Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
erp5
Commits
c4e5b100
Commit
c4e5b100
authored
Feb 08, 2024
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
*: restrict send API usage
parent
c503f318
Changes
15
Show whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
55 additions
and
8 deletions
+55
-8
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.py
...inTemplateItem/portal_skins/erp5_base/Entity_sendEmail.py
+4
-0
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.xml
...nTemplateItem/portal_skins/erp5_base/Entity_sendEmail.xml
+1
-1
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.py
...inTemplateItem/portal_skins/erp5_base/MailMessage_send.py
+3
-0
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.xml
...nTemplateItem/portal_skins/erp5_base/MailMessage_send.xml
+1
-1
bt5/erp5_crm/TestTemplateItem/portal_components/test.erp5.testCRM.py
...m/TestTemplateItem/portal_components/test.erp5.testCRM.py
+22
-0
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.py
.../SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.py
+4
-0
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.xml
...SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.xml
+1
-1
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.py
...interface_post/InternetMessagePost_sendMailHostMessage.py
+3
-0
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.xml
...nterface_post/InternetMessagePost_sendMailHostMessage.xml
+1
-1
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.py
...Item/portal_skins/erp5_short_message/ShortMessage_send.py
+3
-0
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.xml
...tem/portal_skins/erp5_short_message/ShortMessage_send.xml
+1
-1
bt5/erp5_short_message/ToolComponentTemplateItem/portal_components/tool.erp5.SMSTool.py
...ponentTemplateItem/portal_components/tool.erp5.SMSTool.py
+3
-3
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.EmailDocument.py
...lateItem/portal_components/document.erp5.EmailDocument.py
+2
-0
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.Event.py
...mentTemplateItem/portal_components/document.erp5.Event.py
+3
-0
product/ERP5Type/patches/MailHost.py
product/ERP5Type/patches/MailHost.py
+3
-0
No files found.
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.py
View file @
c4e5b100
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
from
email.utils
import
formataddr
portal
=
context
.
getPortalObject
()
event
=
portal
.
restrictedTraverse
(
event_relative_url
)
...
...
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
event_relative_url, **kw
</string>
</value>
<value>
<string>
event_relative_url,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.py
View file @
c4e5b100
...
...
@@ -2,6 +2,9 @@
This script is also used by notification tool, that's why it is in erp5_base.
"""
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
from
email.utils
import
formataddr
portal
=
context
.
getPortalObject
()
...
...
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None, extra_header_dict=None, **kw
</string>
</value>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None, extra_header_dict=None,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_crm/TestTemplateItem/portal_components/test.erp5.testCRM.py
View file @
c4e5b100
...
...
@@ -2069,6 +2069,28 @@ class TestCRMMailSend(BaseTestCRM):
message
=
message_from_string
(
last_message
)
self
.
assertEqual
(
"test"
,
message
.
get
(
"X-test-header"
))
def
test_MailMessage_send_security
(
self
):
mail_message
=
self
.
portal
.
event_module
.
newContent
(
portal_type
=
"Mail Message"
,
source
=
'person_module/me'
,
destination
=
'person_module/recipient'
)
self
.
assertGreater
(
self
.
publish
(
mail_message
.
getPath
()
+
'/send'
,
user
=
'ERP5TypeTestCase'
).
getStatus
(),
300
)
self
.
assertGreater
(
self
.
publish
(
mail_message
.
getPath
()
+
'/MailMessage_send'
,
user
=
'ERP5TypeTestCase'
).
getStatus
(),
300
)
self
.
assertGreater
(
self
.
publish
(
self
.
portal
.
MailHost
.
getPath
()
+
'/send'
,
user
=
'ERP5TypeTestCase'
).
getStatus
(),
300
)
self
.
assertFalse
(
self
.
portal
.
MailHost
.
getMessageList
())
def
test_suite
():
suite
=
unittest
.
TestSuite
()
...
...
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.py
View file @
c4e5b100
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
if
body
is
None
:
body
=
context
.
getTextContent
()
#XXX This does not support structured text format.
...
...
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None, **kw
</string>
</value>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
...
...
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.py
View file @
c4e5b100
...
...
@@ -5,5 +5,8 @@
# spawned with parameters :
# conflict_retry=False,
# max_retry=0,
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
context
.
getPortalObject
().
MailHost
.
send
(
context
.
getData
())
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string></string>
</value>
<value>
<string>
REQUEST=None
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
...
...
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.py
View file @
c4e5b100
...
...
@@ -2,6 +2,9 @@
Send the current sms by using a SMS gateway.
Use default mobile phone of source and destination
"""
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
#Get recipients
recipient_phone_list
=
[
...
...
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
from_url=None, from_title=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=False, **kw
</string>
</value>
<value>
<string>
from_url=None, from_title=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=False,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_short_message/ToolComponentTemplateItem/portal_components/tool.erp5.SMSTool.py
View file @
c4e5b100
...
...
@@ -30,14 +30,13 @@
from
AccessControl
import
ClassSecurityInfo
from
Products.ERP5Type.Tool.BaseTool
import
BaseTool
from
Products.ERP5Type.Permissions
import
ManagePortal
from
Products.ERP5Type.Utils
import
non_publishable
#from Products.ERP5ShortMessage import _dtmldir
class
SMSTool
(
BaseTool
):
"""
This tool manages gadgets.
It is used as a central point to manage gadgets (ERP5 or external ones)...
This tool takes care of sending SMS.
"""
id
=
'portal_sms'
meta_type
=
'ERP5 SMS Tool'
...
...
@@ -50,6 +49,7 @@ class SMSTool(BaseTool):
#manage_overview = DTMLFile('explainSMSTool', _dtmldir )
security
.
declareProtected
(
ManagePortal
,
'send'
)
@
non_publishable
def
send
(
self
,
text
,
recipient
,
sender
,
gateway_reference
=
'default'
,
document_relative_url
=
None
,
activate_kw
=
None
):
"""Send the message
...
...
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.EmailDocument.py
View file @
c4e5b100
...
...
@@ -32,6 +32,7 @@ from DateTime import DateTime
from
AccessControl
import
ClassSecurityInfo
from
Products.ERP5Type.Accessor.Constant
import
PropertyGetter
as
ConstantGetter
from
Products.ERP5Type
import
Permissions
,
PropertySheet
from
Products.ERP5Type.Utils
import
non_publishable
from
erp5.component.document.TextDocument
import
TextDocument
from
erp5.component.document.File
import
File
from
erp5.component.mixin.MailMessageMixin
import
MailMessageMixin
,
testCharsetAndConvert
...
...
@@ -359,6 +360,7 @@ class EmailDocument(TextDocument, MailMessageMixin):
return content_information.get('
Return
-
Path
', content_information.get('
From
'))
security.declareProtected(Permissions.UseMailhostServices, '
sendMailHostMessage
')
@non_publishable
def sendMailHostMessage(self, message):
"""
Send one by one
...
...
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.Event.py
View file @
c4e5b100
...
...
@@ -32,9 +32,11 @@ from AccessControl import ClassSecurityInfo
from
Products.ERP5Type
import
Permissions
,
PropertySheet
from
Products.ERP5Type.Accessor.Constant
import
PropertyGetter
as
ConstantGetter
from
Products.ERP5Type.Globals
import
InitializeClass
from
Products.ERP5Type.Utils
import
non_publishable
from
erp5.component.document.Movement
import
Movement
from
erp5.component.document.EmailDocument
import
EmailDocument
class
AcknowledgeableMixin
:
"""
Mixin class for all documents that we can acknowledge
...
...
@@ -154,6 +156,7 @@ class Event(Movement, EmailDocument, AcknowledgeableMixin):
return
self
security
.
declareProtected
(
Permissions
.
UseMailhostServices
,
'send'
)
@
non_publishable
def
send
(
self
,
from_url
=
None
,
to_url
=
None
,
reply_url
=
None
,
subject
=
None
,
body
=
None
,
attachment_format
=
None
,
attachment_list
=
None
,
download
=
False
,
**
kw
):
...
...
product/ERP5Type/patches/MailHost.py
View file @
c4e5b100
...
...
@@ -20,6 +20,7 @@ In ERP5, we have Activity Tool to postpone mail delivery.
from
inspect
import
getargspec
,
isfunction
from
Products.MailHost.MailHost
import
MailBase
from
Products.ERP5Type.Utils
import
non_publishable
import
six
for
f
in
six
.
itervalues
(
MailBase
.
__dict__
):
...
...
@@ -44,3 +45,5 @@ def _makeMailer(self):
return
smtp_mailer
MailBase
.
_makeMailer
=
_makeMailer
MailBase
.
send
=
non_publishable
(
MailBase
.
send
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment