Part of lp.services.webapp.authorization View In Hierarchy
|Method||checkPermission||Check the permission, object, user against the launchpad|
|Method||checkUnauthenticatedPermission||Check the permission and object against the Launchpad|
|Method||_checkRequiredAccessLevel||Check that the principal has the level of access required.|
|Method||_checkPrivacy||If the object is private, check that the principal can access it.|
|Method||_getPrincipalsAccessLevel||Get the principal's access level for the given object.|
|Method||_baseCheckPermission||Check the permission, object, user against the launchpad|
Each permission specifies the level of access it requires (read or write) and all LaunchpadPrincipals have an access_level attribute. If the principal's access_level is not sufficient for that permission, returns False.
If the object is private and the principal's access level doesn't give access to private objects, return False. Return True otherwise.
If the principal's scope is None or the object is within the principal's scope, the original access level is returned. Otherwise the access level is READ_PUBLIC.
Check the permission, object, user against the launchpad authorization policy. If the object is a view, then consider the object to be the view's context. Workflow: - If the principal is not None and its access level is not what is required by the permission, deny. - If the object to authorize is private and the principal has no access to private objects, deny. - If we have zope.Public, allow. (But we shouldn't ever get this.) - If we have launchpad.AnyPerson and the principal is an ILaunchpadPrincipal then allow. - If the object has an IAuthorization named adapter, named after the permission, use that to check the permission. - Otherwise, deny.
This is similar to
checkPermission, but can be used to check the
baseline permissions that are available even without authentication.