From f783895538f411fd9098f064ca4648ffa7d48ed6 Mon Sep 17 00:00:00 2001
From: helmutm <helmutm@fd906abe-77d9-0310-91a1-e0d9ade77398>
Date: Sat, 26 Jun 2010 16:51:06 +0000
Subject: [PATCH] minor security-related improvements

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3906 fd906abe-77d9-0310-91a1-e0d9ade77398
---
 browser/common.py  | 4 ++++
 security/common.py | 2 ++
 security/setter.py | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/browser/common.py b/browser/common.py
index c7eb71e..16c72e2 100644
--- a/browser/common.py
+++ b/browser/common.py
@@ -547,6 +547,10 @@ class BaseView(GenericView, I18NView):
             return not self.globalOptions('hideCreateResource')
         return True
 
+    @Lazy
+    def canAccessRestricted(self):
+        return checkPermission('loops.ViewRestricted', self.context)
+
     def openEditWindow(self, viewName='edit.html'):
         if self.editable:
             if checkPermission('loops.ManageSite', self.context):
diff --git a/security/common.py b/security/common.py
index 352d374..3a0cbde 100644
--- a/security/common.py
+++ b/security/common.py
@@ -58,6 +58,8 @@ localRoles = ('zope.Anonymous', 'zope.Member', 'zope.ContentManager',
 localPermissions = ('zope.ManageContent', 'zope.View', 'loops.ManageWorkspaces',
         'loops.ViewRestricted', 'loops.EditRestricted', 'loops.AssignAsParent',)
 
+acquiringPredicateNames = ('hasType', 'standard', 'ownedby', 'ispartof')
+
 allocationPredicateNames = ('ismaster', 'ismember')
 
 workspaceGroupsFolderName = 'gloops_ws'
diff --git a/security/setter.py b/security/setter.py
index 8dbee95..74d67bc 100644
--- a/security/setter.py
+++ b/security/setter.py
@@ -36,6 +36,7 @@ from zope.security.proxy import isinstance
 from loops.common import adapted, AdapterBase, baseObject
 from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
 from loops.security.common import overrides, setRolePermission, setPrincipalRole
+from loops.security.common import acquiringPredicateNames
 from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
 from loops.security.interfaces import ISecuritySetter
 
@@ -58,8 +59,7 @@ class BaseSecuritySetter(object):
 
     @Lazy
     def acquiringPredicates(self):
-        names = ('hasType', 'standard',)
-        return [self.conceptManager.get(n) for n in names]
+        return [self.conceptManager.get(n) for n in acquiringPredicateNames]
 
     def setDefaultRolePermissions(self):
         pass