Back to index

plone3  3.1.7
validator.py
Go to the documentation of this file.
00001 from Acquisition import Implicit, aq_parent
00002 from Products.CMFCore.utils import _checkPermission as checkPerm
00003 from Products.Archetypes.Storage import AttributeStorage
00004 
00005 class AttributeValidator(Implicit):
00006     """(Ab)Use the security policy implementation.
00007 
00008     This class will be used to protect attributes managed by
00009     AttributeStorage with the same permission as the accessor method.
00010 
00011     It does so by abusing a feature of the security policy
00012     implementation that the
00013     '__allow_access_to_unprotected_subobjects__' attribute can be (0,
00014     1) or a dictionary of {name: 0|1} or a callable instance taking
00015     'name' and 'value' arguments.
00016 
00017     The said attribute is accessed through getattr(), so by
00018     subclassing from Implicit we get the accessed object as our
00019     aq_parent.
00020 
00021     Next step is to check if the name is indeed a field name, and if
00022     so, if it's using AttributeStorage, and if so, check the
00023     read_permission against the object being accessed. All other cases
00024     return '1' which means allow.
00025     """
00026 
00027     def __call__(self, name, value):
00028         context = aq_parent(self)
00029         schema = context.Schema()
00030         if not schema.has_key(name):
00031             return 1
00032         field = schema[name]
00033         if not isinstance(field.getStorage(), AttributeStorage):
00034             return 1
00035         perm = field.read_permission
00036         if checkPerm(perm, context):
00037             return 1
00038         return 0