Commit fe3a1740 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

monkey patch ExternalMethod so that we have Guard like DCWorkflow.Transition.

parent 2548346d
...@@ -13,6 +13,13 @@ ...@@ -13,6 +13,13 @@
from inspect import getargs from inspect import getargs
from Products.ExternalMethod.ExternalMethod import * from Products.ExternalMethod.ExternalMethod import *
from AccessControl import ModuleSecurityInfo
from AccessControl.class_init import InitializeClass
from Acquisition import aq_parent
from Products.ERP5Type.patches.PythonScript import _guard_form, \
_guard_manage_options, checkGuard, getGuard, manage_guardForm, \
manage_setGuard
from zExceptions import Forbidden
if 1: if 1:
def getFunction(self, reload=False, f=None): def getFunction(self, reload=False, f=None):
...@@ -74,6 +81,7 @@ if 1: ...@@ -74,6 +81,7 @@ if 1:
first argument. first argument.
Monkey patches: Monkey patches:
- check guard against context, if guard exists.
- call ZODB Component Extension, by trying first to import ZODB - call ZODB Component Extension, by trying first to import ZODB
Component Extension if available, otherwise fallback on filesystem Component Extension if available, otherwise fallback on filesystem
Extension Extension
...@@ -81,6 +89,11 @@ if 1: ...@@ -81,6 +89,11 @@ if 1:
- fix magic "self" argument when positional arguments get their values - fix magic "self" argument when positional arguments get their values
from kw. from kw.
""" """
guard = getattr(self, 'guard', None)
if guard is not None:
if not checkGuard(guard, aq_parent(self)):
raise Forbidden, 'Calling %s %s is denied by Guard.' % (self.meta_type, self.id)
import erp5.component.extension import erp5.component.extension
component_module = erp5.component.extension.find_load_module(self._module) component_module = erp5.component.extension.find_load_module(self._module)
if component_module is not None: if component_module is not None:
...@@ -133,3 +146,18 @@ if 1: ...@@ -133,3 +146,18 @@ if 1:
finally: tb=None finally: tb=None
ExternalMethod.__call__ = __call__ ExternalMethod.__call__ = __call__
security = ModuleSecurityInfo('Products.ExternalMethod.ExternalMethod.ExternalMethod')
ExternalMethod.manage_options += _guard_manage_options
ExternalMethod._guard_form = _guard_form
ExternalMethod.manage_guardForm = manage_guardForm
security.declareProtected(view_management_screens, 'manage_guardForm')
ExternalMethod.getGuard = getGuard
ExternalMethod.manage_setGuard = manage_setGuard
security.declareProtected(change_external_methods, 'manage_setGuard')
InitializeClass(ExternalMethod)
...@@ -16,6 +16,7 @@ from Products.PythonScripts.PythonScript import PythonScript ...@@ -16,6 +16,7 @@ from Products.PythonScripts.PythonScript import PythonScript
from App.special_dtml import DTMLFile from App.special_dtml import DTMLFile
from Products.ERP5Type import _dtmldir from Products.ERP5Type import _dtmldir
from AccessControl import ModuleSecurityInfo, getSecurityManager from AccessControl import ModuleSecurityInfo, getSecurityManager
from AccessControl.class_init import InitializeClass
from OFS.misc_ import p_ from OFS.misc_ import p_
from App.ImageFile import ImageFile from App.ImageFile import ImageFile
from Acquisition import aq_base, aq_parent from Acquisition import aq_base, aq_parent
...@@ -58,14 +59,17 @@ PythonScript.manage_editForm = manage_editForm ...@@ -58,14 +59,17 @@ PythonScript.manage_editForm = manage_editForm
security = ModuleSecurityInfo('Products.PythonScripts.PythonScript.PythonScript') security = ModuleSecurityInfo('Products.PythonScripts.PythonScript.PythonScript')
PythonScript.manage_options += ( _guard_manage_options = (
{ {
'label':'Guard', 'label':'Guard',
'action':'manage_guardForm', 'action':'manage_guardForm',
}, },
) )
PythonScript._guard_form = DTMLFile( PythonScript.manage_options += _guard_manage_options
_guard_form = DTMLFile(
'editGuardForm', _dtmldir) 'editGuardForm', _dtmldir)
PythonScript._guard_form = _guard_form
def manage_guardForm(self, REQUEST, manage_tabs_message=None): def manage_guardForm(self, REQUEST, manage_tabs_message=None):
''' '''
...@@ -157,3 +161,5 @@ def _exec(self, *args): ...@@ -157,3 +161,5 @@ def _exec(self, *args):
# PATCH END # PATCH END
return PythonScript_exec(self, *args) return PythonScript_exec(self, *args)
PythonScript._exec = _exec PythonScript._exec = _exec
InitializeClass(PythonScript)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment