plone - 为什么 checkPermission 和 has_permission 返回不同的结果？

Question

为什么这样做:

user.has_permission(permission, object)

和

user.checkPermission(permission, object)

返回不同的结果？

checkPermission 似乎是正确的结果。

Answer 1

因为它们是不同的函数。

has_permission是AccessControl/users.py中BasicUser类的一个方法:

def has_permission(self, permission, object):
    """Check if the user has a permission on an object.

    This method is just for inspecting permission settings. For access
    control use getSecurityManager().checkPermission() instead.
    """
    roles=rolesForPermissionOn(permission, object)
    if isinstance(roles, str):
        roles=[roles]
    return self.allowed(object, roles)

虽然checkPermission是定义在AccessControl/security.py中的函数:

def checkPermission(permission, object, interaction=None):
    """Return whether security policy allows permission on object.

    Arguments:
    permission -- A permission name
    object -- The object being accessed according to the permission
    interaction -- This zope.security concept has no equivalent in Zope 2,
        and is ignored.

    checkPermission is guaranteed to return True if permission is
    CheckerPublic or None.
    """
    if (permission in ('zope.Public', 'zope2.Public') or
        permission is None or permission is CheckerPublic):
        return True

    if isinstance(permission, basestring):
        permission = queryUtility(IPermission, unicode(permission))
        if permission is None:
            return False

    if getSecurityManager().checkPermission(permission.title, object):
        return True

    return False

has_permission 用于检查权限设置，而 checkPermission 用于访问控制。换句话说，用户可能没有对某个对象进行权限设置，但仍然可以通过其他一些安全策略机制访问。