Part of canonical.launchpad.webapp.authorization View In Hierarchy
| Method | checkPermission | Check the permission, object, user against the launchpad |
| Method | _checkRequiredAccessLevel | Check that the principal has the level of access required. |
| Method | _checkPrivacy | If the object is private, check that the principal can access it. |
| Method | _getPrincipalsAccessLevel | Get the principal's access level for the given object. |
Each permission specifies the level of access it requires (read or write) and all LaunchpadPrincipals have an access_level attribute. If the principal's access_level is not sufficient for that permission, returns False.
If the object is private and the principal's access level doesn't give access to private objects, return False. Return True otherwise.
If the principal's scope is None or the object is within the principal's scope, the original access level is returned. Otherwise the access level is READ_PUBLIC.
Check the permission, object, user against the launchpad authorization policy. If the object is a view, then consider the object to be the view's context. If we are running in read-only mode, all permission checks are failed except for launchpad.View requests, which are checked as normal. All other permissions are used to protect write operations. Workflow: - If the principal is not None and its access level is not what is required by the permission, deny. - If the object to authorize is private and the principal has no access to private objects, deny. - If we have zope.Public, allow. (We shouldn't ever get this, though.) - If we have launchpad.AnyPerson and the principal is an ILaunchpadPrincipal then allow. - If the object has an IAuthorization named adapter, named after the permission, use that to check the permission. - Otherwise, deny.