diff --git a/product/ERP5OOo/Document/OOoDocument.py b/product/ERP5OOo/Document/OOoDocument.py index 05e488a249af923a90786a2a8fb13b128927ecb8..fe55c53088e24df44799e23d78999c3ea517a9ae 100644 --- a/product/ERP5OOo/Document/OOoDocument.py +++ b/product/ERP5OOo/Document/OOoDocument.py @@ -48,10 +48,13 @@ from Products.ERP5.Document.File import File from Products.ERP5.Document.Document import PermanentURLMixIn from Products.ERP5.Document.Document import ConversionError from Products.ERP5.Document.Document import NotConvertedError +from AccessControl.SecurityManagement import getSecurityManager from zLOG import LOG, ERROR # Mixin Import from Products.ERP5.mixin.cached_convertable import CachedConvertableMixin +from Products.ERP5.mixin.convertable import ConvertableMixin +from Products.ERP5.mixin.base_convertable import BaseConvertableMixin enc=base64.encodestring dec=base64.decodestring @@ -88,7 +91,7 @@ class TimeoutTransport(SafeTransport): return SafeTransport.make_connection(self, h) -class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): +class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin, BaseConvertableMixin, ConvertableMixin): """ A file document able to convert OOo compatible files to any OOo supported format, to capture metadata and to @@ -184,9 +187,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): _setCacheHeaders(_ViewEmulator().__of__(self), {'format' : format}) # Verify that the format is acceptable (from permission point of view) - method = self._getTypeBasedMethod('checkConversionFormatPermission', - fallback_script_id = 'Document_checkConversionFormatPermission') - if not method(format=format): + if self.isTargetFormatPermitted(format)==False: raise Unauthorized("OOoDocument: user does not have enough permission to access document" " in %s format" % (format or 'original')) @@ -279,8 +280,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): allowed = server_proxy.getAllowedTargets(content_type) warn('Your oood version is too old, using old method ' 'getAllowedTargets instead of getAllowedTargetList', - DeprecationWarning) - + DeprecationWarning) # tuple order is reversed to be compatible with ERP5 Form return [(y, x) for x, y in allowed] @@ -313,10 +313,11 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): def isTargetFormatAllowed(self, format): """ Checks if the current document can be converted - into the specified target format. + into the specified target format """ return format in self.getTargetFormatList() + security.declarePrivate('_convert') def _convert(self, format): """ @@ -409,6 +410,10 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): # Raise an error if the format is not supported if not self.isTargetFormatAllowed(format): raise ConversionError("OOoDocument: target format %s is not supported" % format) + # Raise an error if the format is not permitted + if not self.isTargetFormatPermitted(format): + raise Unauthorized("OOoDocument: user does not have enough permission to access document" + " in %s format" % (format or 'original')) # Check if we have already a base conversion if not self.hasBaseData(): raise NotConvertedError @@ -553,13 +558,13 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): metadata = response_dict['meta'] self._base_metadata = metadata if metadata.get('MIMEType', None) is not None: - self._setBaseContentType(metadata['MIMEType']) + self._setBaseContentType(metadata['MIMEType']) else: # Explicitly raise the exception! raise ConversionError( "OOoDocument: Error converting document to base format %s:%s:" % (response_code, response_message)) - + security.declareProtected(Permissions.AccessContentsInformation, 'getContentInformation') def getContentInformation(self):