Remove proxy role support from DTML documents and methods.

e0403645 · Hanno Schlichting · dbb476e6 · e0403645 · e0403645 · e0403645
Commit e0403645 authored Sep 02, 2016 by Hanno Schlichting
5 changed files
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -30,6 +30,8 @@ Features Added
 Restructuring
 +++++++++++++

+- Remove proxy role support from DTML documents and methods.
+
 - Remove ZCacheable logic and StandardCacheManagers dependency.

 - Stop mixing in `Five.bbb.AcquisitionBBB` into browser components.

--- a/src/OFS/DTMLDocument.py
+++ b/src/OFS/DTMLDocument.py
@@ -49,7 +49,6 @@ class DTMLDocument(PropertyManager, DTMLMethod):
    def manage_upload(self, file='', REQUEST=None):
        """ Replace the contents of the document with the text in 'file'.
        """
-        self._validateProxy(REQUEST)
        if self.wl_isLocked():
            raise ResourceLockedError('This document has been locked.')


--- a/src/OFS/DTMLMethod.py
+++ b/src/OFS/DTMLMethod.py
@@ -23,10 +23,8 @@ from App.special_dtml import DTMLFile
 from App.special_dtml import HTML
 from AccessControl import getSecurityManager
 from AccessControl.Permissions import view_management_screens
-from AccessControl.Permissions import change_proxy_roles
 from AccessControl.Permissions import view as View  # NOQA
 from AccessControl.Permissions import ftp_access
-from AccessControl.requestmethod import requestmethod
 from AccessControl.tainted import TaintedString
 from DocumentTemplate.permissions import change_dtml_methods
 from DocumentTemplate.security import RestrictedDTML
@@ -34,7 +32,7 @@ from OFS import bbb
 from OFS.Cache import Cacheable
 from OFS.role import RoleManager
 from OFS.SimpleItem import Item_w__name__
-from zExceptions import Forbidden, ResourceLockedError
+from zExceptions import ResourceLockedError
 from zExceptions.TracebackSupplement import PathTracebackSupplement
 from zope.contenttype import guess_content_type

@@ -53,7 +51,6 @@ class DTMLMethod(RestrictedDTML,
    """ DocumentTemplate.HTML objects that act as methods of their containers.
    """
    meta_type = 'DTML Method'
-    _proxy_roles = ()
    index_html = None  # Prevent accidental acquisition

    security = ClassSecurityInfo()
@@ -69,7 +66,6 @@ class DTMLMethod(RestrictedDTML,

    manage_options = ((
        {'label': 'Edit', 'action': 'manage_main'},
-        {'label': 'Proxy', 'action': 'manage_proxyForm'},
    ) +
        RoleManager.manage_options +
        Item_w__name__.manage_options
@@ -165,14 +161,10 @@ class DTMLMethod(RestrictedDTML,
    security.declareProtected(change_dtml_methods, 'manage_main')
    manage = manage_main = manage_editDocument = manage_editForm

-    security.declareProtected(change_proxy_roles, 'manage_proxyForm')
-    manage_proxyForm = DTMLFile('dtml/documentProxy', globals())
-
    security.declareProtected(change_dtml_methods, 'manage_edit')
    def manage_edit(self, data, title, SUBMIT='Change', REQUEST=None):
        """ Replace contents with 'data', title with 'title'.
        """
-        self._validateProxy(REQUEST)
        if self.wl_isLocked():
            raise ResourceLockedError('This item is locked.')

@@ -190,7 +182,6 @@ class DTMLMethod(RestrictedDTML,
    def manage_upload(self, file='', REQUEST=None):
        """ Replace the contents of the document with the text in 'file'.
        """
-        self._validateProxy(REQUEST)
        if self.wl_isLocked():
            raise ResourceLockedError('This DTML Method is locked.')

@@ -204,41 +195,6 @@ class DTMLMethod(RestrictedDTML,
            message = "Saved changes."
            return self.manage_main(self, REQUEST, manage_tabs_message=message)

-    def manage_haveProxy(self, r):
-        return r in self._proxy_roles
-
-    def _validateProxy(self, request, roles=None):
-        if roles is None:
-            roles = self._proxy_roles
-        if not roles:
-            return
-        user = u = getSecurityManager().getUser()
-        user = user.allowed
-        for r in roles:
-            if r and not user(self, (r,)):
-                user = None
-                break
-
-        if user is not None:
-            return
-
-        raise Forbidden(
-            'You are not authorized to change <em>%s</em> because you '
-            'do not have proxy roles.\n<!--%s, %s-->' % (
-                self.__name__, u, roles))
-
-    security.declareProtected(change_proxy_roles, 'manage_proxy')
-    @requestmethod('POST')
-    def manage_proxy(self, roles=(), REQUEST=None):
-        "Change Proxy Roles"
-        self._validateProxy(REQUEST, roles)
-        self._validateProxy(REQUEST)
-        self._proxy_roles = tuple(roles)
-        if REQUEST:
-            message = "Saved changes."
-            return self.manage_proxyForm(self, REQUEST,
-                                         manage_tabs_message=message)
-
    security.declareProtected(view_management_screens, 'PrincipiaSearchSource')
    def PrincipiaSearchSource(self):
        # Support for searching - the document's contents are searched.
@@ -259,7 +215,6 @@ class DTMLMethod(RestrictedDTML,
            self.dav__init(REQUEST, RESPONSE)
            self.dav__simpleifhandler(REQUEST, RESPONSE, refresh=1)
            body = REQUEST.get('BODY', '')
-            self._validateProxy(REQUEST)
            self.munge(body)
            RESPONSE.setStatus(204)
            return RESPONSE

--- a/src/OFS/dtml/documentProxy.dtml
+++ b/src/OFS/dtml/documentProxy.dtml
-<dtml-var manage_page_header>
-<dtml-with "_(management_view='Proxy')">
-<dtml-var manage_tabs>
-</dtml-with>
-
-<p class="form-help">
-Proxy roles allow you to control the access that a DTML document or
-method has. Proxy roles replace the roles of the user who is viewing
-the document or method.  This can be used to both expand and limit
-access to resources. Select the proxy roles for this object from 
-the list below.
-</p>
-
-<form action="manage_proxy" method="post">
-<table cellpadding="2" cellspacing="0" border="0">
-<tr>
-<tr>
-  <td align="left" valign="top">
-  <div class="form-label">
-  Proxy Roles
-  </div>
-  </td>
-  <td align="left" valign="top">
-  <div class="form-element">
-  <select name="roles:list" size="7" multiple>
-  <dtml-in valid_roles>
-  <dtml-if expr="_vars['sequence-item'] != 'Shared'">
-  <option <dtml-if 
-   expr="manage_haveProxy(_vars['sequence-item'])">selected</dtml-if
-  >>&dtml-sequence-item;</option>
-  </dtml-if>
-  </dtml-in valid_roles>
-  </select>
-  </div>
-  </td>
-</tr>
-<tr>
-  <td align="left" valign="top" colspan="2">
-  <div class="form-element">
-  <input class="form-element" type="submit" name="SUBMIT" value="Save Changes">
-  </div>
-  </td>
-</tr>
-</table>
-
-</form>
-
-<dtml-var manage_page_footer>
-
-
-
-
--- a/src/OFS/dtml/owner.dtml
+++ b/src/OFS/dtml/owner.dtml
@@ -4,8 +4,7 @@
 <p class="form-help">
 Almost all Zope objects can be owned. When you create an object you
 become its owner. Ownership matters for method objects since
-it determines what roles they have when they are executed. See the
-<em>Proxy Roles</em> view of method objects for more information.
+it determines what roles they have when they are executed.
 </p>

 <p>