[Product-Developers] Weird permission issue with invokeFactory()
Gilles Lenfant
gilles.lenfant at alterway.fr
Fri Sep 2 12:20:03 UTC 2011
Le 2 sept. 2011 à 12:35, Andreas Jung a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> Plone 4.x...
>
> I have code calling
>
> folder.invokeFactory(some_type, id=some_id, title=.., other_attr=...)
>
> This code works for a user with Manager role but fails for a user with
> local roles Editor, Contributor (on the folder).
>
> The underlaying edit() call seems to require the Manager role.
IMO, this should be protected by the appropriate permission, "Modify portal content" and not for a role.
>
> This is intentional?
>
> The workaround is to call the mutators of the generated object myself...
> working but not nice.
Otherwise change temporarily to a Manager role. This can be done easily in a reusable Python 2.6 context manager.
from AccessControl.SpecialUsers import system as he_can_do_everything
from AccessControl.SecurityManagement import (
getSecurityManager, setSecurityManager, newSecurityManager
)
class RunAsManager(object):
def __init__(self, request):
self.request = request
def __enter__(self):
self.real_sm = getSecurityManager()
newSecurityManager(self.request, he_can_do_everything)
return self.real_sm # What else ?
def __exit__(self, exc_type, exc_value, traceback):
setSecurityManager(self.real_sm)
return
Then in your app:
with RunAsManager(self.request) as dummy_sm:
# Do something that requires Manager rights
# (as short as possible)
This is untested but this should work. Try it ;)
--
Gilles Lenfant
>
> Andreas
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQGUBAEBAgAGBQJOYLFUAAoJEADcfz7u4AZjsUoLv3ZAc+4k8KSJ2KjkKE1/iMS4
> tiJR3seciNE1jiSqYUyLSUwrX09XrjudpNeCBC7GSdp0dTR+2DE61XpHKz8i77RI
> N4GWsUzlclFveUQRvwzu1W0UGbkTTP2YXdaYGole/an0u0AP9Euz9ZGkXJVvW7Em
> L58CoUfh4lenL1ZTTPEQOKcewWpk95e/lHelaD+sM2nv67SvkETtqUFnZ+zRIHh/
> /kic+qIbxaVuf+wr+zfqbAPoEY8v+s36b6+m1pUU+ALnaz+FqPA7f0FP3u25pJO0
> PYrmCOVv1IVcuGzyujs0DyBR3p0saeIG4FKSyan7XeisvprSEiWibImB/L9fQb+w
> IOha192lpSugkZH7tGy6g1+HE0EvhHRXWHiZBMWU8JX2Odjc1PruyBxGohq4BKn9
> 40Oy7EbRzGVpqSyUK5f/xj16udKF/SqXloqh7fl+X7dUuoMKFQ3wIZVR8Md6aayl
> 7xtJGOgXtm85mCRq6YWAKA7fjDRPlQk=
> =aAiA
> -----END PGP SIGNATURE-----
> <lists.vcf>_______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-product-developers
More information about the Product-Developers
mailing list