implemented class tool security

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@2050 20353a03-c40f-0410-a6d1-a30d3c3de9de

implemented class tool security
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@2050 20353a03-c40f-0410-a6d1-a30d3c3de9de
691da10c · Jean-Paul Smets · 989644a4 · 691da10c
Commit 691da10c authored Dec 19, 2004 by Jean-Paul Smets
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

product/ERP5Type/__init__.py product/ERP5Type/__init__.py +8 -0

No files found.
--- a/product/ERP5Type/__init__.py
+++ b/product/ERP5Type/__init__.py
@@ -43,6 +43,14 @@ import Interface, PropertySheet, ZopePatch, StateChangeInfoPatch, CMFCorePatch
 import Products.Localizer # So that we make sure Globals.get_request is available
+# ClassTool will not be available unless a special file is created with
+# read permissions for zope - this prevents security holes in 
+# production environment  
+class_tool_security_path = '%s%s%s' % (product_path, os.sep, 'ALLOW_CLASS_TOOL')
+def allowClassTool():
+  return os.access(class_tool_security_path, os.F_OK)
 def initialize( context ):
  # Import Product Components
  from Tool import ClassTool