minor security-related improvements

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3906 fd906abe-77d9-0310-91a1-e0d9ade77398

browser/common.py

@@ -547,6 +547,10 @@ class BaseView(GenericView, I18NView):
             return not self.globalOptions('hideCreateResource')
         return True
 
+    @Lazy
+    def canAccessRestricted(self):
+        return checkPermission('loops.ViewRestricted', self.context)
+
     def openEditWindow(self, viewName='edit.html'):
         if self.editable:
             if checkPermission('loops.ManageSite', self.context):

security/common.py

@@ -58,6 +58,8 @@ localRoles = ('zope.Anonymous', 'zope.Member', 'zope.ContentManager',
 localPermissions = ('zope.ManageContent', 'zope.View', 'loops.ManageWorkspaces',
         'loops.ViewRestricted', 'loops.EditRestricted', 'loops.AssignAsParent',)
 
+acquiringPredicateNames = ('hasType', 'standard', 'ownedby', 'ispartof')
+
 allocationPredicateNames = ('ismaster', 'ismember')
 
 workspaceGroupsFolderName = 'gloops_ws'

security/setter.py

@@ -36,6 +36,7 @@ from zope.security.proxy import isinstance
 from loops.common import adapted, AdapterBase, baseObject
 from loops.organize.util import getPrincipalFolder, getGroupsFolder, getGroupId
 from loops.security.common import overrides, setRolePermission, setPrincipalRole
+from loops.security.common import acquiringPredicateNames
 from loops.interfaces import IConceptSchema, IBaseResourceSchema, ILoopsAdapter
 from loops.security.interfaces import ISecuritySetter
 
@@ -58,8 +59,7 @@ class BaseSecuritySetter(object):
 
     @Lazy
     def acquiringPredicates(self):
-        names = ('hasType', 'standard',)
-        return [self.conceptManager.get(n) for n in names]
+        return [self.conceptManager.get(n) for n in acquiringPredicateNames]
 
     def setDefaultRolePermissions(self):
         pass