthew T. Kromer
matt@zope.com
Wed, 7 Nov 2001 17:09:53 -0500
Update of /cvs-repository/Products/Transience
In directory cvs.zope.org:/tmp/cvs-serv14508/lib/python/Products/Transience
Modified Files:
Transience.py
Log Message:
Update so callbacks happen as "nobody" user.
=== Products/Transience/Transience.py 1.11 => 1.12 ===
from Persistence import Persistent, PersistentMapping
from Acquisition import Implicit, aq_base
-from AccessControl import ClassSecurityInfo
+from AccessControl import ClassSecurityInfo, getSecurityManager
+from AccessControl.SecurityManagement import newSecurityManager
+import AccessControl.SpecialUsers
+from AccessControl.User import nobody
from BTrees import OOBTree
from zLOG import LOG, WARNING
import os.path
@@ -124,6 +127,7 @@
constructTransientObjectContainerForm = HTMLFile(
'dtml/addTransientObjectContainer', globals())
+
def constructTransientObjectContainer(self, id, title='', timeout_mins=20,
addNotification=None, delNotification=None,
REQUEST=None):
@@ -169,7 +173,7 @@
security.setPermissionDefault(ACCESS_CONTENTS_PERM,
['Manager','Anonymous'])
security.setPermissionDefault(ACCESS_TRANSIENTS_PERM,
- ['Manager','Anonymous'])
+ ['Manager','Anonymous','Sessions'])
security.setPermissionDefault(CREATE_TRANSIENTS_PERM,
['Manager',])
@@ -318,16 +322,21 @@
if callable(method):
try:
- method(item, self)
- except:
- # dont raise, just log
- path = self.getPhysicalPath()
- LOG('Transience',
- WARNING,
- '%s failed when calling %s in %s' % (name, callback,
- '/'.join(path)),
- error=sys.exc_info()
- )
+ user = getSecurityManager().getUser()
+ try:
+ newSecurityManager(None, nobody)
+ method(item, self)
+ except:
+ # dont raise, just log
+ path = self.getPhysicalPath()
+ LOG('Transience',
+ WARNING,
+ '%s failed when calling %s in %s' % (name, callback,
+ '/'.join(path)),
+ error=sys.exc_info()
+ )
+ finally:
+ newSecurityManager(None, user)
else:
err = '%s in %s attempted to call non-callable %s'
path = self.getPhysicalPath()