Commit f84e2f62 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Add more security declarations.

parent 175d43ad
......@@ -73,6 +73,14 @@ if len(delivery_solve_property_dict) or len(divergence_to_accept_list) \\\n
<key> <string>_params</string> </key>
<value> <string>state_change</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Delivery_solveDivergence</string> </value>
......
......@@ -58,6 +58,8 @@ class CredentialRecovery(Ticket, EncryptedPasswordMixin):
, PropertySheet.Url
)
security.declareProtected(Permissions.AccessContentsInformation,
'isAnswerCorrect')
def isAnswerCorrect(self):
'''
Check if the given answer match the real answer
......
......@@ -76,6 +76,14 @@ return \'Done.\'\n
<key> <string>_params</string> </key>
<value> <string>count = 1000</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Zuite_waitForActivities</string> </value>
......
......@@ -31,6 +31,7 @@ import warnings
from contextlib import contextmanager
from AccessControl import ClassSecurityInfo
from Acquisition import aq_base
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
from ActivityRuntimeEnvironment import getActivityRuntimeEnvironment
from AccessControl import Unauthorized
......@@ -58,6 +59,7 @@ class ActiveObject(ExtensionClass.Base):
security = ClassSecurityInfo()
security.declarePublic('activate')
def activate(self, activity=DEFAULT_ACTIVITY, active_process=None,
activate_kw=None, REQUEST=None, **kw):
"""Returns an active wrapper for this object.
......@@ -207,3 +209,5 @@ class ActiveObject(ExtensionClass.Base):
def getActivityRuntimeEnvironment(self):
return getActivityRuntimeEnvironment()
InitializeClass(ActiveObject)
......@@ -808,6 +808,7 @@ class ActivityTool (Folder, UniqueObject):
self.subscribe()
Folder.inheritedAttribute('manage_afterAdd')(self, item, container)
security.declareProtected(CMFCorePermissions.ManagePortal, 'getServerAddress')
def getServerAddress(self):
"""
Backward-compatibility code only.
......@@ -828,6 +829,7 @@ class ActivityTool (Folder, UniqueObject):
_server_address = '%s:%s' %(ip, port)
return _server_address
security.declareProtected(CMFCorePermissions.ManagePortal, 'getCurrentNode')
def getCurrentNode(self):
""" Return current node identifier """
global currentNode
......@@ -848,7 +850,7 @@ class ActivityTool (Folder, UniqueObject):
currentNode = self.getServerAddress()
return currentNode
security.declarePublic('getDistributingNode')
security.declareProtected(CMFCorePermissions.ManagePortal, 'getDistributingNode')
def getDistributingNode(self):
""" Return the distributingNode """
return self.distributingNode
......@@ -977,6 +979,7 @@ class ActivityTool (Folder, UniqueObject):
'/manageLoadBalancing?manage_tabs_message=' +
urllib.quote(message))
security.declarePrivate('process_shutdown')
def process_shutdown(self, phase, time_in_phase):
"""
Prevent shutdown from happening while an activity queue is
......@@ -989,6 +992,7 @@ class ActivityTool (Folder, UniqueObject):
is_running_lock.acquire()
LOG('CMFActivity', INFO, "Shutdown: Activities finished.")
security.declareProtected(CMFCorePermissions.ManagePortal, 'process_timer')
def process_timer(self, tick, interval, prev="", next=""):
"""
Call distribute() if we are the Distributing Node and call tic()
......@@ -1112,6 +1116,7 @@ class ActivityTool (Folder, UniqueObject):
return True
return False
security.declarePrivate('getActivityBuffer')
def getActivityBuffer(self, create_if_not_found=True):
"""
Get activtity buffer for this thread for this activity tool.
......
......@@ -452,6 +452,8 @@ class Category(Folder):
display_id='logical_path',
base=base, **kw)
security.declareProtected(Permissions.AccessContentsInformation,
'getCategoryChildTranslatedLogicalPathItemList')
def getCategoryChildTranslatedLogicalPathItemList(self,
recursive=1, base=0, **kw):
"""
......@@ -652,6 +654,7 @@ class Category(Folder):
# Predicate interface
_operators = []
security.declareProtected(Permissions.AccessContentsInformation, 'test')
def test(self, context):
"""
A Predicate can be tested on a given context
......@@ -799,10 +802,12 @@ class BaseCategory(Category):
# BBB: Required to start instance with old
# version of erp5_property_sheets BT.
related_locally_indexed = False
security.declarePrivate('isRelatedLocallyIndexed')
def isRelatedLocallyIndexed(self):
"""Determines if related values should be indexed on target documents"""
return self.related_locally_indexed
security.declareProtected(Permissions.AccessContentsInformation, 'asSQLExpression')
def asSQLExpression(self, strict_membership=0, table='category', base_category=None):
"""
A Predicate can be rendered as an sql expression. This
......
......@@ -65,7 +65,8 @@ class Agent(Folder, Image):
security.declareProtected(Permissions.AccessContentsInformation, 'viewImage')
viewImage = Image.index_html
security.declareProtected(Permissions.ModifyPortalContent, 'importSignature')
def importSignature(self, import_file=None, form_id=None, REQUEST=None, **kw):
"""
Imports a scan of a signature.
......@@ -89,4 +90,3 @@ class Agent(Folder, Image):
ret_url = self.absolute_url() + '/' + REQUEST.get('form_id', 'view')
REQUEST.RESPONSE.redirect("%s?portal_status_message=Signature+Imported+Successfully"
% ret_url)
......@@ -57,6 +57,8 @@ class BaseCategory(CMFBaseCategory, XMLObject):
, PropertySheet.Predicate)
# Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self):
from zLOG import LOG
LOG("BaseCategory listDAVObjects" ,0, "listDAVObjects")
......
......@@ -56,7 +56,9 @@ class BudgetModel(Predicate):
# Declarative security
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""Return the cell range to use for the budget.
"""
......@@ -74,6 +76,8 @@ class BudgetModel(Predicate):
cell_range.extend(variation_cell_range)
return cell_range
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""Return the cell range to use for the budget consumption.
......@@ -94,6 +98,8 @@ class BudgetModel(Predicate):
cell_range.extend(variation_cell_range)
return cell_range
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell):
"""Returns the query dict to pass to simulation query for a budget cell
"""
......@@ -112,6 +118,8 @@ class BudgetModel(Predicate):
query_dict.setdefault('at_date', start_date_range_max.latestTime())
return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line
"""
......@@ -154,7 +162,9 @@ class BudgetModel(Predicate):
if key:
cell_key += (key,)
return cell_key
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self):
" "
# XXX predicate for line / cell ?
......
......@@ -121,6 +121,8 @@ class BusinessLink(Path, Predicate):
method = getattr(movement, method_id) # We wish to raise if it does not exist
return method()
security.declareProtected(Permissions.AccessContentsInformation,
'getCompletionDate')
def getCompletionDate(self, explanation):
"""Returns the date of completion of business path in the
context of the explanation. The completion date of the Business
......@@ -220,6 +222,7 @@ class BusinessLink(Path, Predicate):
return False
return True
security.declareProtected(Permissions.AccessContentsInformation, 'isDelivered')
def isDelivered(self, explanation):
"""Returns True is all simulation movements related to this
Business Link in the context of given explanation are built
......
......@@ -4804,6 +4804,8 @@ Business Template is a set of definitions, such as skins, portal types and categ
self.workflow_history[
'business_template_installation_workflow'] = None
security.declareProtected(Permissions.AccessContentsInformation,
'getShortRevision')
def getShortRevision(self):
"""Returned a shortened revision"""
r = self.getRevision()
......@@ -4962,12 +4964,14 @@ Business Template is a set of definitions, such as skins, portal types and categ
return self.portal_templates.publish(self, url, username=username,
password=password)
security.declareProtected(Permissions.ManagePortal, 'update')
def update(self):
"""
Update template: download new template definition
"""
return self.portal_templates.update(self)
security.declareProtected(Permissions.ManagePortal, 'isCatalogUpdatable')
def isCatalogUpdatable(self):
"""
Return if catalog will be updated or not by business template installation
......@@ -4985,6 +4989,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
return True
return False
security.declareProtected(Permissions.ManagePortal, 'preinstall')
def preinstall(self, check_dependencies=1, **kw):
"""
Return the list of modified/new/removed object between a Business Template
......@@ -5243,6 +5248,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
result = tuple(result)
return result
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateCatalogMethodIdList')
def getTemplateCatalogMethodIdList(self):
"""
We have to set this method because we want an
......@@ -5250,6 +5256,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_catalog_method_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateBaseCategoryList')
def getTemplateBaseCategoryList(self):
"""
We have to set this method because we want an
......@@ -5257,6 +5264,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_base_category')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateWorkflowIdList')
def getTemplateWorkflowIdList(self):
"""
We have to set this method because we want an
......@@ -5264,6 +5272,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_workflow_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeIdList')
def getTemplatePortalTypeIdList(self):
"""
We have to set this method because we want an
......@@ -5271,6 +5280,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeWorkflowChainList')
def getTemplatePortalTypeWorkflowChainList(self):
"""
We have to set this method because we want an
......@@ -5278,6 +5288,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_workflow_chain')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePathList')
def getTemplatePathList(self):
"""
We have to set this method because we want an
......@@ -5285,6 +5296,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_path')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePreferenceList')
def getTemplatePreferenceList(self):
"""
We have to set this method because we want an
......@@ -5292,6 +5304,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_preference')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeAllowedContentTypeList')
def getTemplatePortalTypeAllowedContentTypeList(self):
"""
We have to set this method because we want an
......@@ -5299,6 +5312,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_allowed_content_type')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeHiddenContentTypeList')
def getTemplatePortalTypeHiddenContentTypeList(self):
"""
We have to set this method because we want an
......@@ -5306,6 +5320,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_hidden_content_type')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypePropertySheetList')
def getTemplatePortalTypePropertySheetList(self):
"""
We have to set this method because we want an
......@@ -5313,6 +5328,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_property_sheet')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeBaseCategoryList')
def getTemplatePortalTypeBaseCategoryList(self):
"""
We have to set this method because we want an
......@@ -5320,6 +5336,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_base_category')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateActionPathList')
def getTemplateActionPathList(self):
"""
We have to set this method because we want an
......@@ -5327,6 +5344,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_action_path')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeRoleList')
def getTemplatePortalTypeRoleList(self):
"""
We have to set this method because we want an
......@@ -5334,6 +5352,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_role')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateLocalRoleList')
def getTemplateLocalRoleList(self):
"""
We have to set this method because we want an
......@@ -5341,6 +5360,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_local_role')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateSkinIdList')
def getTemplateSkinIdList(self):
"""
We have to set this method because we want an
......@@ -5348,6 +5368,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_skin_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateRegisteredSkinSelectionList')
def getTemplateRegisteredSkinSelectionList(self):
"""
We have to set this method because we want an
......@@ -5355,6 +5376,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_registered_skin_selection')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateRegisteredVersionPrioritySelectionList')
def getTemplateRegisteredVersionPrioritySelectionList(self):
"""
We have to set this method because we want an
......@@ -5367,6 +5389,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
except AttributeError:
return ()
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateModuleIdList')
def getTemplateModuleIdList(self):
"""
We have to set this method because we want an
......@@ -5374,6 +5397,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_module_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateMessageTranslationList')
def getTemplateMessageTranslationList(self):
"""
We have to set this method because we want an
......@@ -5381,6 +5405,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_message_translation')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateToolIdList')
def getTemplateToolIdList(self):
"""
We have to set this method because we want an
......@@ -5399,18 +5424,21 @@ Business Template is a set of definitions, such as skins, portal types and categ
return True
return False
security.declarePrivate('isKeepObject')
def isKeepObject(self, path):
"""
Return True if path is included in keep object list.
"""
return self._isInKeepList(self.getTemplateKeepPathList(), path)
security.declarePrivate('isKeepWorkflowObject')
def isKeepWorkflowObject(self, path):
"""
Return True if path is included in keep workflow object list.
"""
return self._isInKeepList(self.getTemplateKeepWorkflowPathList(), path)
security.declarePrivate('isKeepWorkflowObjectLastHistoryOnly')
def isKeepWorkflowObjectLastHistoryOnly(self, path):
"""
Return True if path is included in keep workflow last state only list
......@@ -5418,6 +5446,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
return self._isInKeepList(self.getTemplateKeepLastWorkflowHistoryOnlyPathList(),
path)
security.declarePrivate('getExportPath')
def getExportPath(self):
preferences = self.getPortalObject().portal_preferences
bt_name = self.getTitle()
......@@ -5565,6 +5594,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
self._setRevision(bta.getRevision())
security.declareProtected(Permissions.AccessContentsInformation, 'getItemsList')
def getItemsList(self):
"""Return list of items in business template
"""
......@@ -5575,6 +5605,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
items_list.extend(item.getKeys())
return items_list
security.declareProtected(Permissions.ManagePortal, 'checkDependencies')
def checkDependencies(self):
"""
Check if all the dependencies of the business template
......@@ -5587,6 +5618,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
'Impossible to install %s, please install the following dependencies before: %s' \
%(self.getTitle(), repr(missing_dep_list))
security.declareProtected(Permissions.ManagePortal, 'getMissingDependencyList')
def getMissingDependencyList(self):
"""
Retuns a list of missing dependencies.
......@@ -5613,6 +5645,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
missing_dep_list.append((dependency, version_restriction or ''))
return [' '.join([y for y in x if y]) for x in missing_dep_list]
security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
def diffObjectAsHTML(self, REQUEST, **kw):
"""
Convert diff into a HTML format before reply
......@@ -5621,6 +5654,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()
security.declareProtected(Permissions.ManagePortal, 'diffObject')
def diffObject(self, REQUEST, **kw):
"""
Make a diff between an object in the Business Template
......@@ -5812,6 +5846,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
return diff_msg
security.declareProtected(Permissions.AccessContentsInformation, 'getPortalTypesProperties')
def getPortalTypesProperties(self, **kw):
"""
Fill field about properties for each portal type
......@@ -5902,6 +5937,8 @@ Business Template is a set of definitions, such as skins, portal types and categ
self.setTemplateActionPathList(bt_action_list)
security.declareProtected(Permissions.AccessContentsInformation,
'guessPortalTypes')
def guessPortalTypes(self, **kw):
"""
This method guesses portal types based on modules define in the Business Template
......@@ -5972,6 +6009,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
setattr(self, 'template_portal_type_id', bt_portal_types_id_list)
return
security.declarePrivate('clearPortalTypes')
def clearPortalTypes(self, **kw):
"""
clear id list register for portal types
......
......@@ -145,6 +145,8 @@ class Category(CMFCategory, Predicate, MetaNode, MetaResource):
return None
# Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self):
"""
"""
......
......@@ -56,10 +56,14 @@ class CategoryBudgetVariation(BudgetVariation):
# zope.interface.implements(BudgetVariation, )
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self):
"""This budget variation in a predicate
"""
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""The cell range added by this variation
"""
......@@ -69,6 +73,8 @@ class CategoryBudgetVariation(BudgetVariation):
return [[(i[1], i[0]) for i in item_list if i[1] in variation_category_list]]
return [[i[1] for i in item_list if i[1] in variation_category_list]]
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""The cell range added by this variation for consumption
"""
......@@ -101,6 +107,8 @@ class CategoryBudgetVariation(BudgetVariation):
return [[(i[1], i[0]) for i in item_list if i[0] in used_node_item_set]]
return [[i[1] for i in item_list if i[1] in used_node_item_set]]
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell):
""" Query dict to pass to simulation query
"""
......@@ -144,6 +152,8 @@ class CategoryBudgetVariation(BudgetVariation):
return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line
"""
......@@ -195,6 +205,8 @@ class CategoryBudgetVariation(BudgetVariation):
return query_dict
return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetVariationRangeCategoryList')
def getBudgetVariationRangeCategoryList(self, context):
"""Returns the Variation Range Category List that can be applied to this
budget.
......@@ -216,6 +228,8 @@ class CategoryBudgetVariation(BudgetVariation):
checked_permission='View')
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetLineVariationRangeCategoryList')
def getBudgetLineVariationRangeCategoryList(self, budget_line):
"""Returns the Variation Range Category List that can be applied to this
budget line.
......@@ -246,6 +260,8 @@ class CategoryBudgetVariation(BudgetVariation):
return getattr(portal.portal_categories.unrestrictedTraverse(base_category),
item_list_method)(**item_list_method_parameter_dict)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudgetLine')
def initializeBudgetLine(self, budget_line):
"""Initialize a budget line
"""
......@@ -263,6 +279,8 @@ class CategoryBudgetVariation(BudgetVariation):
budget_line.setMembershipCriterionBaseCategoryList(
budget_line_membership_criterion_base_category_list)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudget')
def initializeBudget(self, budget):
"""Initialize a budget.
"""
......
......@@ -108,6 +108,8 @@ class Container(Movement, XMLObject):
"""
return False
security.declareProtected(Permissions.AccessContentsInformation,
'getContainerText')
def getContainerText(self):
"""
Creates a unique string which allows to compare/hash two containers
......
......@@ -339,6 +339,7 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
divergence_list.extend(simulation_movement.getDivergenceList())
return divergence_list
security.declareProtected(Permissions.AccessContentsInformation, 'updateCausalityState')
@UnrestrictedMethod
def updateCausalityState(self, solve_automatically=True, **kw):
"""
......@@ -369,6 +370,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
if kw:
super(Delivery, self).updateSimulation(**kw)
security.declareProtected(Permissions.AccessContentsInformation,
'splitAndDeferMovementList')
def splitAndDeferMovementList(self, start_date=None, stop_date=None,
movement_uid_list=[], delivery_solver=None,
target_solver='CopyToTarget', delivery_builder=None):
......@@ -757,6 +760,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
"""
pass
security.declareProtected(Permissions.AccessContentsInformation,
'getBuilderList')
def getBuilderList(self):
"""Returns appropriate builder list."""
return self._getTypeBasedMethod('getBuilderList')()
......@@ -832,6 +837,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
result += movement.getDeliveryRelatedValueList()
return result
security.declareProtected(Permissions.AccessContentsInformation,
'getDivergentTesterAndSimulationMovementList')
def getDivergentTesterAndSimulationMovementList(self):
"""
This method returns a list of (tester, simulation_movement) for each divergence.
......
......@@ -465,6 +465,7 @@ class DeliveryLine(Movement, XMLMatrix, ImmobilisationMovement):
delivery_ratio = 1.0 / len(s_m_list_per_movement)
s_m.edit(delivery_ratio=delivery_ratio)
security.declareProtected(Permissions.ModifyPortalContent, 'solve')
def solve(self, decision_list):
"""Solves line according to decision list
"""
......
......@@ -313,7 +313,7 @@ class Document(DocumentExtensibleTraversableMixin, XMLObject, UrlMixin,
text = self.getSearchableText() # XXX getSearchableText or asText ?
return self._getSearchableReferenceList(text)
security.declareProtected(Permissions.AccessContentsInformation, 'getSearchableReferenceList')
security.declareProtected(Permissions.AccessContentsInformation, 'isSearchableReference')
def isSearchableReference(self):
"""
Determine if current document's reference can be used for searching - i.e. follows
......
......@@ -120,6 +120,8 @@ class Domain(Predicate, MetaNode, MetaResource):
domain = self.newContent(id=id, portal_type='Domain', temp_object=1)
return domain.__of__(self)
security.declareProtected(Permissions.AccessContentsInformation,
'getChildDomainValueList')
def getChildDomainValueList(self, parent = None, **kw):
"""
Return child domain objects already present or me may generate
......@@ -130,6 +132,8 @@ class Domain(Predicate, MetaNode, MetaResource):
return self.portal_domains.getChildDomainValueList(parent, **kw)
# Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self):
result = self.objectValues(portal_type = self.getPortalType())
result.extend(self.portal_catalog(selection_domain = self))
......
......@@ -30,6 +30,7 @@ from AccessControl import ClassSecurityInfo
from Products.ERP5Type import Permissions, PropertySheet
from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5.Document.Movement import Movement
from Products.ERP5.Document.EmailDocument import EmailDocument
......@@ -60,6 +61,8 @@ class AcknowledgeableMixin:
return method(**kw)
return None
security.declareProtected(Permissions.AccessContentsInformation,
'hasAcknowledgementActivity')
def hasAcknowledgementActivity(self, user_name=None):
"""
We will check if there is some current activities running or not
......@@ -88,6 +91,8 @@ class AcknowledgeableMixin:
result = True
return result
InitializeClass(AcknowledgeableMixin)
class Event(Movement, EmailDocument, AcknowledgeableMixin):
"""
Event is the base class for all events in ERP5.
......
......@@ -57,6 +57,7 @@ class FIFODeliverySolver(XMLObject):
zope.interface.implements(interfaces.IDeliverySolver,)
# IDeliverySolver Implementation
security.declareProtected(Permissions.AccessContentsInformation, 'getTotalQuantity')
def getTotalQuantity(self):
"""
Move this to mixin
......@@ -66,6 +67,7 @@ class FIFODeliverySolver(XMLObject):
total_quantity += movement.getQuantity()
return total_quantity
security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
def setTotalQuantity(self, new_quantity, activate_kw=None):
"""
"""
......
......@@ -120,12 +120,14 @@ class File(Document, CMFFile):
security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
edit = WorkflowMethod( _edit )
security.declareProtected(Permissions.View, 'get_size')
def get_size(self):
"""
has to be overwritten here, otherwise WebDAV fails
"""
return self.getSize()
security.declareProtected(Permissions.View, 'getcontentlength')
getcontentlength = get_size
def _get_content_type(*args, **kw):
......
......@@ -438,6 +438,7 @@ class Image(TextConvertableMixin, File, OFSImage):
File.PUT(self, REQUEST, RESPONSE)
self._update_image_info()
security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultImageQuality')
def getDefaultImageQuality(self, format=None):
"""
Get default image quality for a format.
......
......@@ -70,6 +70,7 @@ class Item(XMLObject, Amount):
"""
return XMLObject.generateNewId(self, id_group=id_group, default=default, method=method)
security.declareProtected(Permissions.AccessContentsInformation, 'getPrice')
def getPrice(self,context=None,**kw):
"""
Get the Price in the context.
......@@ -84,16 +85,15 @@ class Item(XMLObject, Amount):
if resource is not None:
local_price = resource.getPrice(self.asContext( context=context, **kw))
return local_price
security.declareProtected(Permissions.ModifyPortalContent, 'getRemainingQuantity')
security.declareProtected(Permissions.AccessContentsInformation,
'getRemainingQuantity')
def getRemainingQuantity(self):
"""
Computes the quantity of an item minus quantity of all sub_items
"""
sub_quantity = 0
sub_item_list = [document
for document in self.objectValues()
if document.isItem()]
for sub_item in sub_item_list :
sub_quantity += sub_item.getQuantity()
for sub_item in self.objectValues():
if sub_item.isItem():
sub_quantity += sub_item.getQuantity()
return self.getQuantity() - sub_quantity
......@@ -57,6 +57,7 @@ class MinimisePriceDeliverySolver(FIFODeliverySolver):
zope.interface.implements(interfaces.IDeliverySolver,)
# IDeliverySolver Implementation
security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
def setTotalQuantity(self, new_quantity, activate_kw=None):
"""
"""
......
......@@ -512,6 +512,8 @@ class Movement(XMLObject, Amount, CompositionMixin, AmountGeneratorMixin):
return True
return False
security.declareProtected(Permissions.AccessContentsInformation,
'getDivergenceList')
def getDivergenceList(self):
"""
Return a list of messages that contains the divergences
......
......@@ -45,6 +45,8 @@ class NetConvertedQuantityEquivalenceTester(FloatEquivalenceTester):
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
"""
Returns a list of properties to update on decision_movement
......
......@@ -61,6 +61,8 @@ class NodeBudgetVariation(BudgetVariation):
# zope.interface.implements(BudgetVariation, )
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self):
"""This budget variation in a predicate
"""
......@@ -87,6 +89,8 @@ class NodeBudgetVariation(BudgetVariation):
node_title_method_id = self.getProperty('node_title_method_id', 'getTitle')
return guarded_getattr(node, node_title_method_id)()
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""The cell range added by this variation
"""
......@@ -103,6 +107,8 @@ class NodeBudgetVariation(BudgetVariation):
return [[i for i in node_item_list if i[0] in variation_category_list]]
return [[i[0] for i in node_item_list if i[0] in variation_category_list]]
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""The cell range added by this variation for consumption
"""
......@@ -136,6 +142,8 @@ class NodeBudgetVariation(BudgetVariation):
return [[i for i in node_item_list if i[0] in used_node_item_set]]
return [[i[0] for i in node_item_list if i[0] in used_node_item_set]]
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell):
""" Query dict to pass to simulation query
"""
......@@ -218,6 +226,8 @@ class NodeBudgetVariation(BudgetVariation):
return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line
"""
......@@ -309,6 +319,8 @@ class NodeBudgetVariation(BudgetVariation):
self.getProperty('variation_base_category'),)
return key
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetLineVariationRangeCategoryList')
def getBudgetLineVariationRangeCategoryList(self, budget_line):
"""Returns the Variation Range Category List that can be applied to this
budget line.
......@@ -320,6 +332,8 @@ class NodeBudgetVariation(BudgetVariation):
return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
for node in self._getNodeList(budget_line)]
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetVariationRangeCategoryList')
def getBudgetVariationRangeCategoryList(self, budget):
"""Returns the Variation Range Category List that can be applied to this
budget.
......@@ -331,6 +345,8 @@ class NodeBudgetVariation(BudgetVariation):
return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
for node in self._getNodeList(budget)]
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudgetLine')
def initializeBudgetLine(self, budget_line):
"""Initialize a budget line
"""
......@@ -348,6 +364,8 @@ class NodeBudgetVariation(BudgetVariation):
budget_line.setMembershipCriterionBaseCategoryList(
budget_line_membership_criterion_base_category_list)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudget')
def initializeBudget(self, budget):
"""Initialize a budget.
"""
......
......@@ -67,6 +67,8 @@ class QuantityUnitConversionDefinition(XMLObject):
return default_title
security.declareProtected(Permissions.AccessContentsInformation,
'getConversionRatio')
def getConversionRatio(self):
"""
Compute conversion ratio associated with this definition
......
......@@ -1007,6 +1007,8 @@ class Resource(XMLObject, XMLMatrix, VariatedMixin):
return insert_list
security.declareProtected(Permissions.AccessContentsInformation,
'getQuantityUnitDefinitionRatio')
def getQuantityUnitDefinitionRatio(self, quantity_unit_value):
"""
get the ratio used to define the quantity unit quantity_unit_value.
......
......@@ -93,6 +93,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
, PropertySheet.DeliveryBuilder
)
security.declarePrivate('callBeforeBuildingScript')
def callBeforeBuildingScript(self): # XXX-JPS
"""
Redefine this method, because it seems nothing interesting can be
......@@ -100,6 +101,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
"""
pass
security.declarePrivate('searchMovementList')
@UnrestrictedMethod
def searchMovementList(self, applied_rule_uid=None, **kw):
"""
......@@ -189,6 +191,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
delivery_relative_url,
divergence_to_adopt_list=divergence_to_adopt_list)
security.declareProtected(Permissions.ModifyPortalContent,
'solveDeliveryGroupDivergence')
@UnrestrictedMethod
def solveDeliveryGroupDivergence(self, delivery_relative_url,
property_dict=None):
......@@ -333,6 +337,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
return delivery_list
security.declareProtected(Permissions.ModifyPortalContent,
'solveDivergence')
solveDivergence = UnrestrictedMethod(_solveDivergence)
def _createDelivery(self, delivery_module, movement_list, activate_kw):
......
......@@ -722,6 +722,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
return True
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverProcessValueList')
def getSolverProcessValueList(self, movement=None, validation_state=None):
"""
Returns the list of solver processes which are
......@@ -736,6 +738,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
"""
raise NotImplementedError
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverDecisionValueList')
def getSolverDecisionValueList(self, movement=None, validation_state=None):
"""
Returns the list of solver decisions which apply
......@@ -748,6 +752,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
"""
raise NotImplementedError
security.declareProtected(Permissions.AccessContentsInformation,
'getSolvedPropertyApplicationValueList')
def getSolvedPropertyApplicationValueList(self, movement=None, divergence_tester=None):
"""
Returns the list of documents at which a given divergence resolution
......
......@@ -80,6 +80,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
zope.interface.implements(interfaces.IConfigurable,
)
security.declareProtected(Permissions.AccessContentsInformation,
'getDefaultConfigurationPropertyDict')
def getDefaultConfigurationPropertyDict(self):
"""
Returns a dictionary of default properties for specified
......@@ -92,6 +94,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
else:
return solver_type.getDefaultConfigurationPropertyDict(self)
security.declareProtected(Permissions.AccessContentsInformation,
'getConfigurationPropertyListDict')
def getConfigurationPropertyListDict(self):
"""
Returns a dictionary of possible values for specified
......@@ -104,6 +108,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
else:
return solver_type.getConfigurationPropertyListDict(self)
security.declareProtected(Permissions.AccessContentsInformation,
'searchDeliverySolverList')
def searchDeliverySolverList(self, **kw):
"""
this method returns a list of delivery solvers, as predicates against
......@@ -115,6 +121,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
solver_list = target_solver_type.getDeliverySolverValueList()
return filter(lambda x:x.test(self), solver_list)
security.declareProtected(Permissions.AccessContentsInformation,
'getExplanationMessage')
def getExplanationMessage(self, all=False):
"""
Returns the HTML message that describes the detail of divergences to
......
......@@ -78,6 +78,7 @@ class SolverProcess(XMLObject, ActiveProcess):
)
# Implementation
security.declareProtected(Permissions.ModifyPortalContent, 'buildTargetSolverList')
@UnrestrictedMethod
def buildTargetSolverList(self):
"""
......@@ -176,6 +177,7 @@ class SolverProcess(XMLObject, ActiveProcess):
# ISolver implementation
# Solver Process Workflow Interface
# NOTE: how can we consider that a workflow defines or provides an interface ?
security.declareProtected(Permissions.ModifyPortalContent, 'solve')
def solve(self, activate_kw=None):
"""
Start solving
......@@ -200,6 +202,8 @@ class SolverProcess(XMLObject, ActiveProcess):
activate_kw=activate_kw)
# API
security.declareProtected(Permissions.AccessContentsInformation,
'isSolverDecisionListConsistent')
def isSolverDecisionListConsistent(self):
"""
Returns True is the Solver Process decisions do not
......@@ -208,6 +212,8 @@ class SolverProcess(XMLObject, ActiveProcess):
this helps reducing CPU time.
"""
security.declareProtected(Permissions.ModifyPortalContent,
'buildSolverDecisionList')
def buildSolverDecisionList(self, delivery_or_movement=None):
"""
Build (or rebuild) the solver decisions in the solver process
......
......@@ -51,6 +51,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
, PropertySheet.Configurable
)
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverConflictMessageList')
def getSolverConflictMessageList(self, movement, configuration_mapping, solver_dict, movement_dict):
"""
Returns the list of conflictings messgaes if the solver and configuration_mapping
......@@ -89,6 +91,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
# Return emtpty message list
return ()
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverProcessGroupingKey')
def getSolverProcessGroupingKey(self, movement, configuration_mapping, solver_dict, movement_dict):
"""
Returns a key which can be used to group solvers during the
......@@ -140,6 +144,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
return movement.getRelativeUrl()
security.declareProtected(Permissions.AccessContentsInformation,
'getDefaultConfigurationPropertyDict')
def getDefaultConfigurationPropertyDict(self, configurable):
"""
Returns a dictionary of default properties for specified
......@@ -155,6 +161,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
else:
return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getDefaultConfigurationProperty')
def getDefaultConfigurationProperty(self, property, configurable):
"""
Returns the default value for a given property
......@@ -167,6 +175,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
"""
return self.getDefaultConfigurationPropertyDict().get(property, None)
security.declareProtected(Permissions.AccessContentsInformation,
'getConfigurationPropertyListDict')
def getConfigurationPropertyListDict(self, configurable):
"""
Returns a dictionary of possible values for specified
......@@ -182,6 +192,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
else:
return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getConfigurationPropertyList')
def getConfigurationPropertyList(self, property, configurable):
"""
Returns a list of possible values for a given property
......
......@@ -104,6 +104,8 @@ class TradeCondition(MappedValue, AmountGeneratorMixin, VariatedMixin):
return [x for x in context._findEffectiveSpecialiseValueList()
if x.getPortalType() in portal_type_set]
security.declareProtected(Permissions.AccessContentsInformation,
'getAggregatedAmountList')
def getAggregatedAmountList(self, *args, **kw):
"""
"""
......
......@@ -68,6 +68,8 @@ class TradeModelCell(TradeModelLine):
"""
return 0
security.declareProtected(Permissions.AccessContentsInformation,
'getQuantity')
def getQuantity(self):
"""Overridden getter to return None instead 0 if undefined"""
return self._baseGetQuantity(None)
......
......@@ -101,11 +101,15 @@ class TransformedResource(AmountGeneratorLine):
value += delivery_amount.getConvertedQuantity()
return value
security.declareProtected(Permissions.AccessContentsInformation,
'getBaseApplication')
def getBaseApplication(self):
"""
"""
return self.getBaseApplicationList()[0]
security.declareProtected(Permissions.AccessContentsInformation,
'getBaseApplicationList')
def getBaseApplicationList(self):
"""
"""
......
......@@ -90,6 +90,8 @@ class Url(Coordinate, UrlMixin):
return ("http://www.erp5.org", "mailto:info@erp5.org")
security.declareProtected(Permissions.AccessContentsInformation,
'getUrlString')
def getUrlString(self, default=_marker):
"""Fallback on coordinate_text
"""
......
......@@ -85,6 +85,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
dict(property_name=tested_property))
return None
security.declareProtected(Permissions.AccessContentsInformation,
'generateHashKey')
def generateHashKey(self, movement):
"""
Returns a hash key which can be used to optimise the
......@@ -106,6 +108,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
tested_property))
return 'variation/%r' % (value_list)
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
"""
Returns a list of properties to update on decision_movement
......
......@@ -85,6 +85,7 @@ class CategoryTool(CopyContainer, CMFCategoryTool, BaseTool):
def hasContent(self,id):
return id in self.objectIds()
security.declareProtected(Permissions.AccessContentsInformation, 'getBaseCategoryDict')
@caching_instance_method(
id='portal_categories.getBaseCategoryDict',
cache_factory='erp5_content_long',
......
......@@ -359,6 +359,8 @@ class DomainTool(BaseTool):
return mapped_value
security.declareProtected(Permissions.AccessContentsInformation,
'getChildDomainValueList')
def getChildDomainValueList(self, parent, **kw):
"""
Return child domain objects already present adn thois generetaded dynamically
......@@ -370,6 +372,8 @@ class DomainTool(BaseTool):
return object_list
security.declareProtected(Permissions.AccessContentsInformation,
'getDomainByPath')
def getDomainByPath(self, path, default=_MARKER):
"""
Return the domain object for a given path
......
......@@ -279,6 +279,8 @@ class IdTool(BaseTool):
## XXX Old API deprecated
#backward compatibility
security.declareProtected(Permissions.AccessContentsInformation,
'generateNewLengthIdList')
generateNewLengthIdList = generateNewIdList
security.declareProtected(Permissions.AccessContentsInformation,
......
......@@ -28,6 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
# XXX This Mixin is not finished yet. Added as a reference for the
......@@ -86,3 +87,5 @@ class LogMixin:
"""
method = self.getTypeBasedMethod('parseLogLine')
return method(log_name, log_line)
InitializeClass(LogMixin)
......@@ -110,7 +110,7 @@ class PasswordTool(BaseTool):
def getExpirationDateForKey(self, key=None):
return self._password_request_dict[key][1]
security.declarePublic('mailPasswordResetRequest')
def mailPasswordResetRequest(self, user_login=None, REQUEST=None,
notification_message=None, sender=None,
store_as_event=False,
......@@ -227,33 +227,7 @@ class PasswordTool(BaseTool):
data = ' '.join((str(t), str(r), str(a), str(args)))
return md5(data).hexdigest()
def resetPassword(self, reset_key=None, REQUEST=None):
"""
"""
# XXX-Aurel : is it used ?
if REQUEST is None:
REQUEST = get_request()
user_login, expiration_date = self._password_request_dict.get(reset_key, (None, None))
site_url = self.getPortalObject().absolute_url()
if REQUEST and 'came_from' in REQUEST:
site_url = REQUEST.came_from
if reset_key is None or user_login is None:
ret_url = '%s/login_form' % site_url
return REQUEST.RESPONSE.redirect( ret_url )
# check date
current_date = DateTime()
if current_date > expiration_date:
msg = translateString("Date has expire.")
parameter = urlencode(dict(portal_status_message=msg))
ret_url = '%s/login_form?%s' % (site_url, parameter)
return REQUEST.RESPONSE.redirect( ret_url )
# redirect to form as all is ok
REQUEST.set("password_key", reset_key)
return self.reset_password_form(REQUEST=REQUEST)
security.declareProtected(Permissions.ModifyPortalContent, 'removeExpiredRequests')
def removeExpiredRequests(self):
"""
Browse dict and remove expired request
......@@ -264,6 +238,7 @@ class PasswordTool(BaseTool):
if date < current_date:
del password_request_dict[key]
security.declarePublic('changeUserPassword')
def changeUserPassword(self, password, password_key, password_confirm=None,
user_login=None, REQUEST=None, **kw):
"""
......
......@@ -126,18 +126,26 @@ class SimulationTool(BaseTool):
['Manager',])
BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
security.declareProtected(Permissions.AccessContentsInformation,
'solveDelivery')
def solveDelivery(self, delivery, delivery_solver_name, target_solver_name,
additional_parameters=None, **kw):
"""
XXX obsoleted API
Solves a delivery by calling first DeliverySolver, then TargetSolver
"""
return self._solveMovementOrDelivery(delivery, delivery_solver_name,
target_solver_name, delivery=1,
additional_parameters=additional_parameters, **kw)
security.declareProtected(Permissions.AccessContentsInformation,
'solveMovement')
def solveMovement(self, movement, delivery_solver_name, target_solver_name,
additional_parameters=None, **kw):
"""
XXX obsoleted API
Solves a movement by calling first DeliverySolver, then TargetSolver
"""
return self._solveMovementOrDelivery(movement, delivery_solver_name,
......@@ -1396,6 +1404,8 @@ class SimulationTool(BaseTool):
result = delta_result
return result
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryCacheLag')
def getInventoryCacheLag(self):
"""
Returns a duration, in days, for stock cache management.
......
......@@ -30,6 +30,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import DTMLFile
from Products.ERP5Type.Tool.BaseTool import BaseTool
......@@ -58,6 +59,8 @@ class SolverProcessTool(BaseTool):
manage_overview = DTMLFile( 'explainSolverTool', _dtmldir )
# IDivergenceController implementation
security.declareProtected(Permissions.AccessContentsInformation,
'isDivergent')
def isDivergent(self, delivery_or_movement=None):
"""
Returns True if any of the movements provided
......@@ -73,6 +76,8 @@ class SolverProcessTool(BaseTool):
return True
return False
security.declareProtected(Permissions.AddPortalContent,
'newSolverProcess')
@UnrestrictedMethod
def newSolverProcess(self, delivery_or_movement=None, temp_object=False):
"""
......@@ -107,3 +112,5 @@ class SolverProcessTool(BaseTool):
delivery.setSolverValueList(solver_list)
return new_solver
InitializeClass(SolverProcessTool)
......@@ -31,6 +31,7 @@ import zope.interface
import re
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Tool.TypesTool import TypeProvider
from Products.ERP5 import DeliverySolver
......@@ -55,6 +56,8 @@ class SolverTool(TypeProvider):
zope.interface.implements(interfaces.IDeliverySolverFactory,)
# IDeliverySolverFactory implementation
security.declareProtected(Permissions.AccessContentsInformation,
'newDeliverySolver')
def newDeliverySolver(self, portal_type, movement_list):
"""
Return a new instance of delivery solver of the given
......@@ -73,6 +76,8 @@ class SolverTool(TypeProvider):
tmp_solver.setDeliveryValueList(movement_list)
return tmp_solver
security.declareProtected(Permissions.AccessContentsInformation,
'getDeliverySolverTranslatedItemList')
def getDeliverySolverTranslatedItemList(self, portal_type_list=None):
"""
"""
......@@ -81,6 +86,8 @@ class SolverTool(TypeProvider):
if portal_type_list is None or x in portal_type_list],
key=lambda x:str(x[0]))
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverProcessValueList')
def getSolverProcessValueList(self, delivery_or_movement=None, validation_state=None):
"""
Returns the list of solver processes which are
......@@ -95,6 +102,8 @@ class SolverTool(TypeProvider):
to filter the result
"""
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverDecisionValueList')
def getSolverDecisionValueList(self, delivery_or_movement=None, validation_state=None):
"""
Returns the list of solver decisions which apply
......@@ -107,6 +116,8 @@ class SolverTool(TypeProvider):
to filter the result
"""
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverDecisionApplicationValueList')
def getSolverDecisionApplicationValueList(self, movement, divergence_tester=None):
"""
Returns the list of documents at which a given divergence resolution
......@@ -190,6 +201,8 @@ class SolverTool(TypeProvider):
application_value_level[property_group.getCollectGroupOrder()] = None
# etc. same
security.declareProtected(Permissions.AccessContentsInformation,
'searchTargetSolverList')
def searchTargetSolverList(self, divergence_tester,
simulation_movement,
automatic_solver_only=False, **kw):
......@@ -203,3 +216,5 @@ class SolverTool(TypeProvider):
x.test(simulation_movement, **kw)]
else:
return [x for x in solver_list if x.test(simulation_movement, **kw)]
InitializeClass(SolverTool)
......@@ -113,6 +113,8 @@ class TemplateTool (BaseTool):
security.declareProtected(Permissions.ManagePortal, 'manage_overview')
manage_overview = DTMLFile('explainTemplateTool', _dtmldir)
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplate')
def getInstalledBusinessTemplate(self, title, strict=False, **kw):
"""Returns an installed version of business template of a given title.
......@@ -148,6 +150,8 @@ class TemplateTool (BaseTool):
last_time = t
return last_bt
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplatesList')
def getInstalledBusinessTemplatesList(self):
"""Deprecated.
"""
......@@ -166,16 +170,22 @@ class TemplateTool (BaseTool):
installed_bts.append(bt5)
return installed_bts
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplateList')
def getInstalledBusinessTemplateList(self):
"""Get the list of installed business templates.
"""
return self._getInstalledBusinessTemplateList(only_title=0)
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplateTitleList')
def getInstalledBusinessTemplateTitleList(self):
"""Get the list of installed business templates.
"""
return self._getInstalledBusinessTemplateList(only_title=1)
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplateRevision')
def getInstalledBusinessTemplateRevision(self, title, **kw):
"""
Return the revision of business template installed with the title
......@@ -186,6 +196,8 @@ class TemplateTool (BaseTool):
return bt.getRevision()
return None
security.declareProtected(Permissions.AccessContentsInformation,
'getBuiltBusinessTemplateList')
def getBuiltBusinessTemplateList(self):
"""Get the list of built and not installed business templates.
"""
......@@ -283,6 +295,7 @@ class TemplateTool (BaseTool):
content_type='application/x-erp5-business-template')
business_template.setPublicationUrl(url)
security.declareProtected(Permissions.ManagePortal, 'update')
def update(self, business_template):
"""
Update an existing template from its publication URL.
......@@ -371,6 +384,7 @@ class TemplateTool (BaseTool):
bt.build(no_action=True)
return bt
security.declareProtected('Import/Export objects', 'importBase64EncodedText')
def importBase64EncodedText(self, file_data=None, id=None, REQUEST=None,
batch_mode=False, **kw):
"""
......@@ -380,6 +394,7 @@ class TemplateTool (BaseTool):
return self.importFile(import_file = import_file, id = id, REQUEST = REQUEST,
batch_mode = batch_mode, **kw)
security.declareProtected('Import/Export objects', 'importFile')
def importFile(self, import_file=None, id=None, REQUEST=None,
batch_mode=False, **kw):
"""
......@@ -421,6 +436,7 @@ class TemplateTool (BaseTool):
elif batch_mode:
return bt
security.declareProtected(Permissions.ManagePortal, 'getDiffFilterScriptList')
def getDiffFilterScriptList(self):
"""
Return list of scripts usable to filter diff
......@@ -438,12 +454,14 @@ class TemplateTool (BaseTool):
LOG("TemplateTool", WARNING, "Unable to find %r script" % script_id)
return script_list
security.declareProtected(Permissions.ManagePortal, 'getFilteredDiffAsHTML')
def getFilteredDiffAsHTML(self, diff):
"""
Return the diff filtered by python scripts into html format
"""
return self.getFilteredDiff(diff).toHTML()
security.declareProtected(Permissions.ManagePortal, 'getFilteredDiff')
def getFilteredDiff(self, diff):
"""
Filter the diff using python scripts
......@@ -461,6 +479,7 @@ class TemplateTool (BaseTool):
# DiffFile does not provide yet such feature
return diff_file_object
security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
def diffObjectAsHTML(self, REQUEST, **kw):
"""
Convert diff into a HTML format before reply
......@@ -469,6 +488,7 @@ class TemplateTool (BaseTool):
"""
return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()
security.declareProtected(Permissions.ManagePortal, 'diffObject')
def diffObject(self, REQUEST, **kw):
"""
Make diff between two objects, whose paths are stored in values bt1
......@@ -612,6 +632,7 @@ class TemplateTool (BaseTool):
"""
return b64encode(cPickle.dumps((repository, id)))
security.declarePublic('compareVersionStrings')
def compareVersionStrings(self, version, comparing_string):
"""
comparing_string is like "<= 0.2" | "operator version"
......@@ -755,6 +776,8 @@ class TemplateTool (BaseTool):
raise BusinessTemplateUnknownError, 'The Business Template %s could not be found on repository %s'%(bt[1], bt[0])
return []
security.declareProtected(Permissions.ManagePortal,
'findProviderInBTList')
def findProviderInBTList(self, provider_list, bt_list):
"""
Find one provider in provider_list which is present in
......@@ -968,6 +991,7 @@ class TemplateTool (BaseTool):
#LOG('getUpdatedRepositoryBusinessTemplateList', 0, 'kw = %r' % (kw,))
return self.getRepositoryBusinessTemplateList(update_only=True, **kw)
security.declarePublic('compareVersions')
def compareVersions(self, version1, version2):
"""
Return negative if version1 < version2, 0 if version1 == version2,
......
......@@ -58,6 +58,7 @@ try:
security.declareProtected( Permissions.ManagePortal, 'manage_overview' )
manage_overview = DTMLFile( 'explainTestTool', _dtmldir )
security.declarePublic('getZeleniumVersion')
def getZeleniumVersion(self):
"""Returns the version of the zelenium product
"""
......
......@@ -55,6 +55,7 @@ class TrashTool(BaseTool):
security.declareProtected(Permissions.ManagePortal, 'manage_overview' )
manage_overview = DTMLFile( 'explainTrashTool', _dtmldir )
security.declarePrivate('backupObject')
def backupObject(self, trashbin, container_path, object_id, save, **kw):
"""
Backup an object in a trash bin
......@@ -159,6 +160,7 @@ class TrashTool(BaseTool):
obj._cleanup()
return subobjects_dict
security.declarePrivate('newTrashBin')
def newTrashBin(self, bt_title='trash', bt=None):
"""
Create a new trash bin at upgrade of bt
......@@ -191,6 +193,7 @@ class TrashTool(BaseTool):
)
return trashbin
security.declareProtected(Permissions.ManagePortal, 'getTrashBinObjectsList')
def getTrashBinObjectsList(self, trashbin):
"""
Return a list of trash objects for a given trash bin
......
......@@ -154,6 +154,8 @@ class UrlRegistryTool(BaseTool):
url_list.append(url)
return url_list
security.declareProtected(Permissions.ModifyPortalContent,
'updateUrlRegistryTool')
def updateUrlRegistryTool(self):
"""
Fetch all document path, then call in activities
......
......@@ -30,7 +30,7 @@ from collections import defaultdict, deque
import random
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base, Implicit
from Products.ERP5.AggregatedAmountList import AggregatedAmountList
from Products.ERP5Type import Permissions, interfaces
......
......@@ -28,7 +28,7 @@
##############################################################################
from Products.CMFCore.utils import getToolByName
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from OFS.Image import Pdata
from cStringIO import StringIO
......
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, PropertySheet
from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Type.Core.Predicate import Predicate
......@@ -150,6 +150,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
def getRelatedBusinessLinkValueList(self):
return self.getDeliveryBuilderRelatedValueList(portal_type='Business Link')
security.declarePrivate('callBeforeBuildingScript')
def callBeforeBuildingScript(self):
"""
Call a script on the module, for example, to remove some
......@@ -284,8 +285,10 @@ class BuilderMixin(XMLObject, Amount, Predicate):
return movement_list
security.declarePrivate('searchMovementList')
searchMovementList = UnrestrictedMethod(_searchMovementList)
security.declarePrivate('collectMovement')
def collectMovement(self, movement_list):
"""
group movements in the way we want. Thanks to this method, we are able
......@@ -366,6 +369,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
for movement_group_node in movement_group_node_list]
return instance, self._getSortedPropertyDict(property_dict_list)
security.declarePrivate('buildDeliveryList')
@UnrestrictedMethod
def buildDeliveryList(self, movement_group_node,
delivery_relative_url_list=None,
......@@ -717,6 +721,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
# Update properties on object (quantity, price...)
delivery_movement._edit(force_update=1, **property_dict)
security.declarePrivate('callAfterBuildingScript')
@UnrestrictedMethod
def callAfterBuildingScript(self, delivery_list, movement_list=(), **kw):
"""
......
......@@ -33,7 +33,7 @@ import string
from Acquisition import aq_base
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
from OFS.Image import Pdata, Image as OFSImage
......
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base
from Products.ERP5Type import Permissions
from Products.ERP5Type.Cache import transactional_cached
......
......@@ -28,7 +28,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping
......
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import normaliseUrl
from Products.ERP5Type.DateUtils import convertDateToHour,\
......
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from ZODB.POSException import ConflictError
from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import convertToUpperCase
......
......@@ -28,7 +28,7 @@
##############################################################################
from Products.CMFCore.utils import getToolByName
from AccessControl import ClassSecurityInfo, Unauthorized
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from OFS.Image import Pdata
from cStringIO import StringIO
......@@ -85,7 +85,8 @@ class DocumentMixin:
if LOCK_PERMISSION_KEY in transaction_variable:
del transaction_variable[LOCK_PERMISSION_KEY]
return result
security.declareProtected(Permissions.AccessContentsInformation, 'getFailsafeConversion')
def getFailsafeConversion(self, **kw):
"""
Return a failure resistent conversion of a document
......
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from warnings import warn
......@@ -59,7 +59,7 @@ class DocumentProxyMixin:
return self.getProxiedDocumentValue()
security.declareProtected(Permissions.AccessContentsInformation,
'getProxiedDocument' )
'getProxiedDocumentValue')
def getProxiedDocumentValue(self):
"""
Try to retrieve the original document
......
......@@ -27,7 +27,7 @@
#
##############################################################################
from AccessControl import ClassSecurityInfo, Unauthorized
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import fill_args_from_request
from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders,\
......
......@@ -31,7 +31,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.AuthEncoding import pw_encrypt, pw_validate
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping
......@@ -55,6 +55,7 @@ class EncryptedPasswordMixin:
return pw_validate(self.getPassword(), value)
return False
security.declareProtected(Permissions.SetOwnPassword, 'checkPasswordValueAcceptable')
def checkPasswordValueAcceptable(self, value):
"""
Check the password. This method is defined explicitly, because:
......
......@@ -28,7 +28,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.DivergenceMessage import DivergenceMessage
from Products.ERP5Type.Message import Message
......@@ -47,6 +47,7 @@ class EquivalenceTesterMixin:
zope.interface.implements(interfaces.IEquivalenceTester,)
# Implementation of IEquivalenceTester
security.declarePrivate('testEquivalence')
def testEquivalence(self, simulation_movement):
"""
Tests if simulation_movement is divergent. Returns False (0)
......@@ -59,6 +60,7 @@ class EquivalenceTesterMixin:
"""
return self.explain(simulation_movement) is not None
security.declarePrivate('explain')
def explain(self, simulation_movement):
"""
Returns a single message which explain the nature of
......@@ -99,6 +101,7 @@ class EquivalenceTesterMixin:
"""
return movement.getProperty(property)
security.declarePrivate('generateHashKey')
def generateHashKey(self, movement):
"""
Returns a hash key which can be used to optimise the
......@@ -117,6 +120,7 @@ class EquivalenceTesterMixin:
value = self._getTestedPropertyValue(movement, tested_property)
return '%s/%r' % (tested_property, value)
security.declarePrivate('compare')
def compare(self, prevision_movement, decision_movement):
"""
Returns True if prevision_movement and delivery_movement
......@@ -136,6 +140,7 @@ class EquivalenceTesterMixin:
"""
return (self._compare(prevision_movement, decision_movement) is None)
security.declarePrivate('update')
def update(self, prevision_movement, decision_movement):
"""
Updates decision_movement with properties from
......@@ -164,6 +169,8 @@ class EquivalenceTesterMixin:
decision_movement.edit(
**self.getUpdatablePropertyDict(prevision_movement, decision_movement))
security.declareProtected(Permissions.AccessContentsInformation,
'getExplanationMessage')
def getExplanationMessage(self, simulation_movement):
"""
Returns the HTML message that describes the detail of the
......@@ -201,6 +208,8 @@ class EquivalenceTesterMixin:
"""
raise NotImplementedError
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
"""
Returns a mapping of properties to update on decision_movement so that next
......
......@@ -28,7 +28,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces
class ExplainableMixin:
......
......@@ -35,7 +35,7 @@ from Products.ERP5Type.ExtensibleTraversable import ExtensibleTraversableMixIn
from Products.ERP5Type.Cache import getReadOnlyTransactionCache
from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.SecurityManagement import newSecurityManager, setSecurityManager
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders, _ViewEmulator
from OFS.Image import File as OFSFile
......
......@@ -30,7 +30,7 @@
from Products.ERP5Type import Permissions
from AccessControl.AuthEncoding import pw_validate
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
class LoginAccountProviderMixin:
"""
......@@ -87,7 +87,8 @@ class LoginAccountProviderMixin:
if not len(result_code_list):
return True
return False
security.declareProtected(Permissions.SetOwnPassword, 'analyzePassword')
def analyzePassword(self, password, **kw):
"""
Analyze password validity.
......
......@@ -28,7 +28,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5.MovementCollectionDiff import (
MovementCollectionDiff, _getPropertyAndCategoryList)
......@@ -52,6 +52,8 @@ class MovementCollectionUpdaterMixin:
zope.interface.implements(interfaces.IMovementCollectionUpdater,)
# Implementation of IMovementCollectionUpdater
security.declareProtected(Permissions.AccessContentsInformation,
'getMovementCollectionDiff')
def getMovementCollectionDiff(self, context, rounding=False,
movement_generator=None):
"""
......@@ -147,6 +149,8 @@ class MovementCollectionUpdaterMixin:
return movement_collection_diff
security.declareProtected(Permissions.ModifyPortalContent,
'updateMovementCollection')
def updateMovementCollection(self, context, rounding=False,
movement_generator=None):
"""
......
......@@ -29,7 +29,7 @@
from DateTime import DateTime
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.Message import Message
......@@ -237,7 +237,7 @@ class PeriodicityMixin:
return [(Message(domain='erp5_ui', message=x), x) \
for x in self.getWeekDayList()]
security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayItemList')
security.declareProtected(Permissions.AccessContentsInformation, 'getMonthItemList')
def getMonthItemList(self):
"""
returns something like [('January', 1), ('February', 2),...]
......
......@@ -28,7 +28,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping
......
......@@ -29,7 +29,7 @@
import transaction
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Base import Base
......@@ -158,6 +158,8 @@ class RuleMixin(Predicate):
movement_type = 'Simulation Movement'
# Implementation of IRule
security.declareProtected(Permissions.ModifyPortalContent,
'constructNewAppliedRule')
def constructNewAppliedRule(self, context, **kw):
"""
Create a new applied rule in the context.
......@@ -190,6 +192,8 @@ class RuleMixin(Predicate):
return False
return super(RuleMixin, self).test(*args, **kw)
security.declareProtected(Permissions.ModifyPortalContent,
'expand')
def expand(self, applied_rule, expand_policy=None, **kw):
"""
Expand this applied rule to create new documents inside the
......@@ -473,6 +477,7 @@ class RuleMixin(Predicate):
new_movement = self._newProfitAndLossMovement(prevision_movement)
movement_collection_diff.addNewMovement(new_movement)
InitializeClass(RuleMixin)
class SimulableMixin(Base):
security = ClassSecurityInfo()
......@@ -553,6 +558,8 @@ class SimulableMixin(Base):
if not movement.aq_inContextOf(applied_rule):
movement.recursiveReindexObject(activate_kw=activate_kw)
security.declareProtected( Permissions.AccessContentsInformation,
'getRuleReference')
def getRuleReference(self):
"""Returns an appropriate rule reference
......@@ -609,4 +616,4 @@ class SimulableMixin(Base):
o.getParentValue().deleteContent(o.getId())
super(SimulableMixin, self).manage_beforeDelete(item, container)
InitializeClass(RuleMixin)
InitializeClass(SimulableMixin)
......@@ -29,7 +29,7 @@
import zope.interface
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.UnrestrictedMethod import super_user
from Products.ERP5Type.XMLObject import XMLObject
......@@ -58,6 +58,8 @@ class SolverMixin(object):
def getPortalTypeValue(self):
return self.getPortalObject().portal_solvers._getOb(self.getPortalType())
security.declareProtected(Permissions.AccessContentsInformation,
'searchDeliverySolverList')
def searchDeliverySolverList(self, **kw):
"""
this method returns a list of delivery solvers
......@@ -70,6 +72,8 @@ class SolverMixin(object):
solver_list = target_solver_type.getDeliverySolverValueList()
return solver_list
InitializeClass(SolverMixin)
class ConfigurablePropertySolverMixin(SolverMixin,
ConfigurableMixin,
XMLObject):
......@@ -118,4 +122,4 @@ class ConfigurablePropertySolverMixin(SolverMixin,
tested_property_list = portal_type.getTestedPropertyList()
return tested_property_list
InitializeClass(SolverMixin)
InitializeClass(ConfigurablePropertySolverMixin)
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from warnings import warn
......
......@@ -28,7 +28,7 @@
import warnings
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.CMFActivity.ActivityTool import ActivityTool
from Products.ERP5Type import Permissions
try:
......
......@@ -28,7 +28,7 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import normaliseUrl
......@@ -133,6 +133,8 @@ class UrlMixin:
url_string = self.getUrlString()
return '/'.join(url_string.split('/')[1:])
security.declareProtected(Permissions.AccessContentsInformation,
'asNormalisedURL')
def asNormalisedURL(self, base_url=None):
"""
call normaliseUrl with raw url
......
......@@ -29,7 +29,7 @@
from warnings import warn
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.CMFCategory.Renderer import Renderer
from Products.ERP5Type import interfaces, Permissions, PropertySheet
import zope.interface
......
......@@ -31,7 +31,7 @@
_marker=[]
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.Core.Folder import Folder
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
......
......@@ -314,6 +314,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
, 'manage_schema')
manage_schema = DTMLFile('dtml/manageSchema', globals())
security.declarePublic('getPreferredSQLCatalogId')
def getPreferredSQLCatalogId(self, id=None):
"""
Get the SQL Catalog from preference.
......@@ -366,6 +367,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return result
# Schema Management
security.declareProtected(Permissions.ManagePortal, 'editColumn')
def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
"""
Modifies a schema column of the catalog
......@@ -379,17 +381,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
new_schema.append(new_c)
self.setColumnList(new_schema)
security.declareProtected(Permissions.ManagePortal, 'setColumnList')
def setColumnList(self, column_list):
"""
"""
self._sql_schema = column_list
security.declarePublic('getColumnList')
def getColumnList(self):
"""
"""
if not hasattr(self, '_sql_schema'): self._sql_schema = []
return self._sql_schema
security.declarePublic('getColumn')
def getColumn(self, column_id):
"""
"""
......@@ -398,6 +403,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return c
return None
security.declareProtected(Permissions.ManagePortal, 'editIndex')
def editIndex(self, index_id, sql_definition, REQUEST=None, RESPONSE=None):
"""
Modifies the schema of the catalog
......@@ -411,17 +417,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
new_index.append(new_c)
self.setIndexList(new_index)
security.declareProtected(Permissions.ManagePortal, 'setIndexList')
def setIndexList(self, index_list):
"""
"""
self._sql_index = index_list
security.declarePublic('getIndexList')
def getIndexList(self):
"""
"""
if not hasattr(self, '_sql_index'): self._sql_index = []
return self._sql_index
security.declarePublic('getIndex')
def getIndex(self, index_id):
"""
"""
......@@ -512,6 +521,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return allowedRolesAndUsers, role_column_dict, local_role_column_dict
security.declarePublic('getSecurityUidDictAndRoleColumnDict')
def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, local_roles=None):
"""
Return a dict of local_roles_group_id -> security Uids and a
......
......@@ -86,10 +86,12 @@ class Preference( Folder ):
self._clearCache()
Folder._edit(self, **kw)
security.declareProtected(Permissions.ModifyPortalContent, 'enable')
def enable(self, **kw):
"""Workflow method"""
self._clearCache()
security.declareProtected(Permissions.ModifyPortalContent, 'disable')
def disable(self, **kw):
"""Workflow method"""
self._clearCache()
......@@ -710,6 +710,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
return ret
# Utilities
security.declareProtected('View', 'ErrorFields')
def ErrorFields(self, validation_errors):
"""
Create a dictionnary of validation_errors
......@@ -788,6 +789,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
manage_FTPput = PUT
security.declarePrivate('getSimilarSkinFolderIdList')
def getSimilarSkinFolderIdList(self):
"""
Find other skins id installed in the same time
......
......@@ -412,6 +412,7 @@ class ProxyField(ZMIField):
"""
return self.getTemplateField().get_error_names()
security.declareProtected('Access contents information', 'getTemplateField')
def getTemplateField(self, cache=True):
"""
Return template field of the proxy field.
......@@ -478,6 +479,7 @@ class ProxyField(ZMIField):
self._setTemplateFieldCache(proxy_field)
return proxy_field
security.declareProtected('Access contents information', 'getRecursiveTemplateField')
def getRecursiveTemplateField(self):
"""
Return template field of the proxy field.
......@@ -639,6 +641,7 @@ class ProxyField(ZMIField):
else:
return None
security.declareProtected('Access contents information', 'getFieldValue')
def getFieldValue(self, field, id, **kw):
"""
Return a callable expression and cacheable boolean flag
......
......@@ -1197,6 +1197,7 @@ class SelectionTool( BaseTool, SimpleItem ):
return md5(str(sorted(map(str, uid_list)))).hexdigest()
# Related document searching
security.declarePublic('viewSearchRelatedDocumentDialog')
def viewSearchRelatedDocumentDialog(self, index, form_id,
REQUEST=None, sub_index=None, **kw):
"""
......@@ -1433,6 +1434,7 @@ class SelectionTool( BaseTool, SimpleItem ):
tv['_user_id'] = user_id
return user_id
security.declarePrivate('getTemporarySelectionDict')
def getTemporarySelectionDict(self):
""" Temporary selections are used in push/pop nested scope,
to prevent from editting for stored selection in the scope.
......@@ -1794,7 +1796,7 @@ for x in SelectionTool.__dict__:
if x in method_id_filter_list:
continue
roles = getattr(SelectionTool, '%s__roles__' % x, None)
if roles is None:
if roles is None or roles == ():
continue
if roles.__name__ == ERP5Permissions.ManagePortal:
continue
......
......@@ -2495,6 +2495,7 @@ return 1
kw['portal_type'] = "Spreadsheet"
new_document = self.portal.Base_contribute(**kw)
self.assertEqual(new_document.getValidationState(), 'draft')
self.tic()
# make it read only
document.manage_permission(Permissions.ModifyPortalContent, [])
......
......@@ -78,6 +78,7 @@ class ERP5GroupManager(BasePlugin):
#
# IGroupsPlugin implementation
#
security.declarePrivate('getGroupsForPrincipal')
def getGroupsForPrincipal(self, principal, request=None):
""" See IGroupsPlugin.
"""
......
......@@ -209,6 +209,7 @@ class ERP5UserFactory(BasePlugin):
self._id = self.id = id
self.title = title
security.declarePrivate('createUser')
def createUser( self, user_id, name ):
""" See IUserFactoryPlugin
"""
......
......@@ -809,12 +809,16 @@ class Base( CopyContainer,
getId = BaseAccessor.Getter('getId', 'id', 'string')
# Debug
security.declareProtected(Permissions.AccessContentsInformation,
'getOid')
def getOid(self):
"""
Return ODB oid
"""
return self._p_oid
security.declareProtected(Permissions.AccessContentsInformation,
'getOidRepr')
def getOidRepr(self):
"""
Return ODB oid, in an 'human' readable form.
......@@ -822,10 +826,14 @@ class Base( CopyContainer,
from ZODB.utils import oid_repr
return oid_repr(self._p_oid)
security.declareProtected(Permissions.AccessContentsInformation,
'getSerial')
def getSerial(self):
"""Return ODB Serial."""
return self._p_serial
security.declareProtected(Permissions.AccessContentsInformation,
'getHistorySerial')
def getHistorySerial(self):
"""Return ODB Serial, in the same format used for history keys"""
return '.'.join([str(x) for x in unpack('>HHHH', self._p_serial)])
......@@ -1378,6 +1386,8 @@ class Base( CopyContainer,
# Accessors are not workflow methods by default
# Ping provides a dummy method to trigger automatic methods
# XXX : maybe an empty edit is enough (self.edit())
security.declareProtected(Permissions.AccessContentsInformation,
'ping')
def ping(self):
pass
......@@ -1565,6 +1575,8 @@ class Base( CopyContainer,
"""
return self
security.declareProtected(Permissions.AccessContentsInformation,
'getDocumentInstance')
def getDocumentInstance(self):
"""
Returns self
......@@ -1584,6 +1596,8 @@ class Base( CopyContainer,
assert mount_point._getMountedConnection(connection) is connection
return mount_point._traverseToMountedRoot(connection.root(), None)
security.declareProtected(Permissions.AccessContentsInformation,
'asSQLExpression')
def asSQLExpression(self, strict_membership=0, table='category', base_category = None):
"""
Any document can be used as a Category. It can therefore
......@@ -3266,6 +3280,8 @@ class Base( CopyContainer,
self._p_changed = 1
# Helpers
security.declareProtected(Permissions.AccessContentsInformation,
'getQuantityPrecisionFromResource')
def getQuantityPrecisionFromResource(self, resource, d=2):
"""
Provides a quick access to precision without accessing the resource
......
......@@ -383,28 +383,6 @@ class CopyContainer:
group_method_id='portal_catalog/uncatalogObjectList',
serialization_tag=self.getRootDocumentPath()).unindexObject(uid=uid)
security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
def moveObject(self, idxs=None):
"""
Reindex the object in the portal catalog.
If idxs is present, only those indexes are reindexed.
The metadata is always updated.
Also update the modification date of the object,
unless specific indexes were requested.
Passes is_object_moved to catalog to force
reindexing without creating new uid
"""
if idxs is None: idxs = []
if idxs == []:
# Update the modification date.
if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
self.notifyModified()
catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
if catalog is not None:
catalog.moveObject(self, idxs=idxs)
def _notifyOfCopyTo(self, container, op=0):
"""Overiden to track object cut and pastes, and update related
content accordingly.
......
......@@ -86,18 +86,21 @@ class ActionInformation(XMLObject):
# XXX Following getAction/getCondition/getIcon are problably not useful
# because properties should already be cleaned up during migration
# or installation from BT.
security.declareProtected(AccessContentsInformation, 'getAction')
def getAction(self):
"""Overridden getter for 'action' to clean null values"""
if getattr(aq_base(self), 'action', None) == '':
del self.action
return self._baseGetAction()
security.declareProtected(AccessContentsInformation, 'getCondition')
def getCondition(self):
"""Overridden getter for 'condition' to clean null values"""
if getattr(aq_base(self), 'condition', None) == '':
del self.condition
return self._baseGetCondition()
security.declareProtected(AccessContentsInformation, 'getIcon')
def getIcon(self):
"""Overridden getter for 'icon' to clean null values"""
if getattr(aq_base(self), 'icon', None) == '':
......
......@@ -61,6 +61,7 @@ class CacheFactory(XMLObject):
, PropertySheet.SortIndex
)
security.declareProtected(Permissions.AccessContentsInformation, 'getCacheId')
def getCacheId(self):
"""
Get a common Cache Factory / Cache Bag ID in this
......@@ -94,6 +95,7 @@ class CacheFactory(XMLObject):
for cache_plugin in cache_plugin_list:
cache_plugin.set(cache_id, value)
security.declareProtected(Permissions.AccessContentsInformation, 'getCachePluginList')
def getCachePluginList(self, allowed_type_list=None):
""" get ordered list of installed cache plugins in ZODB """
if allowed_type_list is None:
......
......@@ -587,13 +587,15 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
""" Create a new content """
# Create data structure if none present
return FolderMixIn.newContent(self, *args, **kw)
security.declareProtected(Permissions.AccessContentsInformation, 'isBTree')
def isBTree(self):
"""
Tell if we are a BTree
"""
return self._folder_handler == BTREE_HANDLER
security.declareProtected(Permissions.AccessContentsInformation, 'isHBTree')
def isHBTree(self):
"""
Tell if we are a HBTree
......@@ -1386,6 +1388,28 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
'recursiveImmediateReindexObject', None) is not None:
c.recursiveImmediateReindexObject(**kw)
security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
def moveObject(self, idxs=None):
"""
Reindex the object in the portal catalog.
If idxs is present, only those indexes are reindexed.
The metadata is always updated.
Also update the modification date of the object,
unless specific indexes were requested.
Passes is_object_moved to catalog to force
reindexing without creating new uid
"""
if idxs is None: idxs = []
if idxs == []:
# Update the modification date.
if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
self.notifyModified()
catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
if catalog is not None:
catalog.moveObject(self, idxs=idxs)
security.declareProtected( Permissions.ModifyPortalContent,
'recursiveMoveObject' )
def recursiveMoveObject(self):
......@@ -1513,46 +1537,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
strict_membership=strict_membership))
return "( %s )" % result
def mergeContent(self,from_object=None,to_object=None, delete=1,**kw):
"""
This method will merge two objects.
When we have to different objects wich represent the same content, we
may want to merge them. In this case, we want to be sure to report
"""
if from_object is None or to_object is None:
return
from_object_related_object_list = self.portal_categories\
.getRelatedValueList(from_object)
to_object_url = to_object.getRelativeUrl()
from_object_url = from_object.getRelativeUrl()
corrected_list = []
for object in from_object_related_object_list:
#LOG('Folder.mergeContent, working on object:',0,object)
new_category_list = []
found = 0
for category in object.getCategoryList(): # so ('destination/person/1',...)
#LOG('Folder.mergeContent, working on category:',0,category)
linked_object_url = '/'.join(category.split('/')[1:])
if linked_object_url == from_object_url:
base_category = category.split('/')[0]
found = 1
new_category_list.append(base_category + '/' + to_object_url)
else:
new_category_list.append(category)
if found:
corrected_list.append(object)
object.setCategoryList(new_category_list)
object.immediateReindexObject()
if delete:
if len(from_object.portal_categories.getRelatedValueList(from_object))==0:
parent = from_object.getParentValue()
parent.manage_delObjects(from_object.getId())
return corrected_list
security.declareProtected( Permissions.AccessContentsInformation,
'objectValues' )
def objectValues(self, spec=None, meta_type=None, portal_type=None,
......
......@@ -355,12 +355,14 @@ class Predicate(XMLObject):
security.declareProtected( Permissions.AccessContentsInformation, 'asSqlJoinExpression' )
asSqlJoinExpression = asSQLJoinExpression
security.declareProtected(Permissions.AccessContentsInformation, 'searchResults')
def searchResults(self, **kw):
"""
"""
portal_catalog = getToolByName(self, 'portal_catalog')
return portal_catalog.searchResults(build_sql_query_method=self.buildSQLQuery,**kw)
security.declareProtected(Permissions.AccessContentsInformation, 'countResults')
def countResults(self, REQUEST=None, used=None, **kw):
"""
"""
......@@ -600,6 +602,7 @@ class Predicate(XMLObject):
def _asPredicate(self):
return self
security.declareProtected(Permissions.AccessContentsInformation, 'searchPredicate')
def searchPredicate(self, **kw):
"""
Returns a list of documents matching the predicate
......
......@@ -76,6 +76,7 @@ class RoleInformation(XMLObject):
value = value and Expression(value) or None
self._baseSetCondition(value)
security.declareProtected(AccessContentsInformation, 'getCondition')
def getCondition(self):
"""Overridden getter for 'condition' to clean null values"""
if getattr(aq_base(self), 'condition', None) == '':
......
......@@ -86,6 +86,8 @@ class StandardProperty(IdAsReferenceMixin('_property'), XMLObject):
getDescription = Base.Getter('getDescription', 'description', 'string',
default='')
security.declareProtected(Permissions.AccessContentsInformation,
'getElementaryType')
def getElementaryType(self):
"""
Define this getter manually as it is not possible to rely on
......
......@@ -75,7 +75,7 @@ class LocalRoleAssignorMixIn(object):
zope.interface.implements(interfaces.ILocalRoleAssignor)
security.declarePrivate('updateLocalRolesOnObject')
security.declarePrivate('updateLocalRolesOnDocument')
@UnrestrictedMethod
def updateLocalRolesOnDocument(self, ob, user_name=None, reindex=True, activate_kw=()):
"""
......@@ -209,6 +209,8 @@ class LocalRoleAssignorMixIn(object):
role.uid = None
return self[self._setObject(role.id, role, set_owner=0)]
InitializeClass(LocalRoleAssignorMixIn)
class ERP5TypeInformation(XMLObject,
FactoryTypeInformation,
LocalRoleAssignorMixIn,
......
......@@ -199,6 +199,7 @@ class CacheTool(BaseTool):
if REQUEST is not None:
self.REQUEST.RESPONSE.redirect('cache_tool_configure?manage_tabs_message=Cache factory scope %s cleared.' %cache_factory_id)
security.declareProtected(Permissions.AccessContentsInformation, 'getCacheTotalMemorySize')
def getCacheTotalMemorySize(self, REQUEST=None):
""" Calculate total size of memory used for cache.
......
......@@ -191,6 +191,7 @@ class SessionTool(BaseTool):
session._updatecontext(self)
return session
security.declarePrivate('getSession')
def getSession(self, session_id, session_duration=None):
""" Return session object. """
storage_plugin = self._getStoragePlugin()
......@@ -216,6 +217,7 @@ class SessionTool(BaseTool):
session = session.getValue()
return session
security.declarePublic('newContent')
def newContent(self, id, **kw):
""" Create new session object. """
session = self.getSession(id)
......
......@@ -89,6 +89,8 @@ class WebServiceTool(BaseTool):
security.declareProtected(Permissions.ManagePortal, 'manage_overview')
manage_overview = DTMLFile('explainWebServiceTool', _dtmldir )
security.declareProtected(Permissions.AccessContentsInformation,
'getConnectionPluginList')
def getConnectionPluginList(self):
"""
Return list of available connection plugins
......@@ -97,6 +99,7 @@ class WebServiceTool(BaseTool):
plugin_list.sort()
return plugin_list
security.declareProtected(Permissions.ManagePortal, 'connect')
def connect(self, url, user_name=None, password=None, transport=None, transport_kw=None):
"""
Connect to remote instances
......
......@@ -17,6 +17,7 @@ import re
import transaction
from Acquisition import aq_parent, aq_inner, aq_base
from AccessControl import ClassSecurityInfo, ModuleSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, PropertySheet, Constraint
from Products.CMFCore.PortalContent import ResourceLockedError
from Products.CMFCore.utils import getToolByName
......@@ -193,6 +194,8 @@ class TextContent:
""" Used for FTP and apparently the ZMI now too """
return len(self.manage_FTPget())
InitializeClass(TextContent)
from webdav.common import Locked, PreconditionFailed
from webdav.interfaces import IWriteLock
from webdav.NullResource import NullResource
......
......@@ -32,6 +32,7 @@
from __future__ import absolute_import
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5.mixin.property_recordable import PropertyRecordableMixin
from Products.ERP5Type import Permissions
from Products.ERP5Type.Base import Base
......@@ -399,3 +400,5 @@ class ComponentMixin(PropertyRecordableMixin, Base):
rev = historicalRevision(self, serial)
return rev.getTextContent()
InitializeClass(ComponentMixin)
......@@ -16,8 +16,13 @@ import logging
logger = logging.getLogger(__name__)
from Products.ERP5Type.Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from Products.CMFCore.ActionsTool import ActionsTool
from Products.CMFCore.interfaces import IActionProvider
from Products.CMFCore.permissions import ManagePortal
security = ClassSecurityInfo()
def migrateNonProviders(portal_actions):
portal_actions_path = '/'.join(portal_actions.getPhysicalPath())
......@@ -100,4 +105,8 @@ def reorderActions(self, REQUEST=None):
return self.manage_editActionsForm(REQUEST,
manage_tabs_message='Actions reordered.')
security.declareProtected(ManagePortal, 'reorderActions')
ActionsTool.reorderActions = reorderActions
ActionsTool.security = security
InitializeClass(ActionsTool)
......@@ -25,6 +25,8 @@ Patch CookieCrumbler to prevent came_from to appear in the URL
when ERP5 runs in "require_referer" mode.
"""
from AccessControl.SecurityInfo import ClassSecurityInfo
from App.class_init import InitializeClass
from Products.CMFCore.CookieCrumbler import CookieCrumbler
from Products.CMFCore.CookieCrumbler import CookieCrumblerDisabled
from urllib import quote, unquote
......@@ -43,6 +45,8 @@ class PatchedCookieCrumbler(CookieCrumbler):
"""
pass
security = ClassSecurityInfo()
def getLoginURL(self):
'''
Redirects to the login page.
......@@ -68,6 +72,7 @@ def getLoginURL(self):
return url
return None
security.declarePublic('getLoginURL')
CookieCrumbler.getLoginURL = getLoginURL
def balancer_cookie_hook(ob, req, resp):
......@@ -177,3 +182,6 @@ def credentialsChanged(self, user, name, pw):
method( resp, self.auth_cookie, quote( ac ) )
CookieCrumbler.credentialsChanged = credentialsChanged
CookieCrumbler.security = security
InitializeClass(CookieCrumbler)
......@@ -21,13 +21,18 @@ from Shared.DC.ZRDB.DA import DA, DatabaseError, SQLMethodTracebackSupplement
from Shared.DC.ZRDB import RDB
from Shared.DC.ZRDB.Results import Results
from App.Extensions import getBrain
from AccessControl import getSecurityManager
from AccessControl import ClassSecurityInfo, getSecurityManager
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base, aq_parent
from zLOG import LOG, INFO, ERROR
from string import find
from cStringIO import StringIO
from Products.ERP5Type import Permissions
import sys
security = ClassSecurityInfo()
DA.security = security
def DA_fromFile(self, filename):
"""
Read the file and update self
......@@ -261,7 +266,9 @@ def DA_upgradeSchema(self, connection_id=None, create_if_not_exists=False,
initialize, src__)
DA.__call__ = DA__call__
security.declarePrivate('fromFile')
DA.fromFile = DA_fromFile
security.declarePrivate('fromText')
DA.fromText = DA_fromText
DA.manage_FTPget = DA_manage_FTPget
DA.PUT = DA_PUT
......@@ -297,3 +304,4 @@ if hasattr(Shared.DC.ZRDB.DA, 'getObject'):
import App.Extensions
App.Extensions.getObject = getObjectMeta(App.Extensions.getObject)
InitializeClass(DA)
......@@ -16,7 +16,7 @@
# Optimized rendering of global actions (cache)
from Products.ERP5Type.Globals import DTMLFile
from Products.ERP5Type import _dtmldir
from Products.ERP5Type import Permissions, _dtmldir
from Products.DCWorkflow.DCWorkflow import DCWorkflowDefinition, StateChangeInfo, createExprContext
from Products.DCWorkflow.DCWorkflow import ObjectDeleted, ObjectMoved, aq_parent, aq_inner
from Products.DCWorkflow import DCWorkflow
......@@ -110,6 +110,7 @@ def Guard_checkWithoutRoles(self, sm, wf_def, ob, **kw):
return 0
return 1
DCWorkflowDefinition.security = ClassSecurityInfo()
def DCWorkflowDefinition_listGlobalActions(self, info):
'''
......@@ -336,6 +337,7 @@ def DCWorkflowDefinition_getWorklistVariableMatchDict(self, info,
return None
return variable_match_dict
DCWorkflowDefinition.security.declarePrivate('getWorklistVariableMatchDict')
DCWorkflowDefinition.getWorklistVariableMatchDict = DCWorkflowDefinition_getWorklistVariableMatchDict
class ValidationFailed(Exception):
......@@ -699,6 +701,8 @@ def getPortalTypeListForWorkflow(self):
result.append(portal_type)
return result
DCWorkflowDefinition.security.declareProtected(Permissions.AccessContentsInformation,
'getPortalTypeListForWorkflow')
DCWorkflowDefinition.getPortalTypeListForWorkflow = getPortalTypeListForWorkflow
def DCWorkflowDefinition_getFutureStateSet(self, state, ignore=(),
......@@ -719,8 +723,10 @@ def DCWorkflowDefinition_getFutureStateSet(self, state, ignore=(),
self.getFutureStateSet(state, ignore, _future_state_set)
return _future_state_set
DCWorkflowDefinition.security.declarePrivate('getFutureStateSet')
DCWorkflowDefinition.getFutureStateSet = DCWorkflowDefinition_getFutureStateSet
InitializeClass(DCWorkflowDefinition)
# This patch allows to use workflowmethod as an after_script
# However, the right way of doing would be to have a combined state of TRIGGER_USER_ACTION and TRIGGER_WORKFLOW_METHOD
......
......@@ -28,6 +28,10 @@
#
##############################################################################
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
# Products.DCWorkflowGraph.config does not check the return value of
# getenv('PATH'). This fails if PATH is not defined which is the case when
# running ZEO with SlapOS for example. But, Products.DCWorkflowGraph.__init__
......@@ -182,3 +186,9 @@ DCWorkflowGraph.getGraph = getGraph
from Products.DCWorkflow.DCWorkflow import DCWorkflowDefinition
DCWorkflowDefinition.getGraph = getGraph
DCWorkflowDefinition.getPOT = DCWorkflowGraph.getPOT
security = ClassSecurityInfo()
security.declareProtected(Permissions.ManagePortal, 'getPOT')
security.declareProtected(Permissions.ManagePortal, 'getGraph')
DCWorkflowDefinition.security = security
InitializeClass(DCWorkflowDefinition)
......@@ -14,7 +14,7 @@
from inspect import getargs
from Products.ExternalMethod.ExternalMethod import *
from AccessControl import ModuleSecurityInfo
from AccessControl.class_init import InitializeClass
from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_parent
from Products.ERP5Type.patches.PythonScript import _guard_form, \
_guard_manage_options, checkGuard, getGuard, manage_guardForm, \
......
......@@ -12,7 +12,10 @@
#
##############################################################################
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from OFS.Folder import Folder
from Products.ERP5Type import Permissions
"""
This patch modifies OFS.Folder._setOb to update portal_skins cache when
......@@ -55,3 +58,8 @@ def Folder_isERP5SitePresent(self):
return len(self.objectIds("ERP5 Site")) > 0
Folder.isERP5SitePresent = Folder_isERP5SitePresent
security = ClassSecurityInfo()
security.declareProtected(Permissions.ManagePortal, 'isERP5SitePresent')
Folder.security = security
InitializeClass(Folder)
......@@ -15,13 +15,16 @@ from Products.DCWorkflow.Guard import Guard
from Products.PythonScripts.PythonScript import PythonScript
from App.special_dtml import DTMLFile
from Products.ERP5Type import _dtmldir
from AccessControl import ModuleSecurityInfo, getSecurityManager
from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.class_init import InitializeClass
from OFS.misc_ import p_
from App.ImageFile import ImageFile
from Acquisition import aq_base, aq_parent
from zExceptions import Forbidden
security = ClassSecurityInfo()
PythonScript.security = security
def haveProxyRole(self):
"""if a script has proxy role, return True"""
return bool(self._proxy_roles)
......@@ -41,7 +44,9 @@ pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals())
#
# Add proxy role icon in ZMI
#
security.declarePrivate('haveProxyRole')
PythonScript.haveProxyRole = haveProxyRole
PythonScript.om_icons = om_icons
p_.PythonScript_ProxyRole_icon = pyscript_proxyrole
......@@ -57,8 +62,6 @@ PythonScript.manage_main = manage_editForm
PythonScript.manage_editDocument = manage_editForm
PythonScript.manage_editForm = manage_editForm
security = ModuleSecurityInfo('Products.PythonScripts.PythonScript.PythonScript')
_guard_manage_options = (
{
'label':'Guard',
......
......@@ -19,7 +19,8 @@ from types import StringTypes
# Make sure Interaction Workflows are called even if method not wrapped
from AccessControl import Unauthorized
from AccessControl import ClassSecurityInfo, Unauthorized
from Products.ERP5Type.Globals import InitializeClass
from Products.CMFCore.WorkflowTool import WorkflowTool
from Products.CMFCore.WorkflowCore import ObjectMoved, ObjectDeleted
from Products.CMFCore.WorkflowCore import WorkflowException
......@@ -29,6 +30,7 @@ from Products.DCWorkflow.Transitions import TRIGGER_WORKFLOW_METHOD
from Products.CMFCore.utils import getToolByName
from Products.ZSQLCatalog.SQLCatalog import SimpleQuery, AutoQuery, ComplexQuery, NegatedQuery
from Products.CMFCore.utils import _getAuthenticatedUser
from Products.ERP5Type import Permissions
from Products.ERP5Type.Cache import CachingMethod
from sets import ImmutableSet
from Acquisition import aq_base
......@@ -38,6 +40,9 @@ from itertools import izip
from MySQLdb import ProgrammingError, OperationalError
from DateTime import DateTime
security = ClassSecurityInfo()
WorkflowTool.security = security
def DCWorkflowDefinition_notifyWorkflowMethod(self, ob, transition_list, args=None, kw=None):
'''
Allows the system to request a workflow action. This method
......@@ -84,6 +89,7 @@ def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=N
'''
pass
security.declarePrivate('notifyWorkflowMethod')
DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod
DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore
DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess
......@@ -709,6 +715,7 @@ def WorkflowTool_refreshWorklistCache(self):
self.Base_zCreateWorklistTable()
Base_zInsertIntoWorklistTable(**value_column_dict)
security.declareProtected(Permissions.ManagePortal, 'refreshWorklistCache')
WorkflowTool.refreshWorklistCache = WorkflowTool_refreshWorklistCache
class WorkflowHistoryList(Persistent):
......@@ -831,6 +838,7 @@ def WorkflowTool_isTransitionPossible(self, ob, transition_id, wf_id=None):
return 1
return 0
security.declarePublic('isTransitionPossible')
WorkflowTool.isTransitionPossible = WorkflowTool_isTransitionPossible
def WorkflowTool_getWorkflowChainDict(self, sorted=True):
......@@ -844,6 +852,7 @@ def WorkflowTool_getWorkflowChainDict(self, sorted=True):
return_dict['chain_%s' % portal_type] = ', '.join(workflow_id_list)
return return_dict
security.declareProtected(Permissions.ManagePortal, 'getWorkflowChainDict')
WorkflowTool.getWorkflowChainDict = WorkflowTool_getWorkflowChainDict
WorkflowTool._reindexWorkflowVariables = lambda self, ob: \
......@@ -858,6 +867,7 @@ def WorkflowTool_getChainDict(self):
chain_dict.setdefault(wf_id, []).append(portal_type)
return chain_dict
security.declareProtected(Permissions.ManagePortal, 'getChainDict')
WorkflowTool.getChainDict = WorkflowTool_getChainDict
# Backward compatibility, as WorkflowMethod has been removed in CMFCore 2.2
......@@ -936,3 +946,5 @@ def _isJumpToStatePossibleFor(self, ob, state_id, wf_id=None):
WorkflowTool._jumpToStateFor = _jumpToStateFor
WorkflowTool._isJumpToStatePossibleFor = _isJumpToStatePossibleFor
InitializeClass(WorkflowTool)
......@@ -37,6 +37,8 @@ import sys
import unittest
import ZODB
import zLOG
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from App.config import getConfiguration
from ZConfig.matcher import SectionValue
from Zope2.Startup.datatypes import ZopeDatabase
......@@ -67,6 +69,8 @@ class DummyMailHostMixin(object):
_previous_message = ()
_message_list = []
security = ClassSecurityInfo()
@classmethod
def _send(cls, mfrom, mto, messageText, immediate=False):
"""Record message in _last_message."""
......@@ -84,6 +88,7 @@ class DummyMailHostMixin(object):
message_text = part.get_payload(decode=1)
return message_text
security.declarePrivate('getMessageList')
@classmethod
def getMessageList(cls, decode=True):
""" Return message list"""
......@@ -91,6 +96,7 @@ class DummyMailHostMixin(object):
return [(m[0], m[1], cls._decodeMessage(m[2])) for m in cls._message_list]
return cls._message_list
security.declarePrivate('getLastLog')
@classmethod
def getLastLog(cls):
""" Return last message """
......@@ -102,6 +108,8 @@ class DummyMailHostMixin(object):
cls._previous_message = ()
cls._message_list = []
InitializeClass(DummyMailHostMixin)
class DummyMailHost(DummyMailHostMixin, MailHost):
pass
......
......@@ -172,6 +172,8 @@ class Field:
else:
return '%s.%s:record' % (self.field_record, self.id)
security.declareProtected('Access contents information',
'generate_subfield_key')
def generate_subfield_key(self, id, validation=0, key=None):
"""Generate the key Silva uses to render a sub field.
Added key parameter for ERP5 in order to be compatible with listbox/matrixbox
......@@ -387,6 +389,7 @@ class Field:
"""
return self.widget.render_dict(self, value)
security.declareProtected('View', 'render_from_request')
def render_from_request(self, REQUEST, key_prefix=None):
"""Convenience method; render the field widget from REQUEST
(unvalidated data), or default if no raw data is found.
......
......@@ -669,6 +669,7 @@ class ZMIForm(ObjectManager, PropertyManager, RoleManager, Item, Form):
self.title = title
self.row_length = 4
security.declarePublic('all_meta_types')
def all_meta_types(self):
"""Get all meta types addable to this field. The ZMI uses
this method (original defined in ObjectManager).
......
......@@ -146,7 +146,7 @@ class DateTimeField(ZMIField):
self.sub_form = create_datetime_list_sub_form()
year_field = self.sub_form.get_field('year', include_disabled=1)
year_field.overrides['items'] = BoundMethod(self,
'override_year_items')
'_override_year_items')
else:
assert 0, "Unknown input_style."
self.on_value_css_class_changed(self.values['css_class'])
......@@ -161,7 +161,7 @@ class DateTimeField(ZMIField):
field.values['css_class'] = value
field._p_changed = 1
def override_year_items(self):
def _override_year_items(self):
"""The method gets called to get the right amount of years.
"""
start_datetime = self.get_value('start_datetime')
......
......@@ -146,6 +146,7 @@ class Localizer(LanguageManager, Folder):
# New code to control the language policy
security.declarePrivate('accept_cookie')
def accept_cookie(self, accept_language):
"""Add the language from a cookie."""
lang = self.REQUEST.cookies.get('LOCALIZER_LANGUAGE', None)
......@@ -153,6 +154,7 @@ class Localizer(LanguageManager, Folder):
accept_language.set(lang, 2.0)
security.declarePrivate('accept_path')
def accept_path(self, accept_language):
"""Add the language from the path."""
stack = self.REQUEST['TraversalRequestNameStack']
......@@ -161,6 +163,7 @@ class Localizer(LanguageManager, Folder):
accept_language.set(lang, 3.0)
security.declarePrivate('accept_url')
def accept_url(self, accept_language):
"""Add the language from the URL."""
lang = self.REQUEST.form.get('LOCALIZER_LANGUAGE')
......
......@@ -713,7 +713,9 @@ class MessageCatalog(LanguageManager, ObjectManager, SimpleItem):
# Backwards compatibility (XXX)
#######################################################################
security.declarePublic('hasmsg')
hasmsg = message_exists
security.declarePublic('hasLS')
hasLS = message_exists # CMFLocalizer uses it
class POFile(SimpleItem):
......
......@@ -268,6 +268,7 @@ class Transform(SimpleItem):
reload(m)
self._tr_init()
security.declarePrivate('preprocess_param')
def preprocess_param(self, kwargs):
""" preprocess param fetched from an http post to handle optional dictionary
"""
......
......@@ -184,6 +184,7 @@ class TransformTool(UniqueObject, ActionProviderBase, Folder):
# return IDataStream object
return result
security.declarePrivate('getRequirementListByMimetype')
def getRequirementListByMimetype(self, origin_mimetype, target_mimetype):
"""Return requirements only if origin_mimetype
and target_mimetype are matching transform policy
......@@ -573,6 +574,7 @@ class TransformTool(UniqueObject, ActionProviderBase, Folder):
REQUEST['RESPONSE'].redirect(self.absolute_url() +
'/manage_editTransformationPolicyForm')
security.declarePrivate('listPolicies')
def listPolicies(self):
""" return the list of defined policies
......@@ -625,6 +627,7 @@ class TransformTool(UniqueObject, ActionProviderBase, Folder):
return []
# available mimetypes ####################################################
security.declarePrivate('listAvailableTextInputs')
def listAvailableTextInputs(self):
"""Returns a list of mimetypes that can be used as input for textfields
by building a list of the inputs beginning with "text/" of all
......
......@@ -2015,6 +2015,7 @@ class Catalog(Folder,
) + list(self.sql_catalog_related_keys)
# Compatibililty SQL Sql
security.declarePrivate('getSqlCatalogRelatedKeyList')
getSqlCatalogRelatedKeyList = getSQLCatalogRelatedKeyList
security.declarePrivate('getSQLCatalogScriptableKeyList')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment