예제 #1
0
    def available(self):
        """See zope.app.publisher.interfaces.browser.IBrowserMenuItem"""
        # Make sure we have the permission needed to access the menu's action
        if self.permission is not None:
            # If we have an explicit permission, check that we
            # can access it.
            if not checkPermission(self.permission, self.context):
                return False

        elif self.action != u'':
            # Otherwise, test access by attempting access
            path = self.action
            l = self.action.find('?')
            if l >= 0:
                path = self.action[:l]

            traverser = PublicationTraverser()
            try:
                view = traverser.traverseRelativeURL(self.request,
                                                     self.context, path)
            except (Unauthorized, Forbidden, LookupError):
                return False
            else:
                # we're assuming that view pages are callable
                # this is a pretty sound assumption
                if not canAccess(view, '__call__'):
                    return False

        # Make sure that we really want to see this menu item
        if self.filter is not None:

            try:
                include = self.filter(
                    Engine.getContext(
                        context=self.context,
                        nothing=None,
                        request=self.request,
                        modules=sys.modules,
                    ))
            except Unauthorized:
                return False
            else:
                if not include:
                    return False

        return True
예제 #2
0
    def available(self):
        """See zope.app.publisher.interfaces.browser.IBrowserMenuItem"""
        # Make sure we have the permission needed to access the menu's action
        if self.permission is not None:
            # If we have an explicit permission, check that we
            # can access it.
            if not checkPermission(self.permission, self.context):
                return False

        elif self.action != u'':
            # Otherwise, test access by attempting access
            path = self.action
            l = self.action.find('?')
            if l >= 0:
                path = self.action[:l]

            traverser = PublicationTraverser()
            try:
                view = traverser.traverseRelativeURL(
                    self.request, self.context, path)
            except (Unauthorized, Forbidden, LookupError):
                return False
            else:
                # we're assuming that view pages are callable
                # this is a pretty sound assumption
                if not canAccess(view, '__call__'):
                    return False

        # Make sure that we really want to see this menu item
        if self.filter is not None:

            try:
                include = self.filter(Engine.getContext(
                    context = self.context,
                    nothing = None,
                    request = self.request,
                    modules = sys.modules,
                    ))
            except Unauthorized:
                return False
            else:
                if not include:
                    return False

        return True
예제 #3
0
def getMenu(menu_id, object, request, max=999999):
    traverser = PublicationTraverser()

    result = []
    seen = {}

    # stuff for figuring out the selected view
    request_url = request.getURL()

    for item in globalBrowserMenuService.getAllMenuItems(menu_id, object):

        # Make sure we don't repeat a specification for a given title
        title = item.title
        if title in seen:
            continue
        seen[title] = 1

        permission = item.permission
        action = item.action

        if permission:
            # If we have an explicit permission, check that we
            # can access it.
            if not checkPermission(permission, object):
                continue

        elif action:
            # Otherwise, test access by attempting access
            path = action
            l = action.find('?')
            if l >= 0:
               path = action[:l]
            try:
                v = traverser.traverseRelativeURL(
                    request, object, path)
                # TODO:
                # tickle the security proxy's checker
                # we're assuming that view pages are callable
                # this is a pretty sound assumption
                v.__call__
            except (Unauthorized, Forbidden):
                continue # Skip unauthorized or forbidden

        normalized_action = action
        if action.startswith('@@'):
            normalized_action = action[2:]

        if request_url.endswith('/'+normalized_action):
            selected='selected'
        elif request_url.endswith('/++view++'+normalized_action):
            selected='selected'
        elif request_url.endswith('/@@'+normalized_action):
            selected='selected'
        else:
            selected=''

        result.append({
            'title': title,
            'description': item.description,
            'action': "%s" % action,
            'filter': item.filter,
            'selected': selected,
            'extra': item.extra,
            })

        if len(result) >= max:
            return result

    return result
예제 #4
0
def getMenu(menu_id, object, request, max=999999):
    traverser = PublicationTraverser()

    result = []
    seen = {}

    # stuff for figuring out the selected view
    request_url = request.getURL()

    for item in globalBrowserMenuService.getAllMenuItems(menu_id, object):

        # Make sure we don't repeat a specification for a given title
        title = item.title
        if title in seen:
            continue
        seen[title] = 1

        permission = item.permission
        action = item.action

        if permission:
            # If we have an explicit permission, check that we
            # can access it.
            if not checkPermission(permission, object):
                continue

        elif action:
            # Otherwise, test access by attempting access
            path = action
            l = action.find('?')
            if l >= 0:
                path = action[:l]
            try:
                v = traverser.traverseRelativeURL(request, object, path)
                # TODO:
                # tickle the security proxy's checker
                # we're assuming that view pages are callable
                # this is a pretty sound assumption
                v.__call__
            except (Unauthorized, Forbidden):
                continue  # Skip unauthorized or forbidden

        normalized_action = action
        if action.startswith('@@'):
            normalized_action = action[2:]

        if request_url.endswith('/' + normalized_action):
            selected = 'selected'
        elif request_url.endswith('/++view++' + normalized_action):
            selected = 'selected'
        elif request_url.endswith('/@@' + normalized_action):
            selected = 'selected'
        else:
            selected = ''

        result.append({
            'title': title,
            'description': item.description,
            'action': "%s" % action,
            'filter': item.filter,
            'selected': selected,
            'extra': item.extra,
        })

        if len(result) >= max:
            return result

    return result