# HG changeset patch # User Thierry Florac # Date 1453139457 -3600 # Node ID a8a94e2863b08d0be5282fac6c67c3540aa2b0dc # Parent 656f5c43687dccfbc904aacd3471c1a479d91299 Added context for request permission check diff -r 656f5c43687d -r a8a94e2863b0 src/pyams_viewlet/manager.py --- a/src/pyams_viewlet/manager.py Wed Oct 07 17:43:32 2015 +0200 +++ b/src/pyams_viewlet/manager.py Mon Jan 18 18:50:57 2016 +0100 @@ -60,7 +60,7 @@ # If the viewlet cannot be accessed, then raise an # unauthorized error - if viewlet.permission and not self.request.has_permission(viewlet.permission): + if viewlet.permission and not self.request.has_permission(viewlet.permission, context=self.context): raise HTTPUnauthorized('You are not authorized to access the provider called `%s`.' % name) # Return the viewlet. @@ -85,7 +85,7 @@ # Only return viewlets accessible to the principal request = self.request return [(name, viewlet) for name, viewlet in viewlets - if (not viewlet.permission) or request.has_permission(viewlet.permission)] + if (not viewlet.permission) or request.has_permission(viewlet.permission, context=self.context)] def sort(self, viewlets): """Sort the viewlets. @@ -100,7 +100,7 @@ self.__updated = True # check permission - if self.permission and not self.request.has_permission(self.permission): + if self.permission and not self.request.has_permission(self.permission, context=self.context): return # Find all content providers for the region viewlets = self._get_viewlets() @@ -131,7 +131,7 @@ def render(self): """See zope.contentprovider.interfaces.IContentProvider""" # Now render the view - if self.permission and not self.request.has_permission(self.permission): + if self.permission and not self.request.has_permission(self.permission, context=self.context): return '' if not self.viewlets: return '' @@ -175,7 +175,9 @@ def is_available(viewlet): try: - return ((not viewlet.permission) or viewlet.request.has_permission(viewlet.permission)) and viewlet.available + return ((not viewlet.permission) or + viewlet.request.has_permission(viewlet.permission, context=viewlet.context)) and \ + viewlet.available except AttributeError: return True diff -r 656f5c43687d -r a8a94e2863b0 src/pyams_viewlet/viewlet.py --- a/src/pyams_viewlet/viewlet.py Wed Oct 07 17:43:32 2015 +0200 +++ b/src/pyams_viewlet/viewlet.py Mon Jan 18 18:50:57 2016 +0100 @@ -42,7 +42,7 @@ pass def __call__(self): - if self.permission and not self.request.has_permission(self.permission): + if self.permission and not self.request.has_permission(self.permission, context=self.context): return '' self.update() return self.render()