Mercurial > p > roundup > code

comparison roundup/security.py @ 8139:de58ff07890e permission-performance

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rename parameter of hasPermission Rename only_no_check to skip_permissions_with_check. Revert explicit no-properties check in Permission.searchable, this check is already taken care of by the _properties_dict check. Add a comment on what _properties_dict does.
author Ralf Schlatterbeck <rsc@runtux.com>
date Thu, 24 Oct 2024 09:19:25 +0200
parents 8e9181dfc9fa
children e9af08743759
comparison
equal deleted inserted replaced
8136:5a2b9435a04d 8139:de58ff07890e
120 # are we checking the correct class 120 # are we checking the correct class
121 if self.klass is not None and self.klass != classname: 121 if self.klass is not None and self.klass != classname:
122 return 0 122 return 0
123 123
124 # what about property? 124 # what about property?
125 # Note that _properties_dict always returns True if it was
126 # initialized with empty properties
125 if property is not None and not self._properties_dict[property]: 127 if property is not None and not self._properties_dict[property]:
126 return 0 128 return 0
127 129
128 # is this a props_only permission and permissions are set 130 # is this a props_only permission and permissions are set
129 if property is None and self.properties is not None and \ 131 if property is None and self.properties is not None and \
157 159
158 # Do not allow access if we have a check method 160 # Do not allow access if we have a check method
159 if self.check: 161 if self.check:
160 return 0 162 return 0
161 163
162 # Allow if we have access to *all* properties
163 if self.properties is None:
164 return 1
165
166 # what about property? 164 # what about property?
165 # Note that _properties_dict always returns True if it was
166 # initialized with empty properties
167 if not self._properties_dict[property]: 167 if not self._properties_dict[property]:
168 return 0 168 return 0
169 169
170 return 1 170 return 1
171 171
360 return perm 360 return perm
361 raise ValueError('No permission "%s" defined for "%s"' % (permission, 361 raise ValueError('No permission "%s" defined for "%s"' % (permission,
362 classname)) 362 classname))
363 363
364 def hasPermission(self, permission, userid, classname=None, 364 def hasPermission(self, permission, userid, classname=None,
365 property=None, itemid=None, only_no_check=False): 365 property=None, itemid=None,
366 skip_permissions_with_check=False):
366 '''Look through all the Roles, and hence Permissions, and 367 '''Look through all the Roles, and hence Permissions, and
367 see if "permission" exists given the constraints of 368 see if "permission" exists given the constraints of
368 classname, property, itemid, and props_only. 369 classname, property, itemid, and props_only.
369 370
370 If classname is specified (and only classname) the 371 If classname is specified (and only classname) the
396 # for each of the user's Roles, check the permissions 397 # for each of the user's Roles, check the permissions
397 # Note that checks with a check method are typically a lot more 398 # Note that checks with a check method are typically a lot more
398 # expensive than the ones without. So we check the ones without 399 # expensive than the ones without. So we check the ones without
399 # a check method first 400 # a check method first
400 checklist = (False, True) 401 checklist = (False, True)
401 if only_no_check: 402 if skip_permissions_with_check:
402 checklist = (False,) 403 checklist = (False,)
403 for has_check in checklist: 404 for has_check in checklist:
404 for rolename in self.db.user.get_roles(userid): 405 for rolename in self.db.user.get_roles(userid):
405 if not rolename or (rolename not in self.role): 406 if not rolename or (rolename not in self.role):
406 continue 407 continue
Roundup Issue Tracker: http://roundup-tracker.org/