Added context for request permission check
authorThierry Florac <thierry.florac@onf.fr>
Mon, 18 Jan 2016 18:50:57 +0100
changeset 5 a8a94e2863b0
parent 4 656f5c43687d
child 6 a6c84f9c03d3
Added context for request permission check
src/pyams_viewlet/manager.py
src/pyams_viewlet/viewlet.py
--- a/src/pyams_viewlet/manager.py	Wed Oct 07 17:43:32 2015 +0200
+++ b/src/pyams_viewlet/manager.py	Mon Jan 18 18:50:57 2016 +0100
@@ -60,7 +60,7 @@
 
         # If the viewlet cannot be accessed, then raise an
         # unauthorized error
-        if viewlet.permission and not self.request.has_permission(viewlet.permission):
+        if viewlet.permission and not self.request.has_permission(viewlet.permission, context=self.context):
             raise HTTPUnauthorized('You are not authorized to access the provider called `%s`.' % name)
 
         # Return the viewlet.
@@ -85,7 +85,7 @@
         # Only return viewlets accessible to the principal
         request = self.request
         return [(name, viewlet) for name, viewlet in viewlets
-                if (not viewlet.permission) or request.has_permission(viewlet.permission)]
+                if (not viewlet.permission) or request.has_permission(viewlet.permission, context=self.context)]
 
     def sort(self, viewlets):
         """Sort the viewlets.
@@ -100,7 +100,7 @@
         self.__updated = True
 
         # check permission
-        if self.permission and not self.request.has_permission(self.permission):
+        if self.permission and not self.request.has_permission(self.permission, context=self.context):
             return
         # Find all content providers for the region
         viewlets = self._get_viewlets()
@@ -131,7 +131,7 @@
     def render(self):
         """See zope.contentprovider.interfaces.IContentProvider"""
         # Now render the view
-        if self.permission and not self.request.has_permission(self.permission):
+        if self.permission and not self.request.has_permission(self.permission, context=self.context):
             return ''
         if not self.viewlets:
             return ''
@@ -175,7 +175,9 @@
 
 def is_available(viewlet):
     try:
-        return ((not viewlet.permission) or viewlet.request.has_permission(viewlet.permission)) and viewlet.available
+        return ((not viewlet.permission) or
+                viewlet.request.has_permission(viewlet.permission, context=viewlet.context)) and \
+               viewlet.available
     except AttributeError:
         return True
 
--- a/src/pyams_viewlet/viewlet.py	Wed Oct 07 17:43:32 2015 +0200
+++ b/src/pyams_viewlet/viewlet.py	Mon Jan 18 18:50:57 2016 +0100
@@ -42,7 +42,7 @@
         pass
 
     def __call__(self):
-        if self.permission and not self.request.has_permission(self.permission):
+        if self.permission and not self.request.has_permission(self.permission, context=self.context):
             return ''
         self.update()
         return self.render()