[Mpuls-commits] r5594 - base/trunk/mpulsweb/lib

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Nov 17 21:45:57 CET 2011 

Author: bh
Date: 2011-11-17 21:45:54 +0100 (Thu, 17 Nov 2011)
New Revision: 5594

Modified:
   base/trunk/mpulsweb/lib/base.py
Log:
Exted BaseController._loadCase to check the permissions of the user.

After _loadCase has loaded the case object, it now checks whether the
current user has the necessary permissions to acces the case. This is
determined with the new case object methods user_may_read and
user_may_edit. The caller of _loadCase can control whether edit
permission is required with the new parameter read_only. The read_only
parameter defaults to false so that unless the caller explicitly states
that edit permission is not needed, the user is assumed to require edit
permissions. The reasoning for this default is described in the
doc-string. 

The default implementation for user_may_read and user_may_edit always
return True, so the new behavior of _loadCase should not affect
existing code.

Implements part of the new infrastructure for mpuls/issue2367


Modified: base/trunk/mpulsweb/lib/base.py
===================================================================
--- base/trunk/mpulsweb/lib/base.py	2011-11-17 20:05:18 UTC (rev 5593)
+++ base/trunk/mpulsweb/lib/base.py	2011-11-17 20:45:54 UTC (rev 5594)
@@ -114,8 +114,32 @@
         self.db = None
         self.page_cache = None
 
-    def _loadCase(self, id):
+    def _loadCase(self, id, read_only=False):
+        """Load and return the case object for the case with the given id.
+
+        If the parameter read_only is false (the default), the case must
+        be editable by the current user as determined by the case's
+        user_may_edit method. If the case is not editable in this sense,
+        the method calls the showError method. Also, showError is called
+        if the case is not readable by the current user as determined by
+        the case's user_may_read method.
+
+        Note that the default value of the read_only parameter means
+        that by default the _loadCase assumes that cases are loaded in
+        order to modify them and will raise an exception if the user is
+        not allowed to do that. The default value was chosen to err on
+        the side of caution. From a security point of view it's better
+        to deny an action that should have been allowed, than to allow
+        an action that ought to have been denied.
+        """
         case = g.case_factory.loadById(id)
+
+        user = session["USER_AUTHORIZED"]
+        if not case.user_may_read(user):
+            self.showError()
+        if not read_only and not case.user_may_edit(user):
+            self.showError()
+
         session_case = case.getSessionCase()
         if session.has_key('case'):
             old_caseid = session.get('case').id

More information about the Mpuls-commits mailing list