Mercurial > p > roundup > code
diff roundup/security.py @ 4306:966592263fb8
Clean up all the places where role processing occurs.
This is now in a central place in hyperdb.Class and is used
consistently throughout. This also means now a template can override
the way role processing occurs (e.g. for elaborate permission
schemes). Thanks to intevation for funding the change.
Note: On first glance the hyperdb.Class may not be the ideal place for
role processing. On second thought: Roles may appear in other classes,
too (e.g., a user_group or similar) which then don't need to reinvent
the wheel. And I didn't want to introduce a separate UserClass (as is
the case for the HTML classes) due to compatibility issues with existing
schema.py out there.
| author | Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net> |
|---|---|
| date | Tue, 15 Dec 2009 15:11:27 +0000 |
| parents | 34434785f308 |
| children | 261c9f913ff7 |
line wrap: on
line diff
--- a/roundup/security.py Mon Dec 14 21:48:51 2009 +0000 +++ b/roundup/security.py Tue Dec 15 15:11:27 2009 +0000 @@ -162,12 +162,9 @@ Note that this functionality is actually implemented by the Permission.test() method. ''' - roles = self.db.user.get(userid, 'roles') - if roles is None: - return 0 if itemid and classname is None: raise ValueError, 'classname must accompany itemid' - for rolename in [x.lower().strip() for x in roles.split(',')]: + for rolename in self.db.user.get_roles(userid): if not rolename or not self.role.has_key(rolename): continue # for each of the user's Roles, check the permissions