Mercurial Repository: p/roundup/code: roundup/security.py comparison

comparison roundup/security.py @ 4306:966592263fb8

Clean up all the places where role processing occurs. This is now in a central place in hyperdb.Class and is used consistently throughout. This also means now a template can override the way role processing occurs (e.g. for elaborate permission schemes). Thanks to intevation for funding the change. Note: On first glance the hyperdb.Class may not be the ideal place for role processing. On second thought: Roles may appear in other classes, too (e.g., a user_group or similar) which then don't need to reinvent the wheel. And I didn't want to introduce a separate UserClass (as is the case for the HTML classes) due to compatibility issues with existing schema.py out there.

author	Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date	Tue, 15 Dec 2009 15:11:27 +0000
parents	34434785f308
children	261c9f913ff7

comparison

equal deleted inserted replaced

-:e39b88a7150a
+:966592263fb8
 when invoked, must return a True value.
 Note that this functionality is actually implemented by the
 Permission.test() method.
 '''
-roles = self.db.user.get(userid, 'roles')
-if roles is None:
-return 0
 if itemid and classname is None:
 raise ValueError, 'classname must accompany itemid'
-for rolename in [x.lower().strip() for x in roles.split(',')]:
+for rolename in self.db.user.get_roles(userid):
 if not rolename or not self.role.has_key(rolename):
 continue
 # for each of the user's Roles, check the permissions
 for perm in self.role[rolename].permissions:
 # permission match?

Mercurial > p > roundup > code

comparison roundup/security.py @ 4306:966592263fb8