Add more security declarations.

bt5/erp5_base/WorkflowTemplateItem/portal_workflow/delivery_causality_workflow/scripts/Delivery_solveDivergence.xml

@@ -73,6 +73,14 @@ if len(delivery_solve_property_dict) or len(divergence_to_accept_list) \\\n
             <key> <string>_params</string> </key>
             <value> <string>state_change</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>Delivery_solveDivergence</string> </value>

bt5/erp5_credential/DocumentTemplateItem/portal_components/document.erp5.CredentialRecovery.py

@@ -58,6 +58,8 @@ class CredentialRecovery(Ticket, EncryptedPasswordMixin):
                       , PropertySheet.Url
                       )
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'isAnswerCorrect')
     def isAnswerCorrect(self):
       '''
       Check if the given answer match the real answer

bt5/erp5_ui_test_core/SkinTemplateItem/portal_skins/erp5_ui_test_core/Zuite_waitForActivities.xml

@@ -76,6 +76,14 @@ return \'Done.\'\n
             <key> <string>_params</string> </key>
             <value> <string>count = 1000</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>Zuite_waitForActivities</string> </value>

product/CMFActivity/ActiveObject.py

@@ -31,6 +31,7 @@ import warnings
 from contextlib import contextmanager
 from AccessControl import ClassSecurityInfo
 from Acquisition import aq_base
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
 from ActivityRuntimeEnvironment import getActivityRuntimeEnvironment
 from AccessControl import Unauthorized
@@ -58,6 +59,7 @@ class ActiveObject(ExtensionClass.Base):
 
   security = ClassSecurityInfo()
 
+  security.declarePublic('activate')
   def activate(self, activity=DEFAULT_ACTIVITY, active_process=None,
                activate_kw=None, REQUEST=None, **kw):
     """Returns an active wrapper for this object.
@@ -207,3 +209,5 @@ class ActiveObject(ExtensionClass.Base):
 
   def getActivityRuntimeEnvironment(self):
     return getActivityRuntimeEnvironment()
+
+InitializeClass(ActiveObject)

product/CMFActivity/ActivityTool.py

@@ -808,6 +808,7 @@ class ActivityTool (Folder, UniqueObject):
         self.subscribe()
         Folder.inheritedAttribute('manage_afterAdd')(self, item, container)
 
+    security.declareProtected(CMFCorePermissions.ManagePortal, 'getServerAddress')
     def getServerAddress(self):
         """
         Backward-compatibility code only.
@@ -828,6 +829,7 @@ class ActivityTool (Folder, UniqueObject):
             _server_address = '%s:%s' %(ip, port)
         return _server_address
 
+    security.declareProtected(CMFCorePermissions.ManagePortal, 'getCurrentNode')
     def getCurrentNode(self):
         """ Return current node identifier """
         global currentNode
@@ -848,7 +850,7 @@ class ActivityTool (Folder, UniqueObject):
           currentNode = self.getServerAddress()
         return currentNode
 
-    security.declarePublic('getDistributingNode')
+    security.declareProtected(CMFCorePermissions.ManagePortal, 'getDistributingNode')
     def getDistributingNode(self):
         """ Return the distributingNode """
         return self.distributingNode
@@ -977,6 +979,7 @@ class ActivityTool (Folder, UniqueObject):
           '/manageLoadBalancing?manage_tabs_message=' +
           urllib.quote(message))
 
+    security.declarePrivate('process_shutdown')
     def process_shutdown(self, phase, time_in_phase):
         """
           Prevent shutdown from happening while an activity queue is
@@ -989,6 +992,7 @@ class ActivityTool (Folder, UniqueObject):
           is_running_lock.acquire()
           LOG('CMFActivity', INFO, "Shutdown: Activities finished.")
 
+    security.declareProtected(CMFCorePermissions.ManagePortal, 'process_timer')
     def process_timer(self, tick, interval, prev="", next=""):
       """
       Call distribute() if we are the Distributing Node and call tic()
@@ -1112,6 +1116,7 @@ class ActivityTool (Folder, UniqueObject):
           return True
       return False
 
+    security.declarePrivate('getActivityBuffer')
     def getActivityBuffer(self, create_if_not_found=True):
       """
         Get activtity buffer for this thread for this activity tool.

product/CMFCategory/Category.py

@@ -452,6 +452,8 @@ class Category(Folder):
                                            display_id='logical_path',
                                            base=base, **kw)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getCategoryChildTranslatedLogicalPathItemList')
     def getCategoryChildTranslatedLogicalPathItemList(self,
                                               recursive=1, base=0, **kw):
       """
@@ -652,6 +654,7 @@ class Category(Folder):
     # Predicate interface
     _operators = []
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'test')
     def test(self, context):
       """
         A Predicate can be tested on a given context
@@ -799,10 +802,12 @@ class BaseCategory(Category):
     # BBB: Required to start instance with old
     #      version of erp5_property_sheets BT.
     related_locally_indexed = False
+    security.declarePrivate('isRelatedLocallyIndexed')
     def isRelatedLocallyIndexed(self):
       """Determines if related values should be indexed on target documents"""
       return self.related_locally_indexed
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'asSQLExpression')
     def asSQLExpression(self, strict_membership=0, table='category', base_category=None):
       """
         A Predicate can be rendered as an sql expression. This

product/ERP5/Document/Agent.py

@@ -66,6 +66,7 @@ class Agent(Folder, Image):
   security.declareProtected(Permissions.AccessContentsInformation, 'viewImage')
   viewImage = Image.index_html
   
+  security.declareProtected(Permissions.ModifyPortalContent, 'importSignature')
   def importSignature(self, import_file=None, form_id=None, REQUEST=None, **kw):
     """
       Imports a scan of a signature.
@@ -89,4 +90,3 @@ class Agent(Folder, Image):
       ret_url = self.absolute_url() + '/' + REQUEST.get('form_id', 'view')
       REQUEST.RESPONSE.redirect("%s?portal_status_message=Signature+Imported+Successfully"
                                 % ret_url)
-

product/ERP5/Document/BaseCategory.py

@@ -57,6 +57,8 @@ class BaseCategory(CMFBaseCategory, XMLObject):
                       , PropertySheet.Predicate)
 
     # Experimental - WebDAV browsing support - ask JPS
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'experimental_listDAVObjects')
     def experimental_listDAVObjects(self):
       from zLOG import LOG
       LOG("BaseCategory listDAVObjects" ,0, "listDAVObjects")

product/ERP5/Document/BudgetModel.py

@@ -57,6 +57,8 @@ class BudgetModel(Predicate):
   security = ClassSecurityInfo()
   security.declareObjectProtected(Permissions.AccessContentsInformation)
   
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCellRangeForBudgetLine')
   def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
     """Return the cell range to use for the budget.
     """
@@ -74,6 +76,8 @@ class BudgetModel(Predicate):
         cell_range.extend(variation_cell_range)
     return cell_range
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConsumptionCellRangeForBudgetLine')
   def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
     """Return the cell range to use for the budget consumption.
 
@@ -94,6 +98,8 @@ class BudgetModel(Predicate):
         cell_range.extend(variation_cell_range)
     return cell_range
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryQueryDict')
   def getInventoryQueryDict(self, budget_cell):
     """Returns the query dict to pass to simulation query for a budget cell
     """
@@ -112,6 +118,8 @@ class BudgetModel(Predicate):
       query_dict.setdefault('at_date', start_date_range_max.latestTime())
     return query_dict
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryListQueryDict')
   def getInventoryListQueryDict(self, budget_line):
     """Returns the query dict to pass to simulation query for a budget line
     """
@@ -155,6 +163,8 @@ class BudgetModel(Predicate):
         cell_key += (key,)
     return cell_key
     
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asBudgetPredicate')
   def asBudgetPredicate(self):
     " "
     # XXX predicate for line / cell ?

product/ERP5/Document/BusinessLink.py

@@ -121,6 +121,8 @@ class BusinessLink(Path, Predicate):
     method = getattr(movement, method_id) # We wish to raise if it does not exist
     return method()
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCompletionDate')
   def getCompletionDate(self, explanation):
     """Returns the date of completion of business path in the
     context of the explanation. The completion date of the Business
@@ -220,6 +222,7 @@ class BusinessLink(Path, Predicate):
         return False
     return True
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'isDelivered')
   def isDelivered(self, explanation):
     """Returns True is all simulation movements related to this
     Business Link in the context of given explanation are built

product/ERP5/Document/BusinessTemplate.py

@@ -4804,6 +4804,8 @@ Business Template is a set of definitions, such as skins, portal types and categ
           self.workflow_history[
                             'business_template_installation_workflow'] = None
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getShortRevision')
     def getShortRevision(self):
       """Returned a shortened revision"""
       r = self.getRevision()
@@ -4962,12 +4964,14 @@ Business Template is a set of definitions, such as skins, portal types and categ
       return self.portal_templates.publish(self, url, username=username,
                                            password=password)
 
+    security.declareProtected(Permissions.ManagePortal, 'update')
     def update(self):
       """
         Update template: download new template definition
       """
       return self.portal_templates.update(self)
 
+    security.declareProtected(Permissions.ManagePortal, 'isCatalogUpdatable')
     def isCatalogUpdatable(self):
       """
       Return if catalog will be updated or not by business template installation
@@ -4985,6 +4989,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
               return True
       return False
 
+    security.declareProtected(Permissions.ManagePortal, 'preinstall')
     def preinstall(self, check_dependencies=1, **kw):
       """
         Return the list of modified/new/removed object between a Business Template
@@ -5243,6 +5248,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
         result = tuple(result)
       return result
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateCatalogMethodIdList')
     def getTemplateCatalogMethodIdList(self):
       """
       We have to set this method because we want an
@@ -5250,6 +5256,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_catalog_method_id')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateBaseCategoryList')
     def getTemplateBaseCategoryList(self):
       """
       We have to set this method because we want an
@@ -5257,6 +5264,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_base_category')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateWorkflowIdList')
     def getTemplateWorkflowIdList(self):
       """
       We have to set this method because we want an
@@ -5264,6 +5272,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_workflow_id')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeIdList')
     def getTemplatePortalTypeIdList(self):
       """
       We have to set this method because we want an
@@ -5271,6 +5280,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_id')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeWorkflowChainList')
     def getTemplatePortalTypeWorkflowChainList(self):
       """
       We have to set this method because we want an
@@ -5278,6 +5288,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_workflow_chain')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePathList')
     def getTemplatePathList(self):
       """
       We have to set this method because we want an
@@ -5285,6 +5296,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_path')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePreferenceList')
     def getTemplatePreferenceList(self):
       """
       We have to set this method because we want an
@@ -5292,6 +5304,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_preference')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeAllowedContentTypeList')
     def getTemplatePortalTypeAllowedContentTypeList(self):
       """
       We have to set this method because we want an
@@ -5299,6 +5312,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_allowed_content_type')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeHiddenContentTypeList')
     def getTemplatePortalTypeHiddenContentTypeList(self):
       """
       We have to set this method because we want an
@@ -5306,6 +5320,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_hidden_content_type')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypePropertySheetList')
     def getTemplatePortalTypePropertySheetList(self):
       """
       We have to set this method because we want an
@@ -5313,6 +5328,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_property_sheet')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeBaseCategoryList')
     def getTemplatePortalTypeBaseCategoryList(self):
       """
       We have to set this method because we want an
@@ -5320,6 +5336,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_base_category')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateActionPathList')
     def getTemplateActionPathList(self):
       """
       We have to set this method because we want an
@@ -5327,6 +5344,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_action_path')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeRoleList')
     def getTemplatePortalTypeRoleList(self):
       """
       We have to set this method because we want an
@@ -5334,6 +5352,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_portal_type_role')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateLocalRoleList')
     def getTemplateLocalRoleList(self):
       """
       We have to set this method because we want an
@@ -5341,6 +5360,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_local_role')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateSkinIdList')
     def getTemplateSkinIdList(self):
       """
       We have to set this method because we want an
@@ -5348,6 +5368,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_skin_id')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateRegisteredSkinSelectionList')
     def getTemplateRegisteredSkinSelectionList(self):
       """
       We have to set this method because we want an
@@ -5355,6 +5376,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_registered_skin_selection')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateRegisteredVersionPrioritySelectionList')
     def getTemplateRegisteredVersionPrioritySelectionList(self):
       """
       We have to set this method because we want an
@@ -5367,6 +5389,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       except AttributeError:
         return ()
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateModuleIdList')
     def getTemplateModuleIdList(self):
       """
       We have to set this method because we want an
@@ -5374,6 +5397,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_module_id')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateMessageTranslationList')
     def getTemplateMessageTranslationList(self):
       """
       We have to set this method because we want an
@@ -5381,6 +5405,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return self._getOrderedList('template_message_translation')
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateToolIdList')
     def getTemplateToolIdList(self):
       """
       We have to set this method because we want an
@@ -5399,18 +5424,21 @@ Business Template is a set of definitions, such as skins, portal types and categ
           return True
       return False
 
+    security.declarePrivate('isKeepObject')
     def isKeepObject(self, path):
       """
       Return True if path is included in keep object list.
       """
       return self._isInKeepList(self.getTemplateKeepPathList(), path)
 
+    security.declarePrivate('isKeepWorkflowObject')
     def isKeepWorkflowObject(self, path):
       """
       Return True if path is included in keep workflow object list.
       """
       return self._isInKeepList(self.getTemplateKeepWorkflowPathList(), path)
 
+    security.declarePrivate('isKeepWorkflowObjectLastHistoryOnly')
     def isKeepWorkflowObjectLastHistoryOnly(self, path):
       """
       Return True if path is included in keep workflow last state only list
@@ -5418,6 +5446,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       return self._isInKeepList(self.getTemplateKeepLastWorkflowHistoryOnlyPathList(),
                                 path)
 
+    security.declarePrivate('getExportPath')
     def getExportPath(self):
       preferences = self.getPortalObject().portal_preferences
       bt_name = self.getTitle()
@@ -5565,6 +5594,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
 
       self._setRevision(bta.getRevision())
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getItemsList')
     def getItemsList(self):
       """Return list of items in business template
       """
@@ -5575,6 +5605,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
           items_list.extend(item.getKeys())
       return items_list
 
+    security.declareProtected(Permissions.ManagePortal, 'checkDependencies')
     def checkDependencies(self):
       """
        Check if all the dependencies of the business template
@@ -5587,6 +5618,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
           'Impossible to install %s, please install the following dependencies before: %s' \
           %(self.getTitle(), repr(missing_dep_list))
 
+    security.declareProtected(Permissions.ManagePortal, 'getMissingDependencyList')
     def getMissingDependencyList(self):
       """
       Retuns a list of missing dependencies.
@@ -5613,6 +5645,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
             missing_dep_list.append((dependency, version_restriction or ''))
       return [' '.join([y for y in x if y]) for x in missing_dep_list]
 
+    security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
     def diffObjectAsHTML(self, REQUEST, **kw):
       """
         Convert diff into a HTML format before reply
@@ -5621,6 +5654,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       """
       return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()
 
+    security.declareProtected(Permissions.ManagePortal, 'diffObject')
     def diffObject(self, REQUEST, **kw):
       """
         Make a diff between an object in the Business Template
@@ -5812,6 +5846,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       return diff_msg
 
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getPortalTypesProperties')
     def getPortalTypesProperties(self, **kw):
       """
       Fill field about properties for each portal type
@@ -5902,6 +5937,8 @@ Business Template is a set of definitions, such as skins, portal types and categ
       self.setTemplateActionPathList(bt_action_list)
 
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'guessPortalTypes')
     def guessPortalTypes(self, **kw):
       """
       This method guesses portal types based on modules define in the Business Template
@@ -5972,6 +6009,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
       setattr(self, 'template_portal_type_id', bt_portal_types_id_list)
       return
 
+    security.declarePrivate('clearPortalTypes')
     def clearPortalTypes(self, **kw):
       """
       clear id list register for portal types

product/ERP5/Document/Category.py

@@ -145,6 +145,8 @@ class Category(CMFCategory, Predicate, MetaNode, MetaResource):
       return None
 
     # Experimental - WebDAV browsing support - ask JPS
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'experimental_listDAVObjects')
     def experimental_listDAVObjects(self):
       """
       """

product/ERP5/Document/CategoryBudgetVariation.py

@@ -56,10 +56,14 @@ class CategoryBudgetVariation(BudgetVariation):
 
   # zope.interface.implements(BudgetVariation, )
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asBudgetPredicate')
   def asBudgetPredicate(self):
     """This budget variation in a predicate
     """
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCellRangeForBudgetLine')
   def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
     """The cell range added by this variation
     """
@@ -69,6 +73,8 @@ class CategoryBudgetVariation(BudgetVariation):
       return [[(i[1], i[0]) for i in item_list if i[1] in variation_category_list]]
     return [[i[1] for i in item_list if i[1] in variation_category_list]]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConsumptionCellRangeForBudgetLine')
   def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
     """The cell range added by this variation for consumption
     """
@@ -101,6 +107,8 @@ class CategoryBudgetVariation(BudgetVariation):
       return [[(i[1], i[0]) for i in item_list if i[0] in used_node_item_set]]
     return [[i[1] for i in item_list if i[1] in used_node_item_set]]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryQueryDict')
   def getInventoryQueryDict(self, budget_cell):
     """ Query dict to pass to simulation query
     """
@@ -144,6 +152,8 @@ class CategoryBudgetVariation(BudgetVariation):
 
     return query_dict
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryListQueryDict')
   def getInventoryListQueryDict(self, budget_line):
     """Returns the query dict to pass to simulation query for a budget line
     """
@@ -195,6 +205,8 @@ class CategoryBudgetVariation(BudgetVariation):
       return query_dict
     return {}
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetVariationRangeCategoryList')
   def getBudgetVariationRangeCategoryList(self, context):
     """Returns the Variation Range Category List that can be applied to this
     budget.
@@ -216,6 +228,8 @@ class CategoryBudgetVariation(BudgetVariation):
                                 checked_permission='View')
 
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetLineVariationRangeCategoryList')
   def getBudgetLineVariationRangeCategoryList(self, budget_line):
     """Returns the Variation Range Category List that can be applied to this
     budget line.
@@ -246,6 +260,8 @@ class CategoryBudgetVariation(BudgetVariation):
     return getattr(portal.portal_categories.unrestrictedTraverse(base_category),
                         item_list_method)(**item_list_method_parameter_dict)
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudgetLine')
   def initializeBudgetLine(self, budget_line):
     """Initialize a budget line
     """
@@ -263,6 +279,8 @@ class CategoryBudgetVariation(BudgetVariation):
       budget_line.setMembershipCriterionBaseCategoryList(
           budget_line_membership_criterion_base_category_list)
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudget')
   def initializeBudget(self, budget):
     """Initialize a budget.
     """

product/ERP5/Document/Container.py

@@ -108,6 +108,8 @@ class Container(Movement, XMLObject):
       """
       return False
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getContainerText')
     def getContainerText(self):
       """
         Creates a unique string which allows to compare/hash two containers

product/ERP5/Document/Delivery.py

@@ -339,6 +339,7 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
          divergence_list.extend(simulation_movement.getDivergenceList())
       return divergence_list
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'updateCausalityState')
     @UnrestrictedMethod
     def updateCausalityState(self, solve_automatically=True, **kw):
       """
@@ -369,6 +370,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
       if kw:
         super(Delivery, self).updateSimulation(**kw)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'splitAndDeferMovementList')
     def splitAndDeferMovementList(self, start_date=None, stop_date=None,
         movement_uid_list=[], delivery_solver=None,
         target_solver='CopyToTarget', delivery_builder=None):
@@ -757,6 +760,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
       """
       pass
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBuilderList')
     def getBuilderList(self):
       """Returns appropriate builder list."""
       return self._getTypeBasedMethod('getBuilderList')()
@@ -832,6 +837,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
         result += movement.getDeliveryRelatedValueList()
       return result
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getDivergentTesterAndSimulationMovementList')
     def getDivergentTesterAndSimulationMovementList(self):
       """
       This method returns a list of (tester, simulation_movement) for each divergence.

product/ERP5/Document/DeliveryLine.py

@@ -465,6 +465,7 @@ class DeliveryLine(Movement, XMLMatrix, ImmobilisationMovement):
             delivery_ratio = 1.0 / len(s_m_list_per_movement)
             s_m.edit(delivery_ratio=delivery_ratio)
 
+    security.declareProtected(Permissions.ModifyPortalContent, 'solve')
     def solve(self, decision_list):
       """Solves line according to decision list
       """

product/ERP5/Document/Document.py

@@ -313,7 +313,7 @@ class Document(DocumentExtensibleTraversableMixin, XMLObject, UrlMixin,
     text = self.getSearchableText() # XXX getSearchableText or asText ?
     return self._getSearchableReferenceList(text)
 
-  security.declareProtected(Permissions.AccessContentsInformation, 'getSearchableReferenceList')
+  security.declareProtected(Permissions.AccessContentsInformation, 'isSearchableReference')
   def isSearchableReference(self):
     """
       Determine if current document's reference can be used for searching - i.e. follows

product/ERP5/Document/Domain.py

@@ -120,6 +120,8 @@ class Domain(Predicate, MetaNode, MetaResource):
     domain = self.newContent(id=id, portal_type='Domain', temp_object=1)
     return domain.__of__(self)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getChildDomainValueList')
   def getChildDomainValueList(self, parent = None, **kw):
     """
     Return child domain objects already present or me may generate
@@ -130,6 +132,8 @@ class Domain(Predicate, MetaNode, MetaResource):
     return self.portal_domains.getChildDomainValueList(parent, **kw)
 
   # Experimental - WebDAV browsing support - ask JPS
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'experimental_listDAVObjects')
   def experimental_listDAVObjects(self):
     result = self.objectValues(portal_type = self.getPortalType())
     result.extend(self.portal_catalog(selection_domain = self))

product/ERP5/Document/Event.py

@@ -30,6 +30,7 @@ from AccessControl import ClassSecurityInfo
 
 from Products.ERP5Type import Permissions, PropertySheet
 from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5.Document.Movement import Movement
 from Products.ERP5.Document.EmailDocument import EmailDocument
 
@@ -60,6 +61,8 @@ class AcknowledgeableMixin:
       return method(**kw)
     return None
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'hasAcknowledgementActivity')
   def hasAcknowledgementActivity(self, user_name=None):
     """
     We will check if there is some current activities running or not
@@ -88,6 +91,8 @@ class AcknowledgeableMixin:
         result = True
     return result
 
+InitializeClass(AcknowledgeableMixin)
+
 class Event(Movement, EmailDocument, AcknowledgeableMixin):
   """
     Event is the base class for all events in ERP5.

product/ERP5/Document/FIFODeliverySolver.py

@@ -57,6 +57,7 @@ class FIFODeliverySolver(XMLObject):
   zope.interface.implements(interfaces.IDeliverySolver,)
 
   # IDeliverySolver Implementation
+  security.declareProtected(Permissions.AccessContentsInformation, 'getTotalQuantity')
   def getTotalQuantity(self):
     """
       Move this to mixin
@@ -66,6 +67,7 @@ class FIFODeliverySolver(XMLObject):
       total_quantity += movement.getQuantity()
     return total_quantity
 
+  security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
   def setTotalQuantity(self, new_quantity, activate_kw=None):
     """
     """

product/ERP5/Document/File.py

@@ -120,12 +120,14 @@ class File(Document, CMFFile):
   security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
   edit = WorkflowMethod( _edit )
 
+  security.declareProtected(Permissions.View, 'get_size')
   def get_size(self):
     """
     has to be overwritten here, otherwise WebDAV fails
     """
     return self.getSize()
 
+  security.declareProtected(Permissions.View, 'getcontentlength')
   getcontentlength = get_size
 
   def _get_content_type(*args, **kw):

product/ERP5/Document/Image.py

@@ -438,6 +438,7 @@ class Image(TextConvertableMixin, File, OFSImage):
     File.PUT(self, REQUEST, RESPONSE)
     self._update_image_info()
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultImageQuality')
   def getDefaultImageQuality(self, format=None):
     """
     Get default image quality for a format.

product/ERP5/Document/Item.py

@@ -70,6 +70,7 @@ class Item(XMLObject, Amount):
         """
         return XMLObject.generateNewId(self, id_group=id_group, default=default, method=method)
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getPrice')
     def getPrice(self,context=None,**kw):
       """
         Get the Price in the context.
@@ -85,15 +86,14 @@ class Item(XMLObject, Amount):
           local_price = resource.getPrice(self.asContext( context=context, **kw))
       return local_price
   
-    security.declareProtected(Permissions.ModifyPortalContent, 'getRemainingQuantity')
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getRemainingQuantity')
     def getRemainingQuantity(self):
         """
         Computes the quantity of an item minus quantity of all sub_items
         """
         sub_quantity = 0
-        sub_item_list = [document
-                         for document in self.objectValues()
-                         if document.isItem()]
-        for sub_item in sub_item_list :
+        for sub_item in self.objectValues():
+            if sub_item.isItem():
                 sub_quantity += sub_item.getQuantity()
         return self.getQuantity() - sub_quantity

product/ERP5/Document/MinimisePriceDeliverySolver.py

@@ -57,6 +57,7 @@ class MinimisePriceDeliverySolver(FIFODeliverySolver):
   zope.interface.implements(interfaces.IDeliverySolver,)
 
   # IDeliverySolver Implementation
+  security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
   def setTotalQuantity(self, new_quantity, activate_kw=None):
     """
     """

product/ERP5/Document/Movement.py

@@ -512,6 +512,8 @@ class Movement(XMLObject, Amount, CompositionMixin, AmountGeneratorMixin):
         return True
     return False
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDivergenceList')
   def getDivergenceList(self):
     """
     Return a list of messages that contains the divergences

product/ERP5/Document/NetConvertedQuantityEquivalenceTester.py

@@ -45,6 +45,8 @@ class NetConvertedQuantityEquivalenceTester(FloatEquivalenceTester):
   security = ClassSecurityInfo()
   security.declareObjectProtected(Permissions.AccessContentsInformation)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUpdatablePropertyDict')
   def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
     """
     Returns a list of properties to update on decision_movement

product/ERP5/Document/NodeBudgetVariation.py

@@ -61,6 +61,8 @@ class NodeBudgetVariation(BudgetVariation):
 
   # zope.interface.implements(BudgetVariation, )
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asBudgetPredicate')
   def asBudgetPredicate(self):
     """This budget variation in a predicate
     """
@@ -87,6 +89,8 @@ class NodeBudgetVariation(BudgetVariation):
     node_title_method_id = self.getProperty('node_title_method_id', 'getTitle')
     return guarded_getattr(node, node_title_method_id)()
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCellRangeForBudgetLine')
   def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
     """The cell range added by this variation
     """
@@ -103,6 +107,8 @@ class NodeBudgetVariation(BudgetVariation):
       return [[i for i in node_item_list if i[0] in variation_category_list]]
     return [[i[0] for i in node_item_list if i[0] in variation_category_list]]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConsumptionCellRangeForBudgetLine')
   def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
     """The cell range added by this variation for consumption
     """
@@ -136,6 +142,8 @@ class NodeBudgetVariation(BudgetVariation):
       return [[i for i in node_item_list if i[0] in used_node_item_set]]
     return [[i[0] for i in node_item_list if i[0] in used_node_item_set]]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryQueryDict')
   def getInventoryQueryDict(self, budget_cell):
     """ Query dict to pass to simulation query
     """
@@ -218,6 +226,8 @@ class NodeBudgetVariation(BudgetVariation):
 
     return query_dict
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryListQueryDict')
   def getInventoryListQueryDict(self, budget_line):
     """Returns the query dict to pass to simulation query for a budget line
     """
@@ -309,6 +319,8 @@ class NodeBudgetVariation(BudgetVariation):
             self.getProperty('variation_base_category'),)
     return key
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetLineVariationRangeCategoryList')
   def getBudgetLineVariationRangeCategoryList(self, budget_line):
     """Returns the Variation Range Category List that can be applied to this
     budget line.
@@ -320,6 +332,8 @@ class NodeBudgetVariation(BudgetVariation):
     return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
                 for node in self._getNodeList(budget_line)]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetVariationRangeCategoryList')
   def getBudgetVariationRangeCategoryList(self, budget):
     """Returns the Variation Range Category List that can be applied to this
     budget.
@@ -331,6 +345,8 @@ class NodeBudgetVariation(BudgetVariation):
     return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
                 for node in self._getNodeList(budget)]
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudgetLine')
   def initializeBudgetLine(self, budget_line):
     """Initialize a budget line
     """
@@ -348,6 +364,8 @@ class NodeBudgetVariation(BudgetVariation):
       budget_line.setMembershipCriterionBaseCategoryList(
           budget_line_membership_criterion_base_category_list)
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudget')
   def initializeBudget(self, budget):
     """Initialize a budget.
     """

product/ERP5/Document/QuantityUnitConversionDefinition.py

@@ -67,6 +67,8 @@ class QuantityUnitConversionDefinition(XMLObject):
 
     return default_title
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConversionRatio')
   def getConversionRatio(self):
     """
       Compute conversion ratio associated with this definition

product/ERP5/Document/Resource.py

@@ -1007,6 +1007,8 @@ class Resource(XMLObject, XMLMatrix, VariatedMixin):
 
       return insert_list
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getQuantityUnitDefinitionRatio')
     def getQuantityUnitDefinitionRatio(self, quantity_unit_value):
       """
       get the ratio used to define the quantity unit quantity_unit_value.

product/ERP5/Document/SimulatedDeliveryBuilder.py

@@ -93,6 +93,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
                     , PropertySheet.DeliveryBuilder
                     )
 
+  security.declarePrivate('callBeforeBuildingScript')
   def callBeforeBuildingScript(self):  # XXX-JPS
     """
       Redefine this method, because it seems nothing interesting can be
@@ -100,6 +101,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
     """
     pass
 
+  security.declarePrivate('searchMovementList')
   @UnrestrictedMethod
   def searchMovementList(self, applied_rule_uid=None, **kw):
     """
@@ -189,6 +191,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
       delivery_relative_url,
       divergence_to_adopt_list=divergence_to_adopt_list)
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'solveDeliveryGroupDivergence')
   @UnrestrictedMethod
   def solveDeliveryGroupDivergence(self, delivery_relative_url,
                                    property_dict=None):
@@ -333,6 +337,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
 
     return delivery_list
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'solveDivergence')
   solveDivergence = UnrestrictedMethod(_solveDivergence)
 
   def _createDelivery(self, delivery_module, movement_list, activate_kw):

product/ERP5/Document/SimulationMovement.py

@@ -722,6 +722,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
 
     return True
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverProcessValueList')
   def getSolverProcessValueList(self, movement=None, validation_state=None):
     """
     Returns the list of solver processes which are
@@ -736,6 +738,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
     """
     raise NotImplementedError
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverDecisionValueList')
   def getSolverDecisionValueList(self, movement=None, validation_state=None):
     """
     Returns the list of solver decisions which apply
@@ -748,6 +752,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
     """
     raise NotImplementedError
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolvedPropertyApplicationValueList')
   def getSolvedPropertyApplicationValueList(self, movement=None, divergence_tester=None):
     """
     Returns the list of documents at which a given divergence resolution

product/ERP5/Document/SolverDecision.py

@@ -80,6 +80,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
   zope.interface.implements(interfaces.IConfigurable,
                            )
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDefaultConfigurationPropertyDict')
   def getDefaultConfigurationPropertyDict(self):
     """
     Returns a dictionary of default properties for specified
@@ -92,6 +94,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
     else:
       return solver_type.getDefaultConfigurationPropertyDict(self)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConfigurationPropertyListDict')
   def getConfigurationPropertyListDict(self):
     """
     Returns a dictionary of possible values for specified
@@ -104,6 +108,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
     else:
       return solver_type.getConfigurationPropertyListDict(self)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'searchDeliverySolverList')
   def searchDeliverySolverList(self, **kw):
     """
     this method returns a list of delivery solvers, as predicates against
@@ -115,6 +121,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
     solver_list = target_solver_type.getDeliverySolverValueList()
     return filter(lambda x:x.test(self), solver_list)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getExplanationMessage')
   def getExplanationMessage(self, all=False):
     """
     Returns the HTML message that describes the detail of divergences to

product/ERP5/Document/SolverProcess.py

@@ -78,6 +78,7 @@ class SolverProcess(XMLObject, ActiveProcess):
                            )
 
   # Implementation
+  security.declareProtected(Permissions.ModifyPortalContent, 'buildTargetSolverList')
   @UnrestrictedMethod
   def buildTargetSolverList(self):
     """
@@ -176,6 +177,7 @@ class SolverProcess(XMLObject, ActiveProcess):
   # ISolver implementation
   # Solver Process Workflow Interface
   #  NOTE: how can we consider that a workflow defines or provides an interface ?
+  security.declareProtected(Permissions.ModifyPortalContent, 'solve')
   def solve(self, activate_kw=None):
     """
       Start solving
@@ -200,6 +202,8 @@ class SolverProcess(XMLObject, ActiveProcess):
           activate_kw=activate_kw)
 
   # API
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'isSolverDecisionListConsistent')
   def isSolverDecisionListConsistent(self):
     """
     Returns True is the Solver Process decisions do not
@@ -208,6 +212,8 @@ class SolverProcess(XMLObject, ActiveProcess):
     this helps reducing CPU time.
     """
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'buildSolverDecisionList')
   def buildSolverDecisionList(self, delivery_or_movement=None):
     """
     Build (or rebuild) the solver decisions in the solver process

product/ERP5/Document/SolverTypeInformation.py

@@ -51,6 +51,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
                     , PropertySheet.Configurable
                     )
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverConflictMessageList')
   def getSolverConflictMessageList(self, movement, configuration_mapping, solver_dict, movement_dict):
     """
     Returns the list of conflictings messgaes if the solver and configuration_mapping
@@ -89,6 +91,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
     # Return emtpty message list
     return ()
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverProcessGroupingKey')
   def getSolverProcessGroupingKey(self, movement, configuration_mapping, solver_dict, movement_dict):
     """
     Returns a key which can be used to group solvers during the
@@ -140,6 +144,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
 
     return movement.getRelativeUrl()
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDefaultConfigurationPropertyDict')
   def getDefaultConfigurationPropertyDict(self, configurable):
     """
     Returns a dictionary of default properties for specified
@@ -155,6 +161,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
     else:
       return {}
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDefaultConfigurationProperty')
   def getDefaultConfigurationProperty(self, property, configurable):
     """
     Returns the default value for a given property
@@ -167,6 +175,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
     """
     return self.getDefaultConfigurationPropertyDict().get(property, None)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConfigurationPropertyListDict')
   def getConfigurationPropertyListDict(self, configurable):
     """
     Returns a dictionary of possible values for specified
@@ -182,6 +192,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
     else:
       return {}
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConfigurationPropertyList')
   def getConfigurationPropertyList(self, property, configurable):
     """
     Returns a list of possible values for a given property

product/ERP5/Document/TradeCondition.py

@@ -104,6 +104,8 @@ class TradeCondition(MappedValue, AmountGeneratorMixin, VariatedMixin):
       return [x for x in context._findEffectiveSpecialiseValueList()
                 if x.getPortalType() in portal_type_set]
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getAggregatedAmountList')
     def getAggregatedAmountList(self, *args, **kw):
       """
       """

product/ERP5/Document/TradeModelCell.py

@@ -68,6 +68,8 @@ class TradeModelCell(TradeModelLine):
       """
       return 0
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getQuantity')
     def getQuantity(self):
       """Overridden getter to return None instead 0 if undefined"""
       return self._baseGetQuantity(None)

product/ERP5/Document/TransformedResource.py

@@ -101,11 +101,15 @@ class TransformedResource(AmountGeneratorLine):
         value += delivery_amount.getConvertedQuantity()
       return value
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBaseApplication')
     def getBaseApplication(self):
       """
       """
       return self.getBaseApplicationList()[0]
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBaseApplicationList')
     def getBaseApplicationList(self):
       """
       """

product/ERP5/Document/Url.py

@@ -90,6 +90,8 @@ class Url(Coordinate, UrlMixin):
     return ("http://www.erp5.org", "mailto:info@erp5.org")
 
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUrlString')
   def getUrlString(self, default=_marker):
     """Fallback on coordinate_text
     """

product/ERP5/Document/VariationEquivalenceTester.py

@@ -85,6 +85,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
           dict(property_name=tested_property))
     return None
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'generateHashKey')
   def generateHashKey(self, movement):
     """
     Returns a hash key which can be used to optimise the
@@ -106,6 +108,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
                                                        tested_property))
     return 'variation/%r' % (value_list)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUpdatablePropertyDict')
   def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
     """
     Returns a list of properties to update on decision_movement

product/ERP5/Tool/CategoryTool.py

@@ -85,6 +85,7 @@ class CategoryTool(CopyContainer, CMFCategoryTool, BaseTool):
     def hasContent(self,id):
       return id in self.objectIds()
 
+    security.declareProtected(Permissions.AccessContentsInformation, 'getBaseCategoryDict')
     @caching_instance_method(
       id='portal_categories.getBaseCategoryDict',
       cache_factory='erp5_content_long',

product/ERP5/Tool/DomainTool.py

@@ -359,6 +359,8 @@ class DomainTool(BaseTool):
         return mapped_value
 
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getChildDomainValueList')
     def getChildDomainValueList(self, parent, **kw):
       """
       Return child domain objects already present adn thois generetaded dynamically
@@ -370,6 +372,8 @@ class DomainTool(BaseTool):
       return object_list
 
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getDomainByPath')
     def getDomainByPath(self, path, default=_MARKER):
       """
       Return the domain object for a given path

product/ERP5/Tool/IdTool.py

@@ -279,6 +279,8 @@ class IdTool(BaseTool):
 
   ## XXX Old API deprecated
   #backward compatibility
+  security.declareProtected(Permissions.AccessContentsInformation,
+                           'generateNewLengthIdList')
   generateNewLengthIdList = generateNewIdList
 
   security.declareProtected(Permissions.AccessContentsInformation,

product/ERP5/Tool/LogMixin.py

@@ -28,6 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 
 # XXX This Mixin is not finished yet. Added as a reference for the
@@ -86,3 +87,5 @@ class LogMixin:
     """
     method = self.getTypeBasedMethod('parseLogLine')
     return method(log_name, log_line)
+
+InitializeClass(LogMixin)

product/ERP5/Tool/PasswordTool.py

@@ -110,7 +110,7 @@ class PasswordTool(BaseTool):
   def getExpirationDateForKey(self, key=None):
     return self._password_request_dict[key][1]
 
-
+  security.declarePublic('mailPasswordResetRequest')
   def mailPasswordResetRequest(self, user_login=None, REQUEST=None,
                                notification_message=None, sender=None,
                                store_as_event=False,
@@ -227,33 +227,7 @@ class PasswordTool(BaseTool):
     data = ' '.join((str(t), str(r), str(a), str(args)))
     return md5(data).hexdigest()
 
-  def resetPassword(self, reset_key=None, REQUEST=None):
-    """
-    """
-    # XXX-Aurel : is it used ?
-    if REQUEST is None:
-      REQUEST = get_request()
-    user_login, expiration_date = self._password_request_dict.get(reset_key, (None, None))
-    site_url = self.getPortalObject().absolute_url()
-    if REQUEST and 'came_from' in REQUEST:
-      site_url = REQUEST.came_from
-    if reset_key is None or user_login is None:
-      ret_url = '%s/login_form' % site_url
-      return REQUEST.RESPONSE.redirect( ret_url )
-
-    # check date
-    current_date = DateTime()
-    if current_date > expiration_date:
-      msg = translateString("Date has expire.")
-      parameter = urlencode(dict(portal_status_message=msg))
-      ret_url = '%s/login_form?%s' % (site_url, parameter)
-      return REQUEST.RESPONSE.redirect( ret_url )
-
-    # redirect to form as all is ok
-    REQUEST.set("password_key", reset_key)
-    return self.reset_password_form(REQUEST=REQUEST)
-
-
+  security.declareProtected(Permissions.ModifyPortalContent, 'removeExpiredRequests')
   def removeExpiredRequests(self):
     """
     Browse dict and remove expired request
@@ -264,6 +238,7 @@ class PasswordTool(BaseTool):
       if date < current_date:
         del password_request_dict[key]
 
+  security.declarePublic('changeUserPassword')
   def changeUserPassword(self, password, password_key, password_confirm=None,
                          user_login=None, REQUEST=None, **kw):
     """

product/ERP5/Tool/SimulationTool.py

@@ -126,18 +126,26 @@ class SimulationTool(BaseTool):
             ['Manager',])
       BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'solveDelivery')
     def solveDelivery(self, delivery, delivery_solver_name, target_solver_name,
                       additional_parameters=None, **kw):
       """
+        XXX obsoleted API
+
         Solves a delivery by calling first DeliverySolver, then TargetSolver
       """
       return self._solveMovementOrDelivery(delivery, delivery_solver_name,
           target_solver_name, delivery=1,
           additional_parameters=additional_parameters, **kw)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'solveMovement')
     def solveMovement(self, movement, delivery_solver_name, target_solver_name,
                       additional_parameters=None, **kw):
       """
+        XXX obsoleted API
+
         Solves a movement by calling first DeliverySolver, then TargetSolver
       """
       return self._solveMovementOrDelivery(movement, delivery_solver_name,
@@ -1396,6 +1404,8 @@ class SimulationTool(BaseTool):
             result = delta_result
       return result
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInventoryCacheLag')
     def getInventoryCacheLag(self):
       """
       Returns a duration, in days, for stock cache management.

product/ERP5/Tool/SolverProcessTool.py

@@ -30,6 +30,7 @@
 import zope.interface
 
 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import DTMLFile
 from Products.ERP5Type.Tool.BaseTool import BaseTool
@@ -58,6 +59,8 @@ class SolverProcessTool(BaseTool):
   manage_overview = DTMLFile( 'explainSolverTool', _dtmldir )
 
   # IDivergenceController implementation
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'isDivergent')
   def isDivergent(self, delivery_or_movement=None):
     """
     Returns True if any of the movements provided
@@ -73,6 +76,8 @@ class SolverProcessTool(BaseTool):
         return True
     return False
 
+  security.declareProtected(Permissions.AddPortalContent,
+                            'newSolverProcess')
   @UnrestrictedMethod
   def newSolverProcess(self, delivery_or_movement=None, temp_object=False):
     """
@@ -107,3 +112,5 @@ class SolverProcessTool(BaseTool):
       delivery.setSolverValueList(solver_list)
 
     return new_solver
+
+InitializeClass(SolverProcessTool)

product/ERP5/Tool/SolverTool.py

@@ -31,6 +31,7 @@ import zope.interface
 import re
 
 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Tool.TypesTool import TypeProvider
 from Products.ERP5 import DeliverySolver
@@ -55,6 +56,8 @@ class SolverTool(TypeProvider):
   zope.interface.implements(interfaces.IDeliverySolverFactory,)
 
   # IDeliverySolverFactory implementation
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'newDeliverySolver')
   def newDeliverySolver(self, portal_type, movement_list):
     """
     Return a new instance of delivery solver of the given
@@ -73,6 +76,8 @@ class SolverTool(TypeProvider):
     tmp_solver.setDeliveryValueList(movement_list)
     return tmp_solver
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDeliverySolverTranslatedItemList')
   def getDeliverySolverTranslatedItemList(self, portal_type_list=None):
     """
     """
@@ -81,6 +86,8 @@ class SolverTool(TypeProvider):
                    if portal_type_list is None or x in portal_type_list],
                   key=lambda x:str(x[0]))
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverProcessValueList')
   def getSolverProcessValueList(self, delivery_or_movement=None, validation_state=None):
     """
     Returns the list of solver processes which are
@@ -95,6 +102,8 @@ class SolverTool(TypeProvider):
                         to filter the result
     """
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverDecisionValueList')
   def getSolverDecisionValueList(self, delivery_or_movement=None, validation_state=None):
     """
     Returns the list of solver decisions which apply
@@ -107,6 +116,8 @@ class SolverTool(TypeProvider):
                         to filter the result
     """
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverDecisionApplicationValueList')
   def getSolverDecisionApplicationValueList(self, movement, divergence_tester=None):
     """
     Returns the list of documents at which a given divergence resolution
@@ -190,6 +201,8 @@ class SolverTool(TypeProvider):
             application_value_level[property_group.getCollectGroupOrder()] = None
     # etc. same
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'searchTargetSolverList')
   def searchTargetSolverList(self, divergence_tester,
                              simulation_movement,
                              automatic_solver_only=False, **kw):
@@ -203,3 +216,5 @@ class SolverTool(TypeProvider):
               x.test(simulation_movement, **kw)]
     else:
       return [x for x in solver_list if x.test(simulation_movement, **kw)]
+
+InitializeClass(SolverTool)

product/ERP5/Tool/TemplateTool.py

@@ -113,6 +113,8 @@ class TemplateTool (BaseTool):
     security.declareProtected(Permissions.ManagePortal, 'manage_overview')
     manage_overview = DTMLFile('explainTemplateTool', _dtmldir)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplate')
     def getInstalledBusinessTemplate(self, title, strict=False, **kw):
       """Returns an installed version of business template of a given title.
 
@@ -148,6 +150,8 @@ class TemplateTool (BaseTool):
               last_time = t
       return last_bt
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplatesList')
     def getInstalledBusinessTemplatesList(self):
       """Deprecated.
       """
@@ -166,16 +170,22 @@ class TemplateTool (BaseTool):
           installed_bts.append(bt5)
       return installed_bts
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplateList')
     def getInstalledBusinessTemplateList(self):
       """Get the list of installed business templates.
       """
       return self._getInstalledBusinessTemplateList(only_title=0)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplateTitleList')
     def getInstalledBusinessTemplateTitleList(self):
       """Get the list of installed business templates.
       """
       return self._getInstalledBusinessTemplateList(only_title=1)
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplateRevision')
     def getInstalledBusinessTemplateRevision(self, title, **kw):
       """
         Return the revision of business template installed with the title
@@ -186,6 +196,8 @@ class TemplateTool (BaseTool):
         return bt.getRevision()
       return None
 
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBuiltBusinessTemplateList')
     def getBuiltBusinessTemplateList(self):
       """Get the list of built and not installed business templates.
       """
@@ -283,6 +295,7 @@ class TemplateTool (BaseTool):
              content_type='application/x-erp5-business-template')
       business_template.setPublicationUrl(url)
 
+    security.declareProtected(Permissions.ManagePortal, 'update')
     def update(self, business_template):
       """
         Update an existing template from its publication URL.
@@ -371,6 +384,7 @@ class TemplateTool (BaseTool):
       bt.build(no_action=True)
       return bt
 
+    security.declareProtected('Import/Export objects', 'importBase64EncodedText')
     def importBase64EncodedText(self, file_data=None, id=None, REQUEST=None,
                                 batch_mode=False, **kw):
       """
@@ -380,6 +394,7 @@ class TemplateTool (BaseTool):
       return self.importFile(import_file = import_file, id = id, REQUEST = REQUEST,
                              batch_mode = batch_mode, **kw)
 
+    security.declareProtected('Import/Export objects', 'importFile')
     def importFile(self, import_file=None, id=None, REQUEST=None,
                    batch_mode=False, **kw):
       """
@@ -421,6 +436,7 @@ class TemplateTool (BaseTool):
       elif batch_mode:
         return bt
 
+    security.declareProtected(Permissions.ManagePortal, 'getDiffFilterScriptList')
     def getDiffFilterScriptList(self):
       """
       Return list of scripts usable to filter diff
@@ -438,12 +454,14 @@ class TemplateTool (BaseTool):
           LOG("TemplateTool", WARNING, "Unable to find %r script" % script_id)
       return script_list
 
+    security.declareProtected(Permissions.ManagePortal, 'getFilteredDiffAsHTML')
     def getFilteredDiffAsHTML(self, diff):
       """
       Return the diff filtered by python scripts into html format
       """
       return self.getFilteredDiff(diff).toHTML()
 
+    security.declareProtected(Permissions.ManagePortal, 'getFilteredDiff')
     def getFilteredDiff(self, diff):
       """
       Filter the diff using python scripts
@@ -461,6 +479,7 @@ class TemplateTool (BaseTool):
       # DiffFile does not provide yet such feature
       return diff_file_object
 
+    security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
     def diffObjectAsHTML(self, REQUEST, **kw):
       """
         Convert diff into a HTML format before reply
@@ -469,6 +488,7 @@ class TemplateTool (BaseTool):
       """
       return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()
 
+    security.declareProtected(Permissions.ManagePortal, 'diffObject')
     def diffObject(self, REQUEST, **kw):
       """
         Make diff between two objects, whose paths are stored in values bt1
@@ -612,6 +632,7 @@ class TemplateTool (BaseTool):
       """
       return b64encode(cPickle.dumps((repository, id)))
 
+    security.declarePublic('compareVersionStrings')
     def compareVersionStrings(self, version, comparing_string):
       """
        comparing_string is like "<= 0.2" | "operator version"
@@ -755,6 +776,8 @@ class TemplateTool (BaseTool):
         raise BusinessTemplateUnknownError, 'The Business Template %s could not be found on repository %s'%(bt[1], bt[0])
       return []
 
+    security.declareProtected(Permissions.ManagePortal,
+                              'findProviderInBTList')
     def findProviderInBTList(self, provider_list, bt_list):
       """
        Find one provider in provider_list which is present in
@@ -968,6 +991,7 @@ class TemplateTool (BaseTool):
       #LOG('getUpdatedRepositoryBusinessTemplateList', 0, 'kw = %r' % (kw,))
       return self.getRepositoryBusinessTemplateList(update_only=True, **kw)
 
+    security.declarePublic('compareVersions')
     def compareVersions(self, version1, version2):
       """
         Return negative if version1 < version2, 0 if version1 == version2,

product/ERP5/Tool/TestTool.py

@@ -58,6 +58,7 @@ try:
     security.declareProtected( Permissions.ManagePortal, 'manage_overview' )
     manage_overview = DTMLFile( 'explainTestTool', _dtmldir )
 
+    security.declarePublic('getZeleniumVersion')
     def getZeleniumVersion(self):
       """Returns the version of the zelenium product
       """

product/ERP5/Tool/TrashTool.py

@@ -55,6 +55,7 @@ class TrashTool(BaseTool):
   security.declareProtected(Permissions.ManagePortal, 'manage_overview' )
   manage_overview = DTMLFile( 'explainTrashTool', _dtmldir )
 
+  security.declarePrivate('backupObject')
   def backupObject(self, trashbin, container_path, object_id, save, **kw):
     """
       Backup an object in a trash bin
@@ -159,6 +160,7 @@ class TrashTool(BaseTool):
               obj._cleanup()
     return subobjects_dict
 
+  security.declarePrivate('newTrashBin')
   def newTrashBin(self, bt_title='trash', bt=None):
     """
       Create a new trash bin at upgrade of bt
@@ -191,6 +193,7 @@ class TrashTool(BaseTool):
                               )
     return trashbin
 
+  security.declareProtected(Permissions.ManagePortal, 'getTrashBinObjectsList')
   def getTrashBinObjectsList(self, trashbin):
     """
       Return a list of trash objects for a given trash bin

product/ERP5/Tool/UrlRegistryTool.py

@@ -154,6 +154,8 @@ class UrlRegistryTool(BaseTool):
         url_list.append(url)
     return url_list
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'updateUrlRegistryTool')
   def updateUrlRegistryTool(self):
     """
     Fetch all document path, then call in activities

product/ERP5/mixin/amount_generator.py

@@ -30,7 +30,7 @@ from collections import defaultdict, deque
 import random
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base, Implicit
 from Products.ERP5.AggregatedAmountList import AggregatedAmountList
 from Products.ERP5Type import Permissions, interfaces

product/ERP5/mixin/base_convertable.py

@@ -28,7 +28,7 @@
 ##############################################################################
 from Products.CMFCore.utils import getToolByName
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from OFS.Image import Pdata
 from cStringIO import StringIO

product/ERP5/mixin/builder.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, PropertySheet
 from Products.ERP5Type.XMLObject import XMLObject
 from Products.ERP5Type.Core.Predicate import Predicate
@@ -150,6 +150,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
   def getRelatedBusinessLinkValueList(self):
     return self.getDeliveryBuilderRelatedValueList(portal_type='Business Link')
 
+  security.declarePrivate('callBeforeBuildingScript')
   def callBeforeBuildingScript(self):
     """
       Call a script on the module, for example, to remove some
@@ -284,8 +285,10 @@ class BuilderMixin(XMLObject, Amount, Predicate):
 
     return movement_list
 
+  security.declarePrivate('searchMovementList')
   searchMovementList = UnrestrictedMethod(_searchMovementList)
 
+  security.declarePrivate('collectMovement')
   def collectMovement(self, movement_list):
     """
       group movements in the way we want. Thanks to this method, we are able
@@ -366,6 +369,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
                             for movement_group_node in movement_group_node_list]
     return instance, self._getSortedPropertyDict(property_dict_list)
 
+  security.declarePrivate('buildDeliveryList')
   @UnrestrictedMethod
   def buildDeliveryList(self, movement_group_node,
                         delivery_relative_url_list=None,
@@ -717,6 +721,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
       # Update properties on object (quantity, price...)
       delivery_movement._edit(force_update=1, **property_dict)
 
+  security.declarePrivate('callAfterBuildingScript')
   @UnrestrictedMethod
   def callAfterBuildingScript(self, delivery_list, movement_list=(), **kw):
     """

product/ERP5/mixin/cached_convertable.py

@@ -33,7 +33,7 @@ import string
 
 from Acquisition import aq_base
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
 from OFS.Image import Pdata, Image as OFSImage

product/ERP5/mixin/composition.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Cache import transactional_cached

product/ERP5/mixin/configurable.py

@@ -28,7 +28,7 @@
 
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import PersistentMapping

product/ERP5/mixin/crawlable.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import normaliseUrl
 from Products.ERP5Type.DateUtils import convertDateToHour,\

product/ERP5/mixin/discoverable.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo, getSecurityManager
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from ZODB.POSException import ConflictError
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import convertToUpperCase

product/ERP5/mixin/document.py

@@ -28,7 +28,7 @@
 ##############################################################################
 from Products.CMFCore.utils import getToolByName
 from AccessControl import ClassSecurityInfo, Unauthorized
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from OFS.Image import Pdata
 from cStringIO import StringIO
@@ -86,6 +86,7 @@ class DocumentMixin:
       del transaction_variable[LOCK_PERMISSION_KEY]
     return result
   
+  security.declareProtected(Permissions.AccessContentsInformation, 'getFailsafeConversion')
   def getFailsafeConversion(self, **kw):
     """
       Return a failure resistent conversion of a document

product/ERP5/mixin/document_proxy.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from warnings import warn
 
@@ -59,7 +59,7 @@ class DocumentProxyMixin:
     return self.getProxiedDocumentValue()
 
   security.declareProtected(Permissions.AccessContentsInformation,
-                            'getProxiedDocument' )
+                            'getProxiedDocumentValue')
   def getProxiedDocumentValue(self):
     """
     Try to retrieve the original document

product/ERP5/mixin/downloadable.py

@@ -27,7 +27,7 @@
 #
 ##############################################################################
 from AccessControl import ClassSecurityInfo, Unauthorized
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import fill_args_from_request
 from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders,\

product/ERP5/mixin/encrypted_password.py

@@ -31,7 +31,7 @@
 import zope.interface
 from AccessControl import ClassSecurityInfo
 from AccessControl.AuthEncoding import pw_encrypt, pw_validate
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import PersistentMapping
@@ -55,6 +55,7 @@ class EncryptedPasswordMixin:
       return pw_validate(self.getPassword(), value)
     return False
 
+  security.declareProtected(Permissions.SetOwnPassword, 'checkPasswordValueAcceptable')
   def checkPasswordValueAcceptable(self, value):
     """
     Check the password. This method is defined explicitly, because:

product/ERP5/mixin/equivalence_tester.py

@@ -28,7 +28,7 @@
 
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.DivergenceMessage import DivergenceMessage
 from Products.ERP5Type.Message import Message
@@ -47,6 +47,7 @@ class EquivalenceTesterMixin:
   zope.interface.implements(interfaces.IEquivalenceTester,)
 
   # Implementation of IEquivalenceTester
+  security.declarePrivate('testEquivalence')
   def testEquivalence(self, simulation_movement):
     """
     Tests if simulation_movement is divergent. Returns False (0)
@@ -59,6 +60,7 @@ class EquivalenceTesterMixin:
     """
     return self.explain(simulation_movement) is not None
 
+  security.declarePrivate('explain')
   def explain(self, simulation_movement):
     """
     Returns a single message which explain the nature of
@@ -99,6 +101,7 @@ class EquivalenceTesterMixin:
     """
     return movement.getProperty(property)
 
+  security.declarePrivate('generateHashKey')
   def generateHashKey(self, movement):
     """
     Returns a hash key which can be used to optimise the
@@ -117,6 +120,7 @@ class EquivalenceTesterMixin:
       value = self._getTestedPropertyValue(movement, tested_property)
     return '%s/%r' % (tested_property, value)
 
+  security.declarePrivate('compare')
   def compare(self, prevision_movement, decision_movement):
     """
     Returns True if prevision_movement and delivery_movement
@@ -136,6 +140,7 @@ class EquivalenceTesterMixin:
     """
     return (self._compare(prevision_movement, decision_movement) is None)
 
+  security.declarePrivate('update')
   def update(self, prevision_movement, decision_movement):
     """
     Updates decision_movement with properties from
@@ -164,6 +169,8 @@ class EquivalenceTesterMixin:
     decision_movement.edit(
       **self.getUpdatablePropertyDict(prevision_movement, decision_movement))
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getExplanationMessage')
   def getExplanationMessage(self, simulation_movement):
     """
     Returns the HTML message that describes the detail of the
@@ -201,6 +208,8 @@ class EquivalenceTesterMixin:
     """
     raise NotImplementedError
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUpdatablePropertyDict')
   def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
     """
     Returns a mapping of properties to update on decision_movement so that next

product/ERP5/mixin/explainable.py

@@ -28,7 +28,7 @@
 
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 
 class ExplainableMixin:

product/ERP5/mixin/extensible_traversable.py

@@ -35,7 +35,7 @@ from Products.ERP5Type.ExtensibleTraversable import ExtensibleTraversableMixIn
 from Products.ERP5Type.Cache import getReadOnlyTransactionCache
 from AccessControl import ClassSecurityInfo, getSecurityManager
 from AccessControl.SecurityManagement import newSecurityManager, setSecurityManager
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders, _ViewEmulator
 from OFS.Image import File as OFSFile

product/ERP5/mixin/login_account_provider.py

@@ -30,7 +30,7 @@
 from Products.ERP5Type import Permissions
 from AccessControl.AuthEncoding import pw_validate
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 
 class LoginAccountProviderMixin:
   """
@@ -88,6 +88,7 @@ class LoginAccountProviderMixin:
       return True
     return False
     
+  security.declareProtected(Permissions.SetOwnPassword, 'analyzePassword')
   def analyzePassword(self, password, **kw):
     """
     Analyze password validity.

product/ERP5/mixin/movement_collection_updater.py

@@ -28,7 +28,7 @@
 
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5.MovementCollectionDiff import (
   MovementCollectionDiff, _getPropertyAndCategoryList)
@@ -52,6 +52,8 @@ class MovementCollectionUpdaterMixin:
   zope.interface.implements(interfaces.IMovementCollectionUpdater,)
 
   # Implementation of IMovementCollectionUpdater
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getMovementCollectionDiff')
   def getMovementCollectionDiff(self, context, rounding=False,
                                 movement_generator=None):
     """
@@ -147,6 +149,8 @@ class MovementCollectionUpdaterMixin:
 
     return movement_collection_diff
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'updateMovementCollection')
   def updateMovementCollection(self, context, rounding=False,
                                movement_generator=None):
     """

product/ERP5/mixin/periodicity.py

@@ -29,7 +29,7 @@
 
 from DateTime import DateTime
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Message import Message
 
@@ -237,7 +237,7 @@ class PeriodicityMixin:
     return [(Message(domain='erp5_ui', message=x), x) \
             for x in self.getWeekDayList()]
 
-  security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayItemList')
+  security.declareProtected(Permissions.AccessContentsInformation, 'getMonthItemList')
   def getMonthItemList(self):
     """
     returns something like [('January', 1), ('February', 2),...]

product/ERP5/mixin/property_recordable.py

@@ -28,7 +28,7 @@
 
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import PersistentMapping

product/ERP5/mixin/rule.py

@@ -29,7 +29,7 @@
 import transaction
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Base import Base
@@ -158,6 +158,8 @@ class RuleMixin(Predicate):
   movement_type = 'Simulation Movement'
 
   # Implementation of IRule
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'constructNewAppliedRule')
   def constructNewAppliedRule(self, context, **kw):
     """
     Create a new applied rule in the context.
@@ -190,6 +192,8 @@ class RuleMixin(Predicate):
       return False
     return super(RuleMixin, self).test(*args, **kw)
 
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'expand')
   def expand(self, applied_rule, expand_policy=None, **kw):
     """
     Expand this applied rule to create new documents inside the
@@ -473,6 +477,7 @@ class RuleMixin(Predicate):
         new_movement = self._newProfitAndLossMovement(prevision_movement)
         movement_collection_diff.addNewMovement(new_movement)
 
+InitializeClass(RuleMixin)
 
 class SimulableMixin(Base):
   security = ClassSecurityInfo()
@@ -553,6 +558,8 @@ class SimulableMixin(Base):
         if not movement.aq_inContextOf(applied_rule):
           movement.recursiveReindexObject(activate_kw=activate_kw)
 
+  security.declareProtected( Permissions.AccessContentsInformation,
+                             'getRuleReference')
   def getRuleReference(self):
     """Returns an appropriate rule reference
 
@@ -609,4 +616,4 @@ class SimulableMixin(Base):
       o.getParentValue().deleteContent(o.getId())
     super(SimulableMixin, self).manage_beforeDelete(item, container)
 
-InitializeClass(RuleMixin)
+InitializeClass(SimulableMixin)

product/ERP5/mixin/solver.py

@@ -29,7 +29,7 @@
 
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, PropertySheet, interfaces
 from Products.ERP5Type.UnrestrictedMethod import super_user
 from Products.ERP5Type.XMLObject import XMLObject
@@ -58,6 +58,8 @@ class SolverMixin(object):
   def getPortalTypeValue(self):
     return self.getPortalObject().portal_solvers._getOb(self.getPortalType())
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'searchDeliverySolverList')
   def searchDeliverySolverList(self, **kw):
     """
     this method returns a list of delivery solvers
@@ -70,6 +72,8 @@ class SolverMixin(object):
     solver_list = target_solver_type.getDeliverySolverValueList()
     return solver_list
 
+InitializeClass(SolverMixin)
+
 class ConfigurablePropertySolverMixin(SolverMixin,
                                       ConfigurableMixin,
                                       XMLObject):
@@ -118,4 +122,4 @@ class ConfigurablePropertySolverMixin(SolverMixin,
       tested_property_list = portal_type.getTestedPropertyList()
     return tested_property_list
 
-InitializeClass(SolverMixin)
+InitializeClass(ConfigurablePropertySolverMixin)

product/ERP5/mixin/text_convertable.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from warnings import warn
 

product/ERP5/mixin/timer_service.py

@@ -28,7 +28,7 @@
 
 import warnings
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.CMFActivity.ActivityTool import ActivityTool
 from Products.ERP5Type import Permissions
 try:

product/ERP5/mixin/url.py

@@ -28,7 +28,7 @@
 ##############################################################################
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import normaliseUrl
 
@@ -133,6 +133,8 @@ class UrlMixin:
     url_string = self.getUrlString()
     return '/'.join(url_string.split('/')[1:])
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asNormalisedURL')
   def asNormalisedURL(self, base_url=None):
     """
     call normaliseUrl with raw url

product/ERP5/mixin/variated.py

@@ -29,7 +29,7 @@
 
 from warnings import warn
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.CMFCategory.Renderer import Renderer
 from Products.ERP5Type import interfaces, Permissions, PropertySheet
 import zope.interface

product/ERP5/mixin/virtual_folder.py

@@ -31,7 +31,7 @@
 _marker=[]
 
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type.Core.Folder import Folder
 from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
 

product/ERP5Catalog/CatalogTool.py

@@ -314,6 +314,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
                 , 'manage_schema')
     manage_schema = DTMLFile('dtml/manageSchema', globals())
 
+    security.declarePublic('getPreferredSQLCatalogId')
     def getPreferredSQLCatalogId(self, id=None):
       """
       Get the SQL Catalog from preference.
@@ -366,6 +367,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
         return result
 
     # Schema Management
+    security.declareProtected(Permissions.ManagePortal, 'editColumn')
     def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
       """
         Modifies a schema column of the catalog
@@ -379,17 +381,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
         new_schema.append(new_c)
       self.setColumnList(new_schema)
 
+    security.declareProtected(Permissions.ManagePortal, 'setColumnList')
     def setColumnList(self, column_list):
       """
       """
       self._sql_schema = column_list
 
+    security.declarePublic('getColumnList')
     def getColumnList(self):
       """
       """
       if not hasattr(self, '_sql_schema'): self._sql_schema = []
       return self._sql_schema
 
+    security.declarePublic('getColumn')
     def getColumn(self, column_id):
       """
       """
@@ -398,6 +403,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
           return c
       return None
 
+    security.declareProtected(Permissions.ManagePortal, 'editIndex')
     def editIndex(self, index_id, sql_definition, REQUEST=None, RESPONSE=None):
       """
         Modifies the schema of the catalog
@@ -411,17 +417,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
         new_index.append(new_c)
       self.setIndexList(new_index)
 
+    security.declareProtected(Permissions.ManagePortal, 'setIndexList')
     def setIndexList(self, index_list):
       """
       """
       self._sql_index = index_list
 
+    security.declarePublic('getIndexList')
     def getIndexList(self):
       """
       """
       if not hasattr(self, '_sql_index'): self._sql_index = []
       return self._sql_index
 
+    security.declarePublic('getIndex')
     def getIndex(self, index_id):
       """
       """
@@ -512,6 +521,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
 
       return allowedRolesAndUsers, role_column_dict, local_role_column_dict
 
+    security.declarePublic('getSecurityUidDictAndRoleColumnDict')
     def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, local_roles=None):
       """
         Return a dict of local_roles_group_id -> security Uids and a

product/ERP5Form/Document/Preference.py

@@ -86,10 +86,12 @@ class Preference( Folder ):
     self._clearCache()
     Folder._edit(self, **kw)
 
+  security.declareProtected(Permissions.ModifyPortalContent, 'enable')
   def enable(self, **kw):
     """Workflow method"""
     self._clearCache()
 
+  security.declareProtected(Permissions.ModifyPortalContent, 'disable')
   def disable(self, **kw):
     """Workflow method"""
     self._clearCache()

product/ERP5Form/Form.py

@@ -710,6 +710,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
       return ret
 
     # Utilities
+    security.declareProtected('View', 'ErrorFields')
     def ErrorFields(self, validation_errors):
         """
             Create a dictionnary of validation_errors
@@ -788,6 +789,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
 
     manage_FTPput = PUT
 
+    security.declarePrivate('getSimilarSkinFolderIdList')
     def getSimilarSkinFolderIdList(self):
       """
       Find other skins id installed in the same time

product/ERP5Form/ProxyField.py

@@ -412,6 +412,7 @@ class ProxyField(ZMIField):
     """
     return self.getTemplateField().get_error_names()
 
+  security.declareProtected('Access contents information', 'getTemplateField')
   def getTemplateField(self, cache=True):
     """
     Return template field of the proxy field.
@@ -478,6 +479,7 @@ class ProxyField(ZMIField):
       self._setTemplateFieldCache(proxy_field)
     return proxy_field
 
+  security.declareProtected('Access contents information', 'getRecursiveTemplateField')
   def getRecursiveTemplateField(self):
     """
     Return template field of the proxy field.
@@ -639,6 +641,7 @@ class ProxyField(ZMIField):
         else:
           return None
 
+  security.declareProtected('Access contents information', 'getFieldValue')
   def getFieldValue(self, field, id, **kw):
     """
       Return a callable expression and cacheable boolean flag

product/ERP5Form/Tool/SelectionTool.py

@@ -1197,6 +1197,7 @@ class SelectionTool( BaseTool, SimpleItem ):
       return md5(str(sorted(map(str, uid_list)))).hexdigest()
 
     # Related document searching
+    security.declarePublic('viewSearchRelatedDocumentDialog')
     def viewSearchRelatedDocumentDialog(self, index, form_id,
                                         REQUEST=None, sub_index=None, **kw):
       """
@@ -1433,6 +1434,7 @@ class SelectionTool( BaseTool, SimpleItem ):
       tv['_user_id'] = user_id
       return user_id
 
+    security.declarePrivate('getTemporarySelectionDict')
     def getTemporarySelectionDict(self):
       """ Temporary selections are used in push/pop nested scope,
       to prevent from editting for stored selection in the scope.
@@ -1794,7 +1796,7 @@ for x in SelectionTool.__dict__:
   if x in method_id_filter_list:
     continue
   roles = getattr(SelectionTool, '%s__roles__' % x, None)
-  if roles is None:
+  if roles is None or roles == ():
     continue
   if roles.__name__ == ERP5Permissions.ManagePortal:
     continue

product/ERP5OOo/tests/testDms.py

@@ -2495,6 +2495,7 @@ return 1
     kw['portal_type'] = "Spreadsheet"
     new_document = self.portal.Base_contribute(**kw)
     self.assertEqual(new_document.getValidationState(), 'draft')
+    self.tic()
 
     # make it read only
     document.manage_permission(Permissions.ModifyPortalContent, [])

product/ERP5Security/ERP5GroupManager.py

@@ -78,6 +78,7 @@ class ERP5GroupManager(BasePlugin):
   #
   #   IGroupsPlugin implementation
   #
+  security.declarePrivate('getGroupsForPrincipal')
   def getGroupsForPrincipal(self, principal, request=None):
     """ See IGroupsPlugin.
     """

product/ERP5Security/ERP5UserFactory.py

@@ -209,6 +209,7 @@ class ERP5UserFactory(BasePlugin):
     self._id = self.id = id
     self.title = title
 
+  security.declarePrivate('createUser')
   def createUser( self, user_id, name ):
     """ See IUserFactoryPlugin
     """

product/ERP5Type/Base.py

@@ -809,12 +809,16 @@ class Base( CopyContainer,
   getId = BaseAccessor.Getter('getId', 'id', 'string')
 
   # Debug
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getOid')
   def getOid(self):
     """
       Return ODB oid
     """
     return self._p_oid
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getOidRepr')
   def getOidRepr(self):
     """
       Return ODB oid, in an 'human' readable form.
@@ -822,10 +826,14 @@ class Base( CopyContainer,
     from ZODB.utils import oid_repr
     return oid_repr(self._p_oid)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSerial')
   def getSerial(self):
     """Return ODB Serial."""
     return self._p_serial
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getHistorySerial')
   def getHistorySerial(self):
     """Return ODB Serial, in the same format used for history keys"""
     return '.'.join([str(x) for x in unpack('>HHHH', self._p_serial)])
@@ -1378,6 +1386,8 @@ class Base( CopyContainer,
   # Accessors are not workflow methods by default
   # Ping provides a dummy method to trigger automatic methods
   # XXX : maybe an empty edit is enough (self.edit())
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'ping')
   def ping(self):
     pass
 
@@ -1565,6 +1575,8 @@ class Base( CopyContainer,
     """
     return self
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDocumentInstance')
   def getDocumentInstance(self):
     """
       Returns self
@@ -1584,6 +1596,8 @@ class Base( CopyContainer,
         assert mount_point._getMountedConnection(connection) is connection
         return mount_point._traverseToMountedRoot(connection.root(), None)
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asSQLExpression')
   def asSQLExpression(self, strict_membership=0, table='category', base_category = None):
     """
       Any document can be used as a Category. It can therefore
@@ -3266,6 +3280,8 @@ class Base( CopyContainer,
     self._p_changed = 1
 
   # Helpers
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getQuantityPrecisionFromResource')
   def getQuantityPrecisionFromResource(self, resource, d=2):
     """
       Provides a quick access to precision without accessing the resource

product/ERP5Type/CopySupport.py

@@ -383,28 +383,6 @@ class CopyContainer:
                            group_method_id='portal_catalog/uncatalogObjectList',
                            serialization_tag=self.getRootDocumentPath()).unindexObject(uid=uid)
 
-  security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
-  def moveObject(self, idxs=None):
-      """
-          Reindex the object in the portal catalog.
-          If idxs is present, only those indexes are reindexed.
-          The metadata is always updated.
-
-          Also update the modification date of the object,
-          unless specific indexes were requested.
-
-          Passes is_object_moved to catalog to force
-          reindexing without creating new uid
-      """
-      if idxs is None: idxs = []
-      if idxs == []:
-          # Update the modification date.
-          if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
-              self.notifyModified()
-      catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
-      if catalog is not None:
-          catalog.moveObject(self, idxs=idxs)
-
   def _notifyOfCopyTo(self, container, op=0):
       """Overiden to track object cut and pastes, and update related
       content accordingly.

product/ERP5Type/Core/ActionInformation.py

@@ -86,18 +86,21 @@ class ActionInformation(XMLObject):
   # XXX Following getAction/getCondition/getIcon are problably not useful
   #     because properties should already be cleaned up during migration
   #     or installation from BT.
+  security.declareProtected(AccessContentsInformation, 'getAction')
   def getAction(self):
     """Overridden getter for 'action' to clean null values"""
     if getattr(aq_base(self), 'action', None) == '':
       del self.action
     return self._baseGetAction()
 
+  security.declareProtected(AccessContentsInformation, 'getCondition')
   def getCondition(self):
     """Overridden getter for 'condition' to clean null values"""
     if getattr(aq_base(self), 'condition', None) == '':
       del self.condition
     return self._baseGetCondition()
 
+  security.declareProtected(AccessContentsInformation, 'getIcon')
   def getIcon(self):
     """Overridden getter for 'icon' to clean null values"""
     if getattr(aq_base(self), 'icon', None) == '':

product/ERP5Type/Core/CacheFactory.py

@@ -61,6 +61,7 @@ class CacheFactory(XMLObject):
                     , PropertySheet.SortIndex
                     )
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'getCacheId')
   def getCacheId(self):
     """
       Get a common Cache Factory / Cache Bag ID in this
@@ -94,6 +95,7 @@ class CacheFactory(XMLObject):
     for cache_plugin in cache_plugin_list:
       cache_plugin.set(cache_id, value)
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'getCachePluginList')
   def getCachePluginList(self, allowed_type_list=None):
     """ get ordered list of installed cache plugins in ZODB """
     if allowed_type_list is None:

product/ERP5Type/Core/Folder.py

@@ -588,12 +588,14 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
     # Create data structure if none present
     return FolderMixIn.newContent(self, *args, **kw)
       
+  security.declareProtected(Permissions.AccessContentsInformation, 'isBTree')
   def isBTree(self):
     """
     Tell if we are a BTree
     """
     return self._folder_handler == BTREE_HANDLER
   
+  security.declareProtected(Permissions.AccessContentsInformation, 'isHBTree')
   def isHBTree(self):
     """
     Tell if we are a HBTree
@@ -1386,6 +1388,28 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
                    'recursiveImmediateReindexObject', None) is not None:
           c.recursiveImmediateReindexObject(**kw)
 
+  security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
+  def moveObject(self, idxs=None):
+      """
+          Reindex the object in the portal catalog.
+          If idxs is present, only those indexes are reindexed.
+          The metadata is always updated.
+
+          Also update the modification date of the object,
+          unless specific indexes were requested.
+
+          Passes is_object_moved to catalog to force
+          reindexing without creating new uid
+      """
+      if idxs is None: idxs = []
+      if idxs == []:
+          # Update the modification date.
+          if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
+              self.notifyModified()
+      catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
+      if catalog is not None:
+          catalog.moveObject(self, idxs=idxs)
+
   security.declareProtected( Permissions.ModifyPortalContent,
                              'recursiveMoveObject' )
   def recursiveMoveObject(self):
@@ -1513,46 +1537,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
                                           strict_membership=strict_membership))
     return "( %s )" % result
 
-
-  def mergeContent(self,from_object=None,to_object=None, delete=1,**kw):
-    """
-    This method will merge two objects.
-
-    When we have to different objects wich represent the same content, we
-    may want to merge them. In this case, we want to be sure to report
-
-    """
-    if from_object is None or to_object is None:
-      return
-
-    from_object_related_object_list = self.portal_categories\
-                                          .getRelatedValueList(from_object)
-    to_object_url = to_object.getRelativeUrl()
-    from_object_url = from_object.getRelativeUrl()
-    corrected_list = []
-    for object in from_object_related_object_list:
-      #LOG('Folder.mergeContent, working on object:',0,object)
-      new_category_list = []
-      found = 0
-      for category in object.getCategoryList(): # so ('destination/person/1',...)
-        #LOG('Folder.mergeContent, working on category:',0,category)
-        linked_object_url = '/'.join(category.split('/')[1:])
-        if linked_object_url == from_object_url:
-          base_category = category.split('/')[0]
-          found = 1
-          new_category_list.append(base_category + '/' + to_object_url)
-        else:
-          new_category_list.append(category)
-      if found:
-        corrected_list.append(object)
-        object.setCategoryList(new_category_list)
-        object.immediateReindexObject()
-    if delete:
-      if len(from_object.portal_categories.getRelatedValueList(from_object))==0:
-        parent = from_object.getParentValue()
-        parent.manage_delObjects(from_object.getId())
-    return corrected_list
-
   security.declareProtected( Permissions.AccessContentsInformation,
                              'objectValues' )
   def objectValues(self, spec=None, meta_type=None, portal_type=None,

product/ERP5Type/Core/Predicate.py

@@ -355,12 +355,14 @@ class Predicate(XMLObject):
   security.declareProtected( Permissions.AccessContentsInformation, 'asSqlJoinExpression' )
   asSqlJoinExpression = asSQLJoinExpression
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'searchResults')
   def searchResults(self, **kw):
     """
     """
     portal_catalog = getToolByName(self, 'portal_catalog')
     return portal_catalog.searchResults(build_sql_query_method=self.buildSQLQuery,**kw)
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'countResults')
   def countResults(self, REQUEST=None, used=None, **kw):
     """
     """
@@ -600,6 +602,7 @@ class Predicate(XMLObject):
   def _asPredicate(self):
     return self
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'searchPredicate')
   def searchPredicate(self, **kw):
     """
       Returns a list of documents matching the predicate

product/ERP5Type/Core/RoleInformation.py

@@ -76,6 +76,7 @@ class RoleInformation(XMLObject):
       value = value and Expression(value) or None
     self._baseSetCondition(value)
 
+  security.declareProtected(AccessContentsInformation, 'getCondition')
   def getCondition(self):
     """Overridden getter for 'condition' to clean null values"""
     if getattr(aq_base(self), 'condition', None) == '':

product/ERP5Type/Core/StandardProperty.py

@@ -86,6 +86,8 @@ class StandardProperty(IdAsReferenceMixin('_property'), XMLObject):
   getDescription = Base.Getter('getDescription', 'description', 'string',
                                default='')
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getElementaryType')
   def getElementaryType(self):
     """
     Define this getter manually as it is not possible to rely on

product/ERP5Type/ERP5Type.py

@@ -75,7 +75,7 @@ class LocalRoleAssignorMixIn(object):
 
     zope.interface.implements(interfaces.ILocalRoleAssignor)
 
-    security.declarePrivate('updateLocalRolesOnObject')
+    security.declarePrivate('updateLocalRolesOnDocument')
     @UnrestrictedMethod
     def updateLocalRolesOnDocument(self, ob, user_name=None, reindex=True, activate_kw=()):
       """
@@ -209,6 +209,8 @@ class LocalRoleAssignorMixIn(object):
       role.uid = None
       return self[self._setObject(role.id, role, set_owner=0)]
 
+InitializeClass(LocalRoleAssignorMixIn)
+
 class ERP5TypeInformation(XMLObject,
                           FactoryTypeInformation,
                           LocalRoleAssignorMixIn,

product/ERP5Type/Tool/CacheTool.py

@@ -199,6 +199,7 @@ class CacheTool(BaseTool):
     if REQUEST is not None:
       self.REQUEST.RESPONSE.redirect('cache_tool_configure?manage_tabs_message=Cache factory scope %s cleared.' %cache_factory_id)
 
+  security.declareProtected(Permissions.AccessContentsInformation, 'getCacheTotalMemorySize')
   def getCacheTotalMemorySize(self, REQUEST=None):
     """ Calculate total size of memory used for cache.
 

product/ERP5Type/Tool/SessionTool.py

@@ -191,6 +191,7 @@ class SessionTool(BaseTool):
     session._updatecontext(self)
     return session
 
+  security.declarePrivate('getSession')
   def getSession(self, session_id, session_duration=None):
     """ Return session object. """
     storage_plugin = self._getStoragePlugin()
@@ -216,6 +217,7 @@ class SessionTool(BaseTool):
       session = session.getValue()
     return session
 
+  security.declarePublic('newContent')
   def newContent(self, id, **kw):
     """ Create new session object. """
     session =  self.getSession(id)

product/ERP5Type/Tool/WebServiceTool.py

@@ -89,6 +89,8 @@ class WebServiceTool(BaseTool):
   security.declareProtected(Permissions.ManagePortal, 'manage_overview')
   manage_overview = DTMLFile('explainWebServiceTool', _dtmldir )
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConnectionPluginList')
   def getConnectionPluginList(self):
     """
     Return list of available connection plugins
@@ -97,6 +99,7 @@ class WebServiceTool(BaseTool):
     plugin_list.sort()
     return plugin_list
 
+  security.declareProtected(Permissions.ManagePortal, 'connect')
   def connect(self, url, user_name=None, password=None, transport=None, transport_kw=None):
     """
     Connect to remote instances

product/ERP5Type/WebDAVSupport.py

@@ -17,6 +17,7 @@ import re
 import transaction
 from Acquisition import aq_parent, aq_inner, aq_base
 from AccessControl import ClassSecurityInfo, ModuleSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, PropertySheet, Constraint
 from Products.CMFCore.PortalContent import ResourceLockedError
 from Products.CMFCore.utils import getToolByName
@@ -193,6 +194,8 @@ class TextContent:
     """ Used for FTP and apparently the ZMI now too """
     return len(self.manage_FTPget())
 
+InitializeClass(TextContent)
+
 from webdav.common import Locked, PreconditionFailed
 from webdav.interfaces import IWriteLock
 from webdav.NullResource import NullResource

product/ERP5Type/mixin/component.py

@@ -32,6 +32,7 @@
 from __future__ import absolute_import
 
 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5.mixin.property_recordable import PropertyRecordableMixin
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Base import Base
@@ -399,3 +400,5 @@ class ComponentMixin(PropertyRecordableMixin, Base):
     rev = historicalRevision(self, serial)
 
     return rev.getTextContent()
+
+InitializeClass(ComponentMixin)

product/ERP5Type/patches/ActionsTool.py

@@ -16,8 +16,13 @@ import logging
 
 logger = logging.getLogger(__name__)
 
+from Products.ERP5Type.Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from Products.CMFCore.ActionsTool import ActionsTool
 from Products.CMFCore.interfaces import IActionProvider
+from Products.CMFCore.permissions import ManagePortal
+
+security = ClassSecurityInfo()
 
 def migrateNonProviders(portal_actions):
   portal_actions_path = '/'.join(portal_actions.getPhysicalPath())
@@ -100,4 +105,8 @@ def reorderActions(self, REQUEST=None):
     return self.manage_editActionsForm(REQUEST,
         manage_tabs_message='Actions reordered.')
 
+security.declareProtected(ManagePortal, 'reorderActions')
 ActionsTool.reorderActions = reorderActions
+
+ActionsTool.security = security
+InitializeClass(ActionsTool)

product/ERP5Type/patches/CookieCrumbler.py

@@ -25,6 +25,8 @@ Patch CookieCrumbler to prevent came_from to appear in the URL
 when ERP5 runs in "require_referer" mode.
 """
 
+from AccessControl.SecurityInfo import ClassSecurityInfo
+from App.class_init import InitializeClass
 from Products.CMFCore.CookieCrumbler import CookieCrumbler
 from Products.CMFCore.CookieCrumbler import CookieCrumblerDisabled
 from urllib import quote, unquote
@@ -43,6 +45,8 @@ class PatchedCookieCrumbler(CookieCrumbler):
   """
   pass
 
+security = ClassSecurityInfo()
+
 def getLoginURL(self):
     '''
     Redirects to the login page.
@@ -68,6 +72,7 @@ def getLoginURL(self):
             return url
     return None
 
+security.declarePublic('getLoginURL')
 CookieCrumbler.getLoginURL = getLoginURL
 
 def balancer_cookie_hook(ob, req, resp):
@@ -177,3 +182,6 @@ def credentialsChanged(self, user, name, pw):
   method( resp, self.auth_cookie, quote( ac ) )
 
 CookieCrumbler.credentialsChanged = credentialsChanged
+
+CookieCrumbler.security = security
+InitializeClass(CookieCrumbler)

product/ERP5Type/patches/DA.py

@@ -21,13 +21,18 @@ from Shared.DC.ZRDB.DA import DA, DatabaseError, SQLMethodTracebackSupplement
 from Shared.DC.ZRDB import RDB
 from Shared.DC.ZRDB.Results import Results
 from App.Extensions import getBrain
-from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo, getSecurityManager 
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base, aq_parent
 from zLOG import LOG, INFO, ERROR
 from string import find
 from cStringIO import StringIO
+from Products.ERP5Type import Permissions
 import sys
 
+security = ClassSecurityInfo()
+DA.security = security
+
 def DA_fromFile(self, filename):
   """
     Read the file and update self
@@ -261,7 +266,9 @@ def DA_upgradeSchema(self, connection_id=None, create_if_not_exists=False,
                        initialize, src__)
 
 DA.__call__ = DA__call__
+security.declarePrivate('fromFile')
 DA.fromFile = DA_fromFile
+security.declarePrivate('fromText')
 DA.fromText = DA_fromText
 DA.manage_FTPget = DA_manage_FTPget
 DA.PUT = DA_PUT
@@ -297,3 +304,4 @@ if hasattr(Shared.DC.ZRDB.DA, 'getObject'):
 
 import App.Extensions
 App.Extensions.getObject = getObjectMeta(App.Extensions.getObject)
+InitializeClass(DA)

product/ERP5Type/patches/DCWorkflow.py

@@ -16,7 +16,7 @@
 # Optimized rendering of global actions (cache)
 
 from Products.ERP5Type.Globals import DTMLFile
-from Products.ERP5Type import _dtmldir
+from Products.ERP5Type import Permissions, _dtmldir
 from Products.DCWorkflow.DCWorkflow import DCWorkflowDefinition, StateChangeInfo, createExprContext
 from Products.DCWorkflow.DCWorkflow import ObjectDeleted, ObjectMoved, aq_parent, aq_inner
 from Products.DCWorkflow import DCWorkflow
@@ -110,6 +110,7 @@ def Guard_checkWithoutRoles(self, sm, wf_def, ob, **kw):
             return 0
     return 1
 
+DCWorkflowDefinition.security = ClassSecurityInfo()
 
 def DCWorkflowDefinition_listGlobalActions(self, info):
     '''
@@ -336,6 +337,7 @@ def DCWorkflowDefinition_getWorklistVariableMatchDict(self, info,
     return None
   return variable_match_dict
 
+DCWorkflowDefinition.security.declarePrivate('getWorklistVariableMatchDict')
 DCWorkflowDefinition.getWorklistVariableMatchDict = DCWorkflowDefinition_getWorklistVariableMatchDict
 
 class ValidationFailed(Exception):
@@ -699,6 +701,8 @@ def getPortalTypeListForWorkflow(self):
       result.append(portal_type)
   return result
 
+DCWorkflowDefinition.security.declareProtected(Permissions.AccessContentsInformation,
+                                               'getPortalTypeListForWorkflow')
 DCWorkflowDefinition.getPortalTypeListForWorkflow = getPortalTypeListForWorkflow
 
 def DCWorkflowDefinition_getFutureStateSet(self, state, ignore=(),
@@ -719,8 +723,10 @@ def DCWorkflowDefinition_getFutureStateSet(self, state, ignore=(),
       self.getFutureStateSet(state, ignore, _future_state_set)
   return _future_state_set
 
+DCWorkflowDefinition.security.declarePrivate('getFutureStateSet')
 DCWorkflowDefinition.getFutureStateSet = DCWorkflowDefinition_getFutureStateSet
 
+InitializeClass(DCWorkflowDefinition)
 
 # This patch allows to use workflowmethod as an after_script
 # However, the right way of doing would be to have a combined state of TRIGGER_USER_ACTION and TRIGGER_WORKFLOW_METHOD

product/ERP5Type/patches/DCWorkflowGraph.py

@@ -28,6 +28,10 @@
 #
 ##############################################################################
 
+from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
+from Products.ERP5Type import Permissions
+
 # Products.DCWorkflowGraph.config does not check the return value of
 # getenv('PATH'). This fails if PATH is not defined which is the case when
 # running ZEO with SlapOS for example. But, Products.DCWorkflowGraph.__init__
@@ -182,3 +186,9 @@ DCWorkflowGraph.getGraph = getGraph
 from Products.DCWorkflow.DCWorkflow import DCWorkflowDefinition
 DCWorkflowDefinition.getGraph = getGraph
 DCWorkflowDefinition.getPOT = DCWorkflowGraph.getPOT
+
+security = ClassSecurityInfo()
+security.declareProtected(Permissions.ManagePortal, 'getPOT')
+security.declareProtected(Permissions.ManagePortal, 'getGraph')
+DCWorkflowDefinition.security = security
+InitializeClass(DCWorkflowDefinition)

product/ERP5Type/patches/ExternalMethod.py

@@ -14,7 +14,7 @@
 from inspect import getargs
 from Products.ExternalMethod.ExternalMethod import *
 from AccessControl import ModuleSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_parent
 from Products.ERP5Type.patches.PythonScript import _guard_form, \
      _guard_manage_options, checkGuard, getGuard, manage_guardForm, \

product/ERP5Type/patches/OFSFolder.py

@@ -12,7 +12,10 @@
 #
 ##############################################################################
 
+from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from OFS.Folder import Folder
+from Products.ERP5Type import Permissions
 
 """
   This patch modifies OFS.Folder._setOb to update portal_skins cache when
@@ -55,3 +58,8 @@ def Folder_isERP5SitePresent(self):
   return len(self.objectIds("ERP5 Site")) > 0
 
 Folder.isERP5SitePresent = Folder_isERP5SitePresent
+
+security = ClassSecurityInfo()
+security.declareProtected(Permissions.ManagePortal, 'isERP5SitePresent')
+Folder.security = security
+InitializeClass(Folder)

product/ERP5Type/patches/PythonScript.py

@@ -15,13 +15,16 @@ from Products.DCWorkflow.Guard import Guard
 from Products.PythonScripts.PythonScript import PythonScript
 from App.special_dtml import DTMLFile
 from Products.ERP5Type import _dtmldir
-from AccessControl import ModuleSecurityInfo, getSecurityManager
+from AccessControl import ClassSecurityInfo, getSecurityManager
 from AccessControl.class_init import InitializeClass
 from OFS.misc_ import p_
 from App.ImageFile import ImageFile
 from Acquisition import aq_base, aq_parent
 from zExceptions import Forbidden
 
+security = ClassSecurityInfo()
+PythonScript.security = security
+
 def haveProxyRole(self):
   """if a script has proxy role, return True"""
   return bool(self._proxy_roles)
@@ -41,7 +44,9 @@ pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals())
 #
 # Add proxy role icon in ZMI
 #
+security.declarePrivate('haveProxyRole')
 PythonScript.haveProxyRole = haveProxyRole
+
 PythonScript.om_icons = om_icons
 p_.PythonScript_ProxyRole_icon = pyscript_proxyrole
 
@@ -57,8 +62,6 @@ PythonScript.manage_main = manage_editForm
 PythonScript.manage_editDocument = manage_editForm
 PythonScript.manage_editForm = manage_editForm
 
-security = ModuleSecurityInfo('Products.PythonScripts.PythonScript.PythonScript')
-
 _guard_manage_options = (
   {
     'label':'Guard',

product/ERP5Type/patches/WorkflowTool.py

@@ -19,7 +19,8 @@ from types import StringTypes
 
 # Make sure Interaction Workflows are called even if method not wrapped
 
-from AccessControl import Unauthorized
+from AccessControl import ClassSecurityInfo, Unauthorized
+from Products.ERP5Type.Globals import InitializeClass
 from Products.CMFCore.WorkflowTool import WorkflowTool
 from Products.CMFCore.WorkflowCore import ObjectMoved, ObjectDeleted
 from Products.CMFCore.WorkflowCore import WorkflowException
@@ -29,6 +30,7 @@ from Products.DCWorkflow.Transitions import TRIGGER_WORKFLOW_METHOD
 from Products.CMFCore.utils import getToolByName
 from Products.ZSQLCatalog.SQLCatalog import SimpleQuery, AutoQuery, ComplexQuery, NegatedQuery
 from Products.CMFCore.utils import _getAuthenticatedUser
+from Products.ERP5Type import Permissions
 from Products.ERP5Type.Cache import CachingMethod
 from sets import ImmutableSet
 from Acquisition import aq_base
@@ -38,6 +40,9 @@ from itertools import izip
 from MySQLdb import ProgrammingError, OperationalError
 from DateTime import DateTime
 
+security = ClassSecurityInfo()
+WorkflowTool.security = security
+
 def DCWorkflowDefinition_notifyWorkflowMethod(self, ob, transition_list, args=None, kw=None):
     '''
     Allows the system to request a workflow action.  This method
@@ -84,6 +89,7 @@ def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=N
     '''
     pass
 
+security.declarePrivate('notifyWorkflowMethod')
 DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod
 DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore
 DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess
@@ -709,6 +715,7 @@ def WorkflowTool_refreshWorklistCache(self):
             self.Base_zCreateWorklistTable()
             Base_zInsertIntoWorklistTable(**value_column_dict)
 
+security.declareProtected(Permissions.ManagePortal, 'refreshWorklistCache')
 WorkflowTool.refreshWorklistCache = WorkflowTool_refreshWorklistCache
 
 class WorkflowHistoryList(Persistent):
@@ -831,6 +838,7 @@ def WorkflowTool_isTransitionPossible(self, ob, transition_id, wf_id=None):
         return 1
     return 0
 
+security.declarePublic('isTransitionPossible')
 WorkflowTool.isTransitionPossible = WorkflowTool_isTransitionPossible
 
 def WorkflowTool_getWorkflowChainDict(self, sorted=True):
@@ -844,6 +852,7 @@ def WorkflowTool_getWorkflowChainDict(self, sorted=True):
     return_dict['chain_%s' % portal_type] = ', '.join(workflow_id_list)
   return return_dict
 
+security.declareProtected(Permissions.ManagePortal, 'getWorkflowChainDict')
 WorkflowTool.getWorkflowChainDict = WorkflowTool_getWorkflowChainDict
 
 WorkflowTool._reindexWorkflowVariables = lambda self, ob: \
@@ -858,6 +867,7 @@ def WorkflowTool_getChainDict(self):
             chain_dict.setdefault(wf_id, []).append(portal_type)
     return chain_dict
 
+security.declareProtected(Permissions.ManagePortal, 'getChainDict')
 WorkflowTool.getChainDict = WorkflowTool_getChainDict
 
 # Backward compatibility, as WorkflowMethod has been removed in CMFCore 2.2
@@ -936,3 +946,5 @@ def _isJumpToStatePossibleFor(self, ob, state_id, wf_id=None):
 
 WorkflowTool._jumpToStateFor = _jumpToStateFor
 WorkflowTool._isJumpToStatePossibleFor = _isJumpToStatePossibleFor
+
+InitializeClass(WorkflowTool)

product/ERP5Type/tests/utils.py

@@ -37,6 +37,8 @@ import sys
 import unittest
 import ZODB
 import zLOG
+from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from App.config import getConfiguration
 from ZConfig.matcher import SectionValue
 from Zope2.Startup.datatypes import ZopeDatabase
@@ -67,6 +69,8 @@ class DummyMailHostMixin(object):
   _previous_message = ()
   _message_list = []
 
+  security = ClassSecurityInfo()
+
   @classmethod
   def _send(cls, mfrom, mto, messageText, immediate=False):
     """Record message in _last_message."""
@@ -84,6 +88,7 @@ class DummyMailHostMixin(object):
         message_text = part.get_payload(decode=1)
     return message_text
 
+  security.declarePrivate('getMessageList')
   @classmethod
   def getMessageList(cls, decode=True):
     """ Return message list"""
@@ -91,6 +96,7 @@ class DummyMailHostMixin(object):
       return [(m[0], m[1], cls._decodeMessage(m[2])) for m in cls._message_list]
     return cls._message_list
 
+  security.declarePrivate('getLastLog')
   @classmethod
   def getLastLog(cls):
     """ Return last message """
@@ -102,6 +108,8 @@ class DummyMailHostMixin(object):
     cls._previous_message = ()
     cls._message_list = []
 
+InitializeClass(DummyMailHostMixin)
+
 class DummyMailHost(DummyMailHostMixin, MailHost):
   pass
 

product/Formulator/Field.py

@@ -172,6 +172,8 @@ class Field:
       else:
         return '%s.%s:record' % (self.field_record, self.id)
 
+    security.declareProtected('Access contents information',
+                              'generate_subfield_key')
     def generate_subfield_key(self, id, validation=0, key=None):
       """Generate the key Silva uses to render a sub field.
          Added key parameter for ERP5 in order to be compatible with listbox/matrixbox
@@ -387,6 +389,7 @@ class Field:
       """
       return self.widget.render_dict(self, value)
 
+    security.declareProtected('View', 'render_from_request')
     def render_from_request(self, REQUEST, key_prefix=None):
         """Convenience method; render the field widget from REQUEST
         (unvalidated data), or default if no raw data is found.

product/Formulator/Form.py

@@ -669,6 +669,7 @@ class ZMIForm(ObjectManager, PropertyManager, RoleManager, Item, Form):
         self.title = title
         self.row_length = 4
 
+    security.declarePublic('all_meta_types')
     def all_meta_types(self):
         """Get all meta types addable to this field. The ZMI uses
         this method (original defined in ObjectManager).

product/Formulator/StandardFields.py

@@ -146,7 +146,7 @@ class DateTimeField(ZMIField):
       self.sub_form = create_datetime_list_sub_form()
       year_field = self.sub_form.get_field('year', include_disabled=1)
       year_field.overrides['items'] = BoundMethod(self,
-                                                  'override_year_items')
+                                                  '_override_year_items')
     else:
       assert 0, "Unknown input_style."
     self.on_value_css_class_changed(self.values['css_class'])
@@ -161,7 +161,7 @@ class DateTimeField(ZMIField):
       field.values['css_class'] = value
       field._p_changed = 1
 
-  def override_year_items(self):
+  def _override_year_items(self):
     """The method gets called to get the right amount of years.
     """
     start_datetime = self.get_value('start_datetime')

product/Localizer/Localizer.py

@@ -146,6 +146,7 @@ class Localizer(LanguageManager, Folder):
 
 
     # New code to control the language policy
+    security.declarePrivate('accept_cookie')
     def accept_cookie(self, accept_language):
         """Add the language from a cookie."""
         lang = self.REQUEST.cookies.get('LOCALIZER_LANGUAGE', None)
@@ -153,6 +154,7 @@ class Localizer(LanguageManager, Folder):
             accept_language.set(lang, 2.0)
 
 
+    security.declarePrivate('accept_path')
     def accept_path(self, accept_language):
         """Add the language from the path."""
         stack = self.REQUEST['TraversalRequestNameStack']
@@ -161,6 +163,7 @@ class Localizer(LanguageManager, Folder):
             accept_language.set(lang, 3.0)
 
 
+    security.declarePrivate('accept_url')
     def accept_url(self, accept_language):
         """Add the language from the URL."""
         lang = self.REQUEST.form.get('LOCALIZER_LANGUAGE')

product/Localizer/MessageCatalog.py

@@ -713,7 +713,9 @@ class MessageCatalog(LanguageManager, ObjectManager, SimpleItem):
     # Backwards compatibility (XXX)
     #######################################################################
 
+    security.declarePublic('hasmsg')
     hasmsg = message_exists
+    security.declarePublic('hasLS')
     hasLS = message_exists  # CMFLocalizer uses it
 
 class POFile(SimpleItem):

product/PortalTransforms/Transform.py

@@ -268,6 +268,7 @@ class Transform(SimpleItem):
         reload(m)
         self._tr_init()
 
+    security.declarePrivate('preprocess_param')
     def preprocess_param(self, kwargs):
         """ preprocess param fetched from an http post to handle optional dictionary
         """

product/PortalTransforms/TransformEngine.py

@@ -184,6 +184,7 @@ class TransformTool(UniqueObject, ActionProviderBase, Folder):
         # return IDataStream object
         return result
 
+    security.declarePrivate('getRequirementListByMimetype')
     def getRequirementListByMimetype(self, origin_mimetype, target_mimetype):
       """Return requirements only if origin_mimetype
       and target_mimetype are matching transform policy
@@ -573,6 +574,7 @@ class TransformTool(UniqueObject, ActionProviderBase, Folder):
             REQUEST['RESPONSE'].redirect(self.absolute_url() +
                 '/manage_editTransformationPolicyForm')
 
+    security.declarePrivate('listPolicies')
     def listPolicies(self):
         """ return the list of defined policies
 
@@ -625,6 +627,7 @@ class TransformTool(UniqueObject, ActionProviderBase, Folder):
             return []
 
     # available mimetypes ####################################################
+    security.declarePrivate('listAvailableTextInputs')
     def listAvailableTextInputs(self):
         """Returns a list of mimetypes that can be used as input for textfields
         by building a list of the inputs beginning with "text/" of all

product/ZSQLCatalog/SQLCatalog.py

@@ -2015,6 +2015,7 @@ class Catalog(Folder,
     ) + list(self.sql_catalog_related_keys)
 
   # Compatibililty SQL Sql
+  security.declarePrivate('getSqlCatalogRelatedKeyList')
   getSqlCatalogRelatedKeyList = getSQLCatalogRelatedKeyList
 
   security.declarePrivate('getSQLCatalogScriptableKeyList')