X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=roundup%2Fsecurity.py;h=e9f196efd74a7146e6c927b43c06f8c692976c55;hb=b401348164da95cb657854719264493477f0ae22;hp=0d50318d524cc635e20ae5abab68f8aad54a2b48;hpb=d20250cd9b34cc0a4440034327f33b5f655c233f;p=roundup.git diff --git a/roundup/security.py b/roundup/security.py index 0d50318..e9f196e 100644 --- a/roundup/security.py +++ b/roundup/security.py @@ -66,8 +66,9 @@ class Security: description="User may register through the email") # initialise the permissions and roles needed for the UIs - from roundup import cgi_client, mailgw - cgi_client.initialiseSecurity(self) + from roundup.cgi import client + client.initialiseSecurity(self) + from roundup import mailgw mailgw.initialiseSecurity(self) def getPermission(self, permission, classname=None): @@ -78,9 +79,13 @@ class Security: ''' if not self.permission.has_key(permission): raise ValueError, 'No permission "%s" defined'%permission + + # look through all the permissions of the given name for perm in self.permission[permission]: + # if we're passed a classname, the permission must match if perm.klass is not None and perm.klass == classname: return perm + # otherwise the permission klass must be unset elif not perm.klass and not classname: return perm raise ValueError, 'No permission "%s" defined for "%s"'%(permission, @@ -96,9 +101,14 @@ class Security: for rolename in roles.split(','): if not rolename: continue + # for each of the user's Roles, check the permissions for perm in self.role[rolename].permissions: - if perm.klass is None or perm.klass == classname: - return 1 + # permission name match? + if perm.name == permission: + # permission klass match? + if perm.klass is None or perm.klass == classname: + # we have a winner + return 1 return 0 def hasNodePermission(self, classname, nodeid, **propspec): @@ -148,3 +158,4 @@ class Security: role = self.role[rolename] role.permissions.append(permission) +# vim: set filetype=python ts=4 sw=4 et si