[tokkee]

tokkee.org

Code

projects / roundup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
merge from maint-0-5
[roundup.git] / roundup / security.py
diff --git a/roundup/security.py b/roundup/security.py
index 0d50318d524cc635e20ae5abab68f8aad54a2b48..0526b4eb8c66e3e0730d550fc42744a7229d4cce 100644 (file)
--- a/roundup/security.py
+++ b/roundup/security.py
@@ -66,8 +66,9 @@ class Security:
             description="User may register through the email")
 
         # initialise the permissions and roles needed for the UIs
-        from roundup import cgi_client, mailgw
-        cgi_client.initialiseSecurity(self)
+        from roundup.cgi import client
+        client.initialiseSecurity(self)
+        from roundup import mailgw
         mailgw.initialiseSecurity(self)
 
     def getPermission(self, permission, classname=None):
@@ -78,9 +79,13 @@ class Security:
         '''
         if not self.permission.has_key(permission):
             raise ValueError, 'No permission "%s" defined'%permission
+
+        # look through all the permissions of the given name
         for perm in self.permission[permission]:
+            # if we're passed a classname, the permission must match
             if perm.klass is not None and perm.klass == classname:
                 return perm
+            # otherwise the permission klass must be unset
             elif not perm.klass and not classname:
                 return perm
         raise ValueError, 'No permission "%s" defined for "%s"'%(permission,
@@ -94,11 +99,16 @@ class Security:
         if roles is None:
             return 0
         for rolename in roles.split(','):
-            if not rolename:
+            if not rolename or not self.role.has_key(rolename):
                 continue
+            # for each of the user's Roles, check the permissions
             for perm in self.role[rolename].permissions:
-                if perm.klass is None or perm.klass == classname:
-                    return 1
+                # permission name match?
+                if perm.name == permission:
+                    # permission klass match?
+                    if perm.klass is None or perm.klass == classname:
+                        # we have a winner
+                        return 1
         return 0
 
     def hasNodePermission(self, classname, nodeid, **propspec):
@@ -148,3 +158,4 @@ class Security:
         role = self.role[rolename]
         role.permissions.append(permission)
 
+# vim: set filetype=python ts=4 sw=4 et si
Roundup Issue Tracker (SVN clone)