gpt4 book ai didi

plone - 为什么 checkPermission 和 has_permission 返回不同的结果?

转载 作者:行者123 更新时间:2023-12-01 23:55:25 24 4
gpt4 key购买 nike

为什么这样做:

user.has_permission(permission, object)

user.checkPermission(permission, object)

返回不同的结果?

checkPermission 似乎是正确的结果。

最佳答案

因为它们是不同的函数

has_permissionAccessControl/users.pyBasicUser类的一个方法:

def has_permission(self, permission, object):
"""Check if the user has a permission on an object.

This method is just for inspecting permission settings. For access
control use getSecurityManager().checkPermission() instead.
"""
roles=rolesForPermissionOn(permission, object)
if isinstance(roles, str):
roles=[roles]
return self.allowed(object, roles)

虽然checkPermission是定义在AccessControl/security.py中的函数:

def checkPermission(permission, object, interaction=None):
"""Return whether security policy allows permission on object.

Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
interaction -- This zope.security concept has no equivalent in Zope 2,
and is ignored.

checkPermission is guaranteed to return True if permission is
CheckerPublic or None.
"""
if (permission in ('zope.Public', 'zope2.Public') or
permission is None or permission is CheckerPublic):
return True

if isinstance(permission, basestring):
permission = queryUtility(IPermission, unicode(permission))
if permission is None:
return False

if getSecurityManager().checkPermission(permission.title, object):
return True

return False

has_permission 用于检查权限设置,而 checkPermission 用于访问控制。换句话说,用户可能没有对某个对象进行权限设置,但仍然可以通过其他一些安全策略机制访问

关于plone - 为什么 checkPermission 和 has_permission 返回不同的结果?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23983435/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com