Status: Pending => Accepted
Supporters added: tseaver
Uploaded: issue_380.patch
> = Comment - Entry #3 by shh on Feb 17, 2006 4:37 am > > Oh the horror :-). > > Can't you use portal_catalog.unrestrictedSearchResults() ??
Not from untrusted code, which is the only point in adking for proxy roles in the first place.
> Index: CatalogTool.py > =================================================================== > --- CatalogTool.py (Revision 38302) > +++ CatalogTool.py (working copy) > @@ -15,7 +15,7 @@ > $Id$ > """ > > -from AccessControl import ClassSecurityInfo > +from AccessControl import ClassSecurityInfo,getSecurityManager > from AccessControl.PermissionRole import rolesForPermissionOn > from DateTime import DateTime > from Globals import DTMLFile > @@ -275,7 +275,14 @@ > query = (lo, hi) > range = 'min:max' > kw[k] = {'query': query, 'range': range} > + else: > + eo = getSecurityManager()._context.stack[-1] > + proxy_roles = getattr(eo,'_proxy_roles',None) > + if proxy_roles: > + for r in proxy_roles: > + kw['allowedRolesAndUsers'].append(r) > > + > return ZCatalog.searchResults(self, REQUEST, **kw) > > __call__ = searchResults
This patch is not workable, because it ignores the fact that proxy roles must *replace*, not supplement, the user's roles.
I'm attaching a patch, with tests, which makes proxy roles work by changing how the catalog looks up the effective roles.
Status: Pending => Accepted
Supporters added: tseaver
Uploaded: issue_380.patch
> = Comment - Entry #3 by shh on Feb 17, 2006 4:37 am catalog. unrestrictedSea rchResults( ) ??
>
> Oh the horror :-).
>
> Can't you use portal_
Not from untrusted code, which is the only point in adking for
proxy roles in the first place.
> Index: CatalogTool.py ======= ======= ======= ======= ======= ======= ======= ======= ==== fo,getSecurityM anager PermissionRole import rolesForPermiss ionOn ger()._ context. stack[- 1] eo,'_proxy_ roles', None) sAndUsers' ].append( r) searchResults( self, REQUEST, **kw)
> =======
> --- CatalogTool.py (Revision 38302)
> +++ CatalogTool.py (working copy)
> @@ -15,7 +15,7 @@
> $Id$
> """
>
> -from AccessControl import ClassSecurityInfo
> +from AccessControl import ClassSecurityIn
> from AccessControl.
> from DateTime import DateTime
> from Globals import DTMLFile
> @@ -275,7 +275,14 @@
> query = (lo, hi)
> range = 'min:max'
> kw[k] = {'query': query, 'range': range}
> + else:
> + eo = getSecurityMana
> + proxy_roles = getattr(
> + if proxy_roles:
> + for r in proxy_roles:
> + kw['allowedRole
>
> +
> return ZCatalog.
>
> __call__ = searchResults
This patch is not workable, because it ignores the fact that
proxy roles must *replace*, not supplement, the user's roles.
I'm attaching a patch, with tests, which makes proxy roles work
by changing how the catalog looks up the effective roles.