Skip to content

erp5
erp5
Commit ab447bd0 authored by iv's avatar iv
Browse files
Options

ERP5Workflow: declare security permission for methods

parent 0e0b9ca0
Hide whitespace changes
Inline Side-by-side
Showing with 76 additions and 21 deletions
product/ERP5Workflow/Document/State.py
View file @ ab447bd0
...@@ -93,6 +93,8 @@ class State(IdAsReferenceMixin("state_", "prefix"), XMLObject, CustomStorageMatr ...@@ -93,6 +93,8 @@ class State(IdAsReferenceMixin("state_", "prefix"), XMLObject, CustomStorageMatr
# return possible transition id list: # return possible transition id list:
return self.getDestinationIdList() return self.getDestinationIdList()
security.declareProtected(Permissions.AccessContentsInformation,
'getStatePermissionRolesDict')
def getStatePermissionRolesDict(self): def getStatePermissionRolesDict(self):
role_dict = getattr(self, 'state_permission_roles', None) role_dict = getattr(self, 'state_permission_roles', None)
if role_dict is None: if role_dict is None:
...@@ -100,25 +102,39 @@ class State(IdAsReferenceMixin("state_", "prefix"), XMLObject, CustomStorageMatr ...@@ -100,25 +102,39 @@ class State(IdAsReferenceMixin("state_", "prefix"), XMLObject, CustomStorageMatr
# commited in the ZODB # commited in the ZODB
self.state_permission_roles = role_dict = PersistentMapping() self.state_permission_roles = role_dict = PersistentMapping()
return role_dict return role_dict
security.declareProtected(Permissions.ModifyPortalContent,
'setStatePermissionRolesDict')
def setStatePermissionRolesDict(self, permission_roles): def setStatePermissionRolesDict(self, permission_roles):
"""
create a dict containing state/permission role dict
use a PersistentMapping so that the ZODB is updated
when this dict is changed
"""
self.state_permission_roles = PersistentMapping(permission_roles) self.state_permission_roles = PersistentMapping(permission_roles)
security.declareProtected(Permissions.ModifyPortalContent,
'setPermission')
def setPermission(self, permission, acquired, roles, REQUEST=None): def setPermission(self, permission, acquired, roles, REQUEST=None):
""" """
Set a permission for this State. Set a permission for this State.
""" """
self.state_permission_roles[permission] = list(roles) self.state_permission_roles[permission] = list(roles)
security.declareProtected(Permissions.AccessContentsInformation,
'getDestinationReferenceList')
def getDestinationReferenceList(self): def getDestinationReferenceList(self):
ref_list = [] ref_list = []
for tr in self.getDestinationValueList(): for tr in self.getDestinationValueList():
ref_list.append(tr.getReference()) ref_list.append(tr.getReference())
return ref_list return ref_list
security.declareProtected(Permissions.AccessContentsInformation,
'getAvailableTypeList')
def getAvailableTypeList(self): def getAvailableTypeList(self):
""" """
This is a method specific to ERP5. This returns a list of state types, which are used for portal methods. This is a method specific to ERP5. This returns a list of state types,
which are used for portal methods.
""" """
return ( return (
'draft_order', 'draft_order',
...@@ -129,6 +145,8 @@ class State(IdAsReferenceMixin("state_", "prefix"), XMLObject, CustomStorageMatr ...@@ -129,6 +145,8 @@ class State(IdAsReferenceMixin("state_", "prefix"), XMLObject, CustomStorageMatr
'current_inventory', 'current_inventory',
) )
security.declareProtected(Permissions.ModifyPortalContent,
'updateCellFromCustomStorage')
def updateCellFromCustomStorage(self, cell, **kw): def updateCellFromCustomStorage(self, cell, **kw):
""" """
Creates a new content as a matrix box cell. Creates a new content as a matrix box cell.
......
product/ERP5Workflow/Document/Workflow.py
View file @ ab447bd0
...@@ -100,8 +100,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -100,8 +100,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
return super(Workflow, self).__getattr__(name) return super(Workflow, self).__getattr__(name)
def notifyCreated(self, document): def notifyCreated(self, document):
"""
"""Notifies this workflow after an object has been created and added. Notifies this workflow after an object has been created and added.
""" """
try: try:
self._changeStateOf(document, None) self._changeStateOf(document, None)
...@@ -109,6 +109,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -109,6 +109,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
# Swallow. # Swallow.
pass pass
security.declareProtected(Permissions.ModifyPortalContent,
'initializeDocument')
initializeDocument = notifyCreated initializeDocument = notifyCreated
def _generateHistoryKey(self): def _generateHistoryKey(self):
...@@ -134,18 +136,21 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -134,18 +136,21 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
# Update history # Update history
document.workflow_history[workflow_key] += (status_dict,) document.workflow_history[workflow_key] += (status_dict,)
# XXX this _p_changed marks the document modified, but the # XXX this _p_changed marks the document modified, but only the
# only the PersistentMapping is modified # PersistentMapping is modified
# document._p_changed = 1 # document._p_changed = 1
# XXX this _p_changed is apparently not necessary # XXX this _p_changed is apparently not necessary
#document.workflow_history._p_changed = 1 #document.workflow_history._p_changed = 1
security.declarePublic('getDateTime')
def getDateTime(self): def getDateTime(self):
""" """
Return current date time. Return current date time.
""" """
return DateTime() return DateTime()
security.declareProtected(Permissions.AccessContentsInformation,
'getStateChangeInformation')
def getStateChangeInformation(self, document, state, transition=None): def getStateChangeInformation(self, document, state, transition=None):
""" """
Return an object used for variable tales expression. Return an object used for variable tales expression.
...@@ -481,6 +486,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -481,6 +486,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
return value return value
security.declareProtected(Permissions.AccessContentsInformation,
'getCurrentStatusDict')
def getCurrentStatusDict(self, document): def getCurrentStatusDict(self, document):
""" """
Get the current status dict. It's the same as _getStatusOf. Get the current status dict. It's the same as _getStatusOf.
...@@ -766,6 +773,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -766,6 +773,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
else: else:
return new_sdef return new_sdef
security.declarePublic('wrapWorkflowMethod')
def wrapWorkflowMethod(self, ob, method_id, func, args, kw): def wrapWorkflowMethod(self, ob, method_id, func, args, kw):
''' '''
Allows the user to request a workflow action. This method Allows the user to request a workflow action. This method
...@@ -794,14 +802,25 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -794,14 +802,25 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
raise ObjectMoved(ex.getNewObject(), res) raise ObjectMoved(ex.getNewObject(), res)
return res return res
security.declareProtected(Permissions.AddPortalContent,
'addTransition')
def addTransition(self, name): def addTransition(self, name):
"""
add a new transition to the workflow
"""
tr = self.newContent(portal_type='Transition') tr = self.newContent(portal_type='Transition')
tr.setReference(name) tr.setReference(name)
security.declareProtected(Permissions.DeleteObjects,
'deleteTransitions')
def deleteTransitions(self, name_list): def deleteTransitions(self, name_list):
"""
remove an set of transition
"""
for name in name_list: for name in name_list:
self._delObject('transition_'+name) self._delObject('transition_'+name)
security.declareProtected(Permissions.AccessContentsInformation, 'showAsXML')
def showAsXML(self, root=None): def showAsXML(self, root=None):
if root is None: if root is None:
root = Element('erp5') root = Element('erp5')
...@@ -1046,6 +1065,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -1046,6 +1065,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
return etree.tostring(root, encoding='utf-8', return etree.tostring(root, encoding='utf-8',
xml_declaration=True, pretty_print=True) xml_declaration=True, pretty_print=True)
security.declareProtected(Permissions.AccessContentsInformation,
'getPortalTypeListForWorkflow')
# Get list of portal types for workflow # Get list of portal types for workflow
def getPortalTypeListForWorkflow(self): def getPortalTypeListForWorkflow(self):
""" """
...@@ -1140,6 +1161,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -1140,6 +1161,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
""" """
return 1 return 1
security.declareProtected(Permissions.AccessContentsInformation,
'getCatalogVariablesFor')
def getCatalogVariablesFor(self, ob): def getCatalogVariablesFor(self, ob):
''' '''
Allows this workflow to make workflow-specific variables Allows this workflow to make workflow-specific variables
......
product/ERP5Workflow/Document/Worklist.py
View file @ ab447bd0
...@@ -102,9 +102,7 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject, ...@@ -102,9 +102,7 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject,
'variable_comment', 'variable_error_message', 'variable_history',\ 'variable_comment', 'variable_error_message', 'variable_history',\
'variable_portal_type', 'variable_time'] 'variable_portal_type', 'variable_time']
""" # Check workflow variables:
Check workflow variables:
"""
for variable_value in self.getParentValue().objectValues(portal_type="Workflow Variable"): for variable_value in self.getParentValue().objectValues(portal_type="Workflow Variable"):
variable_id = variable_value.getId() variable_id = variable_value.getId()
workflow_variable_id_list.append(variable_id) workflow_variable_id_list.append(variable_id)
...@@ -122,16 +120,15 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject, ...@@ -122,16 +120,15 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject,
self._delObject(variable_id) self._delObject(variable_id)
res.remove(worklist_variable_value) res.remove(worklist_variable_value)
""" # Append user created worklist variables.
Append user created worklist variables.
"""
for worklist_variable_value in self.objectValues(): for worklist_variable_value in self.objectValues():
if worklist_variable_value.getId() not in workflow_variable_id_list: if worklist_variable_value.getId() not in workflow_variable_id_list:
res.append(worklist_variable_value) res.append(worklist_variable_value)
workflow_variable_id_list.append(worklist_variable_value.getId()) workflow_variable_id_list.append(worklist_variable_value.getId())
LOG(" worklist '%s' has variable '%s'"%(self.getId(),workflow_variable_id_list ),0, " in Worklist.py 159")
return res return res
security.declareProtected(Permissions.AccessContentsInformation,
'getVarMatchKeys')
def getVarMatchKeys(self): def getVarMatchKeys(self):
key_list = [] key_list = []
if self.getMatchedPortalTypeList(): if self.getMatchedPortalTypeList():
...@@ -147,6 +144,8 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject, ...@@ -147,6 +144,8 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject,
key_list.append(dynamic_variable.getReference()) key_list.append(dynamic_variable.getReference())
return key_list return key_list
security.declareProtected(Permissions.AccessContentsInformation,
'getVarMatch')
def getVarMatch(self, id): def getVarMatch(self, id):
""" return value of matched keys""" """ return value of matched keys"""
matches = None matches = None
...@@ -186,6 +185,8 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject, ...@@ -186,6 +185,8 @@ class Worklist(IdAsReferenceMixin("worklist_", "prefix"), XMLObject,
else: else:
return () return ()
security.declareProtected(Permissions.AccessContentsInformation,
'getVarMatchText')
def getVarMatchText(self, id): def getVarMatchText(self, id):
values = self.getVarMatch(id) values = self.getVarMatch(id)
if isinstance(values, Expression): if isinstance(values, Expression):
......
product/ERP5Workflow/Tool/WorkflowTool.py
View file @ ab447bd0
...@@ -57,6 +57,7 @@ from Products.CMFCore.WorkflowCore import ObjectMoved, ObjectDeleted,\ ...@@ -57,6 +57,7 @@ from Products.CMFCore.WorkflowCore import ObjectMoved, ObjectDeleted,\
WorkflowException WorkflowException
from Products.DCWorkflow.DCWorkflow import DCWorkflowDefinition from Products.DCWorkflow.DCWorkflow import DCWorkflowDefinition
from Products.DCWorkflow.Expression import Expression from Products.DCWorkflow.Expression import Expression
from Products.DCWorkflow.permissions import ManagePortal
from Products.DCWorkflow.Transitions import TRIGGER_WORKFLOW_METHOD from Products.DCWorkflow.Transitions import TRIGGER_WORKFLOW_METHOD
from Products.ERP5 import _dtmldir from Products.ERP5 import _dtmldir
from Products.ERP5.Document.BusinessTemplate import BusinessTemplateMissingDependency from Products.ERP5.Document.BusinessTemplate import BusinessTemplateMissingDependency
...@@ -106,6 +107,7 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool): ...@@ -106,6 +107,7 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool):
# Declarative Security # Declarative Security
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
_product_interfaces = OriginalWorkflowTool._product_interfaces _product_interfaces = OriginalWorkflowTool._product_interfaces
_chains_by_type = OriginalWorkflowTool._chains_by_type _chains_by_type = OriginalWorkflowTool._chains_by_type
...@@ -168,6 +170,7 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool): ...@@ -168,6 +170,7 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool):
return True return True
return False return False
security.declareProtected(Permissions.ModifyPortalContent, 'copyWorkflow')
def copyWorkflow(self, old_workflow_id, new_workflow_id): def copyWorkflow(self, old_workflow_id, new_workflow_id):
""" """
Create a copy of old_workflow_id workflow Create a copy of old_workflow_id workflow
...@@ -215,6 +218,8 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool): ...@@ -215,6 +218,8 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool):
return self._invokeWithNotification( return self._invokeWithNotification(
workflow_list, ob, action, wf.doActionFor, (ob, action) + args, kw) workflow_list, ob, action, wf.doActionFor, (ob, action) + args, kw)
security.declareProtected(Permissions.AccessContentsInformation,
'getWorkflowValueListFor')
def getWorkflowValueListFor(self, ob): def getWorkflowValueListFor(self, ob):
""" Return a list of workflows bound to selected object, this workflow """ Return a list of workflows bound to selected object, this workflow
list may contain both DC Workflow and Workflow. list may contain both DC Workflow and Workflow.
...@@ -260,6 +265,8 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool): ...@@ -260,6 +265,8 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool):
def getObjectFromPath(self, path): def getObjectFromPath(self, path):
return self.unrestrictedTraverse(path) return self.unrestrictedTraverse(path)
security.declareProtected(Permissions.AccessContentsInformation,
'getWorkflowTempObjectList')
def getWorkflowTempObjectList(self, temp_obj=1): def getWorkflowTempObjectList(self, temp_obj=1):
""" Return a list of converted temporary workflows. Only necessary in """ Return a list of converted temporary workflows. Only necessary in
Workflow Tool to get temporarilly converted DCWorkflow. Workflow Tool to get temporarilly converted DCWorkflow.
...@@ -290,6 +297,8 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool): ...@@ -290,6 +297,8 @@ class WorkflowTool(BaseTool, OriginalWorkflowTool):
script_path_list.append(script_path) script_path_list.append(script_path)
return script_path_list return script_path_list
security.declareProtected(Permissions.ModifyPortalContent,
'dc_workflow_asERP5Object')
def dc_workflow_asERP5Object(self, dc_workflow, is_temporary=False): def dc_workflow_asERP5Object(self, dc_workflow, is_temporary=False):
""" convert DC Workflow to New Workflow """ """ convert DC Workflow to New Workflow """
......
product/ERP5Workflow/mixin/guardable.py
View file @ ab447bd0
...@@ -9,16 +9,17 @@ from Persistence import Persistent ...@@ -9,16 +9,17 @@ from Persistence import Persistent
from Products.CMFCore.Expression import Expression from Products.CMFCore.Expression import Expression
from Products.CMFCore.utils import _checkPermission from Products.CMFCore.utils import _checkPermission
from Products.ERP5Type import Permissions
from Products.DCWorkflow.Expression import StateChangeInfo from Products.DCWorkflow.Expression import StateChangeInfo
from Products.DCWorkflow.Expression import createExprContext from Products.DCWorkflow.Expression import createExprContext
from Products.DCWorkflow.permissions import ManagePortal
from Products.DCWorkflow.utils import _dtmldir from Products.DCWorkflow.utils import _dtmldir
# XXX(WORKFLOW) remove dependencies to DCWorkflow ^ # XXX(WORKFLOW) remove dependencies to DCWorkflow ^
class GuardableMixin(object): class GuardableMixin(object):
''' '''
code of methods and functions taken from code of methods and functions taken from
Products.DCWorkflow-2.2.4 > Guard.py Products.DCWorkflow-2.2.4 > Guard.py
''' '''
...@@ -28,18 +29,21 @@ class GuardableMixin(object): ...@@ -28,18 +29,21 @@ class GuardableMixin(object):
guard_role = () guard_role = ()
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectProtected(ManagePortal) security.declareObjectProtected(Permissions.ManagePortal)
def isGuarded(self): def isGuarded(self):
# Returns True if object has at least one of the guard securities set among:
# * expression
# * group
# * permission
# * role
return self.guard_expression or self.guard_group or \ return self.guard_expression or self.guard_group or \
self.guard_permission or self.guard_role self.guard_permission or self.guard_role
def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw): def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
""" # Checks conditions in this guard.
Checks conditions in this guard. # original source code from DCWorkflow (Nexedi patched version for use of
original source code from DCWorkflow (Nexedi patched version for use of # proxy_roles)
proxy_roles)
"""
user_roles = None user_roles = None
def getRoles(): def getRoles():
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7