Commit f5a3fdd9 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Eteri

erp5_data_notebook: Respect preference

Before executing any code check if server side is configured to execute
unrestricted code.
parent aa6c37c6
......@@ -43,6 +43,9 @@ except ImportError:
def Base_executeJupyter(self, python_expression=None, reference=None, \
title=None, request_reference=False, **kw):
# Check if implementation is enabled
if not self.getPortalObject().ERP5Site_isDataNotebookEnabled():
return "The synchronous and unrestricted implementation is not enabled on the server"
# Check permissions for current user and display message to non-authorized user
if not self.Base_checkPermission('portal_components', 'Manage Portal'):
return "You are not authorized to access the script"
......
......@@ -46,13 +46,14 @@
<key> <string>text_content_warning_message</string> </key>
<value>
<tuple>
<string>W:401, 10: Use of exec (exec-used)</string>
<string>W:447, 10: Use of exec (exec-used)</string>
<string>W:460, 10: Use of exec (exec-used)</string>
<string>W:549, 4: No exception type(s) specified (bare-except)</string>
<string>W:557, 6: No exception type(s) specified (bare-except)</string>
<string>W:869, 6: Use of exec (exec-used)</string>
<string>W:1104, 2: Redefining name \'IFrame\' from outer scope (line 4) (redefined-outer-name)</string>
<string>W:426, 10: Use of exec (exec-used)</string>
<string>W:472, 10: Use of exec (exec-used)</string>
<string>W:485, 10: Use of exec (exec-used)</string>
<string>W:574, 4: No exception type(s) specified (bare-except)</string>
<string>W:582, 6: No exception type(s) specified (bare-except)</string>
<string>W:892, 6: Use of exec (exec-used)</string>
<string>W:1128, 2: Redefining name \'IFrame\' from outer scope (line 4) (redefined-outer-name)</string>
<string>W: 19, 0: Unused log imported from Products.ERP5Type.Log (unused-import)</string>
</tuple>
</value>
</item>
......
return context.getPortalObject().portal_preferences.isPreferredDataNotebookEnabled()
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>ERP5Site_isDataNotebookEnabled</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -51,6 +51,13 @@ class TestExecuteJupyter(ERP5TypeTestCase):
user_folder._doAddUser('member_user', '', ['Member','Authenticated',], [])
# Assign developer role to user
addUserToDeveloperRole('dev_user')
# Create script to mock execution
createZODBPythonScript(self.getPortal().portal_skins.custom, "ERP5Site_isDataNotebookEnabled", '', "return True")
self.tic()
def beforeTearDown(self):
removeZODBPythonScript(self.getPortal().portal_skins.custom, "ERP5Site_isDataNotebookEnabled")
self.tic()
def _newNotebook(self, reference=None):
......@@ -128,6 +135,20 @@ portal.%s()
# Test that calling Base_runJupyter shouldn't change the context Title
self.assertNotEqual(portal.getTitle(), new_test_title)
def testBase_executeJupyterRespectPreference(self):
self.login('dev_user')
removeZODBPythonScript(self.getPortal().portal_skins.custom, "ERP5Site_isDataNotebookEnabled")
createZODBPythonScript(self.getPortal().portal_skins.custom, "ERP5Site_isDataNotebookEnabled", '', "return False")
self.tic()
jupyter_code = "a = 1\na"
reference = 'Test.Notebook.PreferenceHandle'
result = self.portal.Base_executeJupyter(
reference=reference,
python_expression=jupyter_code
)
self.assertEqual(result, 'The synchronous and unrestricted implementation is not enabled on the server')
def testJupyterCompileInvalidPythonSyntax(self):
"""
Test how the JupyterCompile extension behaves when it receives Python
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment