cco/loops
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

check view permission when listing menu items

Browse source 
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@2946 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm 2008-10-26 15:14:00 +00:00
parent 4d05fa9ab3
commit b282159a8e
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
view.py
View file

@ -33,6 +33,7 @@ from zope.interface import implements
from zope.interface import alsoProvides, directlyProvides, directlyProvidedBy from zope.interface import alsoProvides, directlyProvides, directlyProvidedBy
from zope.publisher.browser import applySkin from zope.publisher.browser import applySkin
from zope import schema from zope import schema
from zope.security import canAccess
from zope.security.proxy import removeSecurityProxy from zope.security.proxy import removeSecurityProxy
from zope.traversing.api import getName, getParent from zope.traversing.api import getName, getParent
from persistent import Persistent from persistent import Persistent
@ -147,6 +148,8 @@ class Node(View, OrderedContainer):
def getChildNodes(self, nodeTypes=None): def getChildNodes(self, nodeTypes=None):
for item in self.values(): for item in self.values():
if not canAccess(item, 'title'):
continue
if INode.providedBy(item) \ if INode.providedBy(item) \
and (not nodeTypes or item.nodeType in nodeTypes): and (not nodeTypes or item.nodeType in nodeTypes):
yield item yield item