erp5_certificate_authority: Improve security settings

bt5/erp5_certificate_authority/DocumentTemplateItem/portal_components/document.erp5.CaucaseConnector.py

@@ -78,7 +78,7 @@ class CaucaseConnector(XMLObject):
 
       return self._getConnection(user_key=user_key_file.name)
 
-  security.declarePublic('bootstrapCaucaseConfiguration')
+  security.declareProtected(Permissions.ManageUsers, 'bootstrapCaucaseConfiguration')
   def bootstrapCaucaseConfiguration(self):
     if self.getUserCertificate() is None:
       caucase_connection = self._getConnection(mode="user")
@@ -103,7 +103,6 @@ class CaucaseConnector(XMLObject):
       else:
         self.setUserCertificate(crt_pem)
 
-
   def _getSubjectNameAttributeList(self):
     crt_pem = None #self.getUserCertificate()
     if crt_pem is None:
@@ -154,12 +153,15 @@ class CaucaseConnector(XMLObject):
   def createCertificateSigningRequest(self, csr):
     return self._getConnection().createCertificateSigningRequest(csr)
 
+  security.declareProtected(Permissions.ManageUsers, 'createCertificate')
   def createCertificate(self, csr_id, template_csr=""):
     return self._getAuthenticatedConnection().createCertificate(csr_id, template_csr)
 
+  security.declareProtected(Permissions.ManageUsers, 'getCertificate')
   def getCertificate(self, csr_id):
     return self._getAuthenticatedConnection().getCertificate(csr_id)
 
+  security.declareProtected(Permissions.ManageUsers, 'revokeCertificate')
   def revokeCertificate(self, crt_pem, key_pem=None):
     if key_pem is None:
       return self._getAuthenticatedConnection().revokeCertificate(crt_pem)

bt5/erp5_certificate_authority/PropertySheetTemplateItem/portal_property_sheets/CaucaseConnector/user_certificate_property.xml

@@ -24,6 +24,14 @@
             <key> <string>id</string> </key>
             <value> <string>user_certificate_property</string> </value>
         </item>
+        <item>
+            <key> <string>read_permission</string> </key>
+            <value> <string>Manage users</string> </value>
+        </item>
+        <item>
+            <key> <string>write_permission</string> </key>
+            <value> <string>Manage users</string> </value>
+        </item>
       </dictionary>
     </pickle>
   </record>

bt5/erp5_certificate_authority/PropertySheetTemplateItem/portal_property_sheets/CaucaseConnector/user_certificate_request_reference_property.xml

@@ -24,6 +24,14 @@
             <key> <string>id</string> </key>
             <value> <string>user_certificate_request_reference_property</string> </value>
         </item>
+        <item>
+            <key> <string>read_permission</string> </key>
+            <value> <string>Manage users</string> </value>
+        </item>
+        <item>
+            <key> <string>write_permission</string> </key>
+            <value> <string>Manage users</string> </value>
+        </item>
       </dictionary>
     </pickle>
   </record>

bt5/erp5_certificate_authority/PropertySheetTemplateItem/portal_property_sheets/CaucaseConnector/user_key_property.xml

@@ -24,6 +24,14 @@
             <key> <string>id</string> </key>
             <value> <string>user_key_property</string> </value>
         </item>
+        <item>
+            <key> <string>read_permission</string> </key>
+            <value> <string>Manage users</string> </value>
+        </item>
+        <item>
+            <key> <string>write_permission</string> </key>
+            <value> <string>Manage users</string> </value>
+        </item>
       </dictionary>
     </pickle>
   </record>