Add more security declarations.

f84e2f62 · Kazuhiko Shiozaki · 175d43ad · f84e2f62 · f84e2f62 · f84e2f62
Commit f84e2f62 authored Dec 16, 2015 by Kazuhiko Shiozaki
117 changed files
--- a/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/delivery_causality_workflow/scripts/Delivery_solveDivergence.xml
+++ b/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/delivery_causality_workflow/scripts/Delivery_solveDivergence.xml
@@ -73,6 +73,14 @@ if len(delivery_solve_property_dict) or len(divergence_to_accept_list) \\\n
            <key> <string>_params</string> </key>
            <value> <string>state_change</string> </value>
        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
        <item>
            <key> <string>id</string> </key>
            <value> <string>Delivery_solveDivergence</string> </value>

--- a/bt5/erp5_credential/DocumentTemplateItem/portal_components/document.erp5.CredentialRecovery.py
+++ b/bt5/erp5_credential/DocumentTemplateItem/portal_components/document.erp5.CredentialRecovery.py
@@ -58,6 +58,8 @@ class CredentialRecovery(Ticket, EncryptedPasswordMixin):
                      , PropertySheet.Url
                      )

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'isAnswerCorrect')
    def isAnswerCorrect(self):
      '''
      Check if the given answer match the real answer

--- a/bt5/erp5_ui_test_core/SkinTemplateItem/portal_skins/erp5_ui_test_core/Zuite_waitForActivities.xml
+++ b/bt5/erp5_ui_test_core/SkinTemplateItem/portal_skins/erp5_ui_test_core/Zuite_waitForActivities.xml
@@ -76,6 +76,14 @@ return \'Done.\'\n
            <key> <string>_params</string> </key>
            <value> <string>count = 1000</string> </value>
        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
        <item>
            <key> <string>id</string> </key>
            <value> <string>Zuite_waitForActivities</string> </value>

--- a/product/CMFActivity/ActiveObject.py
+++ b/product/CMFActivity/ActiveObject.py
@@ -31,6 +31,7 @@ import warnings
 from contextlib import contextmanager
 from AccessControl import ClassSecurityInfo
 from Acquisition import aq_base
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
 from ActivityRuntimeEnvironment import getActivityRuntimeEnvironment
 from AccessControl import Unauthorized
@@ -58,6 +59,7 @@ class ActiveObject(ExtensionClass.Base):

  security = ClassSecurityInfo()

+  security.declarePublic('activate')
  def activate(self, activity=DEFAULT_ACTIVITY, active_process=None,
               activate_kw=None, REQUEST=None, **kw):
    """Returns an active wrapper for this object.
@@ -207,3 +209,5 @@ class ActiveObject(ExtensionClass.Base):

  def getActivityRuntimeEnvironment(self):
    return getActivityRuntimeEnvironment()
+
+InitializeClass(ActiveObject)
--- a/product/CMFActivity/ActivityTool.py
+++ b/product/CMFActivity/ActivityTool.py
@@ -808,6 +808,7 @@ class ActivityTool (Folder, UniqueObject):
        self.subscribe()
        Folder.inheritedAttribute('manage_afterAdd')(self, item, container)

+    security.declareProtected(CMFCorePermissions.ManagePortal, 'getServerAddress')
    def getServerAddress(self):
        """
        Backward-compatibility code only.
@@ -828,6 +829,7 @@ class ActivityTool (Folder, UniqueObject):
            _server_address = '%s:%s' %(ip, port)
        return _server_address

+    security.declareProtected(CMFCorePermissions.ManagePortal, 'getCurrentNode')
    def getCurrentNode(self):
        """ Return current node identifier """
        global currentNode
@@ -848,7 +850,7 @@ class ActivityTool (Folder, UniqueObject):
          currentNode = self.getServerAddress()
        return currentNode

-    security.declarePublic('getDistributingNode')
+    security.declareProtected(CMFCorePermissions.ManagePortal, 'getDistributingNode')
    def getDistributingNode(self):
        """ Return the distributingNode """
        return self.distributingNode
@@ -977,6 +979,7 @@ class ActivityTool (Folder, UniqueObject):
          '/manageLoadBalancing?manage_tabs_message=' +
          urllib.quote(message))

+    security.declarePrivate('process_shutdown')
    def process_shutdown(self, phase, time_in_phase):
        """
          Prevent shutdown from happening while an activity queue is
@@ -989,6 +992,7 @@ class ActivityTool (Folder, UniqueObject):
          is_running_lock.acquire()
          LOG('CMFActivity', INFO, "Shutdown: Activities finished.")

+    security.declareProtected(CMFCorePermissions.ManagePortal, 'process_timer')
    def process_timer(self, tick, interval, prev="", next=""):
      """
      Call distribute() if we are the Distributing Node and call tic()
@@ -1112,6 +1116,7 @@ class ActivityTool (Folder, UniqueObject):
          return True
      return False

+    security.declarePrivate('getActivityBuffer')
    def getActivityBuffer(self, create_if_not_found=True):
      """
        Get activtity buffer for this thread for this activity tool.

--- a/product/CMFCategory/Category.py
+++ b/product/CMFCategory/Category.py
@@ -452,6 +452,8 @@ class Category(Folder):
                                           display_id='logical_path',
                                           base=base, **kw)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getCategoryChildTranslatedLogicalPathItemList')
    def getCategoryChildTranslatedLogicalPathItemList(self,
                                              recursive=1, base=0, **kw):
      """
@@ -652,6 +654,7 @@ class Category(Folder):
    # Predicate interface
    _operators = []

+    security.declareProtected(Permissions.AccessContentsInformation, 'test')
    def test(self, context):
      """
        A Predicate can be tested on a given context
@@ -799,10 +802,12 @@ class BaseCategory(Category):
    # BBB: Required to start instance with old
    #      version of erp5_property_sheets BT.
    related_locally_indexed = False
+    security.declarePrivate('isRelatedLocallyIndexed')
    def isRelatedLocallyIndexed(self):
      """Determines if related values should be indexed on target documents"""
      return self.related_locally_indexed

+    security.declareProtected(Permissions.AccessContentsInformation, 'asSQLExpression')
    def asSQLExpression(self, strict_membership=0, table='category', base_category=None):
      """
        A Predicate can be rendered as an sql expression. This

--- a/product/ERP5/Document/Agent.py
+++ b/product/ERP5/Document/Agent.py
@@ -65,7 +65,8 @@ class Agent(Folder, Image):

  security.declareProtected(Permissions.AccessContentsInformation, 'viewImage')
  viewImage = Image.index_html
-
+  
+  security.declareProtected(Permissions.ModifyPortalContent, 'importSignature')
  def importSignature(self, import_file=None, form_id=None, REQUEST=None, **kw):
    """
      Imports a scan of a signature.
@@ -89,4 +90,3 @@ class Agent(Folder, Image):
      ret_url = self.absolute_url() + '/' + REQUEST.get('form_id', 'view')
      REQUEST.RESPONSE.redirect("%s?portal_status_message=Signature+Imported+Successfully"
                                % ret_url)
-
--- a/product/ERP5/Document/BaseCategory.py
+++ b/product/ERP5/Document/BaseCategory.py
@@ -57,6 +57,8 @@ class BaseCategory(CMFBaseCategory, XMLObject):
                      , PropertySheet.Predicate)

    # Experimental - WebDAV browsing support - ask JPS
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'experimental_listDAVObjects')
    def experimental_listDAVObjects(self):
      from zLOG import LOG
      LOG("BaseCategory listDAVObjects" ,0, "listDAVObjects")

--- a/product/ERP5/Document/BudgetModel.py
+++ b/product/ERP5/Document/BudgetModel.py
@@ -56,7 +56,9 @@ class BudgetModel(Predicate):
  # Declarative security
  security = ClassSecurityInfo()
  security.declareObjectProtected(Permissions.AccessContentsInformation)
-
+  
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCellRangeForBudgetLine')
  def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
    """Return the cell range to use for the budget.
    """
@@ -74,6 +76,8 @@ class BudgetModel(Predicate):
        cell_range.extend(variation_cell_range)
    return cell_range

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConsumptionCellRangeForBudgetLine')
  def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
    """Return the cell range to use for the budget consumption.

@@ -94,6 +98,8 @@ class BudgetModel(Predicate):
        cell_range.extend(variation_cell_range)
    return cell_range

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryQueryDict')
  def getInventoryQueryDict(self, budget_cell):
    """Returns the query dict to pass to simulation query for a budget cell
    """
@@ -112,6 +118,8 @@ class BudgetModel(Predicate):
      query_dict.setdefault('at_date', start_date_range_max.latestTime())
    return query_dict

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryListQueryDict')
  def getInventoryListQueryDict(self, budget_line):
    """Returns the query dict to pass to simulation query for a budget line
    """
@@ -154,7 +162,9 @@ class BudgetModel(Predicate):
      if key:
        cell_key += (key,)
    return cell_key
-
+    
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asBudgetPredicate')
  def asBudgetPredicate(self):
    " "
    # XXX predicate for line / cell ?

--- a/product/ERP5/Document/BusinessLink.py
+++ b/product/ERP5/Document/BusinessLink.py
@@ -121,6 +121,8 @@ class BusinessLink(Path, Predicate):
    method = getattr(movement, method_id) # We wish to raise if it does not exist
    return method()

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCompletionDate')
  def getCompletionDate(self, explanation):
    """Returns the date of completion of business path in the
    context of the explanation. The completion date of the Business
@@ -220,6 +222,7 @@ class BusinessLink(Path, Predicate):
        return False
    return True

+  security.declareProtected(Permissions.AccessContentsInformation, 'isDelivered')
  def isDelivered(self, explanation):
    """Returns True is all simulation movements related to this
    Business Link in the context of given explanation are built

--- a/product/ERP5/Document/BusinessTemplate.py
+++ b/product/ERP5/Document/BusinessTemplate.py
--- a/product/ERP5/Document/Category.py
+++ b/product/ERP5/Document/Category.py
@@ -145,6 +145,8 @@ class Category(CMFCategory, Predicate, MetaNode, MetaResource):
      return None

    # Experimental - WebDAV browsing support - ask JPS
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'experimental_listDAVObjects')
    def experimental_listDAVObjects(self):
      """
      """

--- a/product/ERP5/Document/CategoryBudgetVariation.py
+++ b/product/ERP5/Document/CategoryBudgetVariation.py
@@ -56,10 +56,14 @@ class CategoryBudgetVariation(BudgetVariation):

  # zope.interface.implements(BudgetVariation, )

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asBudgetPredicate')
  def asBudgetPredicate(self):
    """This budget variation in a predicate
    """

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCellRangeForBudgetLine')
  def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
    """The cell range added by this variation
    """
@@ -69,6 +73,8 @@ class CategoryBudgetVariation(BudgetVariation):
      return [[(i[1], i[0]) for i in item_list if i[1] in variation_category_list]]
    return [[i[1] for i in item_list if i[1] in variation_category_list]]

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConsumptionCellRangeForBudgetLine')
  def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
    """The cell range added by this variation for consumption
    """
@@ -101,6 +107,8 @@ class CategoryBudgetVariation(BudgetVariation):
      return [[(i[1], i[0]) for i in item_list if i[0] in used_node_item_set]]
    return [[i[1] for i in item_list if i[1] in used_node_item_set]]

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryQueryDict')
  def getInventoryQueryDict(self, budget_cell):
    """ Query dict to pass to simulation query
    """
@@ -144,6 +152,8 @@ class CategoryBudgetVariation(BudgetVariation):

    return query_dict

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryListQueryDict')
  def getInventoryListQueryDict(self, budget_line):
    """Returns the query dict to pass to simulation query for a budget line
    """
@@ -195,6 +205,8 @@ class CategoryBudgetVariation(BudgetVariation):
      return query_dict
    return {}

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetVariationRangeCategoryList')
  def getBudgetVariationRangeCategoryList(self, context):
    """Returns the Variation Range Category List that can be applied to this
    budget.
@@ -216,6 +228,8 @@ class CategoryBudgetVariation(BudgetVariation):
                                checked_permission='View')


+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetLineVariationRangeCategoryList')
  def getBudgetLineVariationRangeCategoryList(self, budget_line):
    """Returns the Variation Range Category List that can be applied to this
    budget line.
@@ -246,6 +260,8 @@ class CategoryBudgetVariation(BudgetVariation):
    return getattr(portal.portal_categories.unrestrictedTraverse(base_category),
                        item_list_method)(**item_list_method_parameter_dict)

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudgetLine')
  def initializeBudgetLine(self, budget_line):
    """Initialize a budget line
    """
@@ -263,6 +279,8 @@ class CategoryBudgetVariation(BudgetVariation):
      budget_line.setMembershipCriterionBaseCategoryList(
          budget_line_membership_criterion_base_category_list)

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudget')
  def initializeBudget(self, budget):
    """Initialize a budget.
    """

--- a/product/ERP5/Document/Container.py
+++ b/product/ERP5/Document/Container.py
@@ -108,6 +108,8 @@ class Container(Movement, XMLObject):
      """
      return False

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getContainerText')
    def getContainerText(self):
      """
        Creates a unique string which allows to compare/hash two containers

--- a/product/ERP5/Document/Delivery.py
+++ b/product/ERP5/Document/Delivery.py
@@ -339,6 +339,7 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
         divergence_list.extend(simulation_movement.getDivergenceList())
      return divergence_list

+    security.declareProtected(Permissions.AccessContentsInformation, 'updateCausalityState')
    @UnrestrictedMethod
    def updateCausalityState(self, solve_automatically=True, **kw):
      """
@@ -369,6 +370,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
      if kw:
        super(Delivery, self).updateSimulation(**kw)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'splitAndDeferMovementList')
    def splitAndDeferMovementList(self, start_date=None, stop_date=None,
        movement_uid_list=[], delivery_solver=None,
        target_solver='CopyToTarget', delivery_builder=None):
@@ -757,6 +760,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
      """
      pass

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBuilderList')
    def getBuilderList(self):
      """Returns appropriate builder list."""
      return self._getTypeBasedMethod('getBuilderList')()
@@ -832,6 +837,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
        result += movement.getDeliveryRelatedValueList()
      return result

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getDivergentTesterAndSimulationMovementList')
    def getDivergentTesterAndSimulationMovementList(self):
      """
      This method returns a list of (tester, simulation_movement) for each divergence.

--- a/product/ERP5/Document/DeliveryLine.py
+++ b/product/ERP5/Document/DeliveryLine.py
@@ -465,6 +465,7 @@ class DeliveryLine(Movement, XMLMatrix, ImmobilisationMovement):
            delivery_ratio = 1.0 / len(s_m_list_per_movement)
            s_m.edit(delivery_ratio=delivery_ratio)

+    security.declareProtected(Permissions.ModifyPortalContent, 'solve')
    def solve(self, decision_list):
      """Solves line according to decision list
      """

--- a/product/ERP5/Document/Document.py
+++ b/product/ERP5/Document/Document.py
@@ -313,7 +313,7 @@ class Document(DocumentExtensibleTraversableMixin, XMLObject, UrlMixin,
    text = self.getSearchableText() # XXX getSearchableText or asText ?
    return self._getSearchableReferenceList(text)

-  security.declareProtected(Permissions.AccessContentsInformation, 'getSearchableReferenceList')
+  security.declareProtected(Permissions.AccessContentsInformation, 'isSearchableReference')
  def isSearchableReference(self):
    """
      Determine if current document's reference can be used for searching - i.e. follows

--- a/product/ERP5/Document/Domain.py
+++ b/product/ERP5/Document/Domain.py
@@ -120,6 +120,8 @@ class Domain(Predicate, MetaNode, MetaResource):
    domain = self.newContent(id=id, portal_type='Domain', temp_object=1)
    return domain.__of__(self)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getChildDomainValueList')
  def getChildDomainValueList(self, parent = None, **kw):
    """
    Return child domain objects already present or me may generate
@@ -130,6 +132,8 @@ class Domain(Predicate, MetaNode, MetaResource):
    return self.portal_domains.getChildDomainValueList(parent, **kw)

  # Experimental - WebDAV browsing support - ask JPS
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'experimental_listDAVObjects')
  def experimental_listDAVObjects(self):
    result = self.objectValues(portal_type = self.getPortalType())
    result.extend(self.portal_catalog(selection_domain = self))

--- a/product/ERP5/Document/Event.py
+++ b/product/ERP5/Document/Event.py
@@ -30,6 +30,7 @@ from AccessControl import ClassSecurityInfo

 from Products.ERP5Type import Permissions, PropertySheet
 from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5.Document.Movement import Movement
 from Products.ERP5.Document.EmailDocument import EmailDocument

@@ -60,6 +61,8 @@ class AcknowledgeableMixin:
      return method(**kw)
    return None

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'hasAcknowledgementActivity')
  def hasAcknowledgementActivity(self, user_name=None):
    """
    We will check if there is some current activities running or not
@@ -88,6 +91,8 @@ class AcknowledgeableMixin:
        result = True
    return result

+InitializeClass(AcknowledgeableMixin)
+
 class Event(Movement, EmailDocument, AcknowledgeableMixin):
  """
    Event is the base class for all events in ERP5.

--- a/product/ERP5/Document/FIFODeliverySolver.py
+++ b/product/ERP5/Document/FIFODeliverySolver.py
@@ -57,6 +57,7 @@ class FIFODeliverySolver(XMLObject):
  zope.interface.implements(interfaces.IDeliverySolver,)

  # IDeliverySolver Implementation
+  security.declareProtected(Permissions.AccessContentsInformation, 'getTotalQuantity')
  def getTotalQuantity(self):
    """
      Move this to mixin
@@ -66,6 +67,7 @@ class FIFODeliverySolver(XMLObject):
      total_quantity += movement.getQuantity()
    return total_quantity

+  security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
  def setTotalQuantity(self, new_quantity, activate_kw=None):
    """
    """

--- a/product/ERP5/Document/File.py
+++ b/product/ERP5/Document/File.py
@@ -120,12 +120,14 @@ class File(Document, CMFFile):
  security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
  edit = WorkflowMethod( _edit )

+  security.declareProtected(Permissions.View, 'get_size')
  def get_size(self):
    """
    has to be overwritten here, otherwise WebDAV fails
    """
    return self.getSize()

+  security.declareProtected(Permissions.View, 'getcontentlength')
  getcontentlength = get_size

  def _get_content_type(*args, **kw):

--- a/product/ERP5/Document/Image.py
+++ b/product/ERP5/Document/Image.py
@@ -438,6 +438,7 @@ class Image(TextConvertableMixin, File, OFSImage):
    File.PUT(self, REQUEST, RESPONSE)
    self._update_image_info()

+  security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultImageQuality')
  def getDefaultImageQuality(self, format=None):
    """
    Get default image quality for a format.

--- a/product/ERP5/Document/Item.py
+++ b/product/ERP5/Document/Item.py
@@ -70,6 +70,7 @@ class Item(XMLObject, Amount):
        """
        return XMLObject.generateNewId(self, id_group=id_group, default=default, method=method)

+    security.declareProtected(Permissions.AccessContentsInformation, 'getPrice')
    def getPrice(self,context=None,**kw):
      """
        Get the Price in the context.
@@ -84,16 +85,15 @@ class Item(XMLObject, Amount):
        if resource is not None:
          local_price = resource.getPrice(self.asContext( context=context, **kw))
      return local_price
-
-    security.declareProtected(Permissions.ModifyPortalContent, 'getRemainingQuantity')
+  
+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getRemainingQuantity')
    def getRemainingQuantity(self):
        """
        Computes the quantity of an item minus quantity of all sub_items
        """
        sub_quantity = 0
-        sub_item_list = [document
-                         for document in self.objectValues()
-                         if document.isItem()]
-        for sub_item in sub_item_list :
-            sub_quantity += sub_item.getQuantity()
+        for sub_item in self.objectValues():
+            if sub_item.isItem():
+                sub_quantity += sub_item.getQuantity()
        return self.getQuantity() - sub_quantity
--- a/product/ERP5/Document/MinimisePriceDeliverySolver.py
+++ b/product/ERP5/Document/MinimisePriceDeliverySolver.py
@@ -57,6 +57,7 @@ class MinimisePriceDeliverySolver(FIFODeliverySolver):
  zope.interface.implements(interfaces.IDeliverySolver,)

  # IDeliverySolver Implementation
+  security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
  def setTotalQuantity(self, new_quantity, activate_kw=None):
    """
    """

--- a/product/ERP5/Document/Movement.py
+++ b/product/ERP5/Document/Movement.py
@@ -512,6 +512,8 @@ class Movement(XMLObject, Amount, CompositionMixin, AmountGeneratorMixin):
        return True
    return False

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDivergenceList')
  def getDivergenceList(self):
    """
    Return a list of messages that contains the divergences

--- a/product/ERP5/Document/NetConvertedQuantityEquivalenceTester.py
+++ b/product/ERP5/Document/NetConvertedQuantityEquivalenceTester.py
@@ -45,6 +45,8 @@ class NetConvertedQuantityEquivalenceTester(FloatEquivalenceTester):
  security = ClassSecurityInfo()
  security.declareObjectProtected(Permissions.AccessContentsInformation)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUpdatablePropertyDict')
  def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
    """
    Returns a list of properties to update on decision_movement

--- a/product/ERP5/Document/NodeBudgetVariation.py
+++ b/product/ERP5/Document/NodeBudgetVariation.py
@@ -61,6 +61,8 @@ class NodeBudgetVariation(BudgetVariation):

  # zope.interface.implements(BudgetVariation, )

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asBudgetPredicate')
  def asBudgetPredicate(self):
    """This budget variation in a predicate
    """
@@ -87,6 +89,8 @@ class NodeBudgetVariation(BudgetVariation):
    node_title_method_id = self.getProperty('node_title_method_id', 'getTitle')
    return guarded_getattr(node, node_title_method_id)()

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getCellRangeForBudgetLine')
  def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
    """The cell range added by this variation
    """
@@ -103,6 +107,8 @@ class NodeBudgetVariation(BudgetVariation):
      return [[i for i in node_item_list if i[0] in variation_category_list]]
    return [[i[0] for i in node_item_list if i[0] in variation_category_list]]

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConsumptionCellRangeForBudgetLine')
  def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
    """The cell range added by this variation for consumption
    """
@@ -136,6 +142,8 @@ class NodeBudgetVariation(BudgetVariation):
      return [[i for i in node_item_list if i[0] in used_node_item_set]]
    return [[i[0] for i in node_item_list if i[0] in used_node_item_set]]

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryQueryDict')
  def getInventoryQueryDict(self, budget_cell):
    """ Query dict to pass to simulation query
    """
@@ -218,6 +226,8 @@ class NodeBudgetVariation(BudgetVariation):

    return query_dict

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getInventoryListQueryDict')
  def getInventoryListQueryDict(self, budget_line):
    """Returns the query dict to pass to simulation query for a budget line
    """
@@ -309,6 +319,8 @@ class NodeBudgetVariation(BudgetVariation):
            self.getProperty('variation_base_category'),)
    return key

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetLineVariationRangeCategoryList')
  def getBudgetLineVariationRangeCategoryList(self, budget_line):
    """Returns the Variation Range Category List that can be applied to this
    budget line.
@@ -320,6 +332,8 @@ class NodeBudgetVariation(BudgetVariation):
    return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
                for node in self._getNodeList(budget_line)]

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getBudgetVariationRangeCategoryList')
  def getBudgetVariationRangeCategoryList(self, budget):
    """Returns the Variation Range Category List that can be applied to this
    budget.
@@ -331,6 +345,8 @@ class NodeBudgetVariation(BudgetVariation):
    return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
                for node in self._getNodeList(budget)]

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudgetLine')
  def initializeBudgetLine(self, budget_line):
    """Initialize a budget line
    """
@@ -348,6 +364,8 @@ class NodeBudgetVariation(BudgetVariation):
      budget_line.setMembershipCriterionBaseCategoryList(
          budget_line_membership_criterion_base_category_list)

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'initializeBudget')
  def initializeBudget(self, budget):
    """Initialize a budget.
    """

--- a/product/ERP5/Document/QuantityUnitConversionDefinition.py
+++ b/product/ERP5/Document/QuantityUnitConversionDefinition.py
@@ -67,6 +67,8 @@ class QuantityUnitConversionDefinition(XMLObject):

    return default_title

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConversionRatio')
  def getConversionRatio(self):
    """
      Compute conversion ratio associated with this definition

--- a/product/ERP5/Document/Resource.py
+++ b/product/ERP5/Document/Resource.py
@@ -1007,6 +1007,8 @@ class Resource(XMLObject, XMLMatrix, VariatedMixin):

      return insert_list

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getQuantityUnitDefinitionRatio')
    def getQuantityUnitDefinitionRatio(self, quantity_unit_value):
      """
      get the ratio used to define the quantity unit quantity_unit_value.

--- a/product/ERP5/Document/SimulatedDeliveryBuilder.py
+++ b/product/ERP5/Document/SimulatedDeliveryBuilder.py
@@ -93,6 +93,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
                    , PropertySheet.DeliveryBuilder
                    )

+  security.declarePrivate('callBeforeBuildingScript')
  def callBeforeBuildingScript(self):  # XXX-JPS
    """
      Redefine this method, because it seems nothing interesting can be
@@ -100,6 +101,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
    """
    pass

+  security.declarePrivate('searchMovementList')
  @UnrestrictedMethod
  def searchMovementList(self, applied_rule_uid=None, **kw):
    """
@@ -189,6 +191,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
      delivery_relative_url,
      divergence_to_adopt_list=divergence_to_adopt_list)

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'solveDeliveryGroupDivergence')
  @UnrestrictedMethod
  def solveDeliveryGroupDivergence(self, delivery_relative_url,
                                   property_dict=None):
@@ -333,6 +337,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):

    return delivery_list

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'solveDivergence')
  solveDivergence = UnrestrictedMethod(_solveDivergence)

  def _createDelivery(self, delivery_module, movement_list, activate_kw):

--- a/product/ERP5/Document/SimulationMovement.py
+++ b/product/ERP5/Document/SimulationMovement.py
@@ -722,6 +722,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):

    return True

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverProcessValueList')
  def getSolverProcessValueList(self, movement=None, validation_state=None):
    """
    Returns the list of solver processes which are
@@ -736,6 +738,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
    """
    raise NotImplementedError

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverDecisionValueList')
  def getSolverDecisionValueList(self, movement=None, validation_state=None):
    """
    Returns the list of solver decisions which apply
@@ -748,6 +752,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
    """
    raise NotImplementedError

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolvedPropertyApplicationValueList')
  def getSolvedPropertyApplicationValueList(self, movement=None, divergence_tester=None):
    """
    Returns the list of documents at which a given divergence resolution

--- a/product/ERP5/Document/SolverDecision.py
+++ b/product/ERP5/Document/SolverDecision.py
@@ -80,6 +80,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
  zope.interface.implements(interfaces.IConfigurable,
                           )

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDefaultConfigurationPropertyDict')
  def getDefaultConfigurationPropertyDict(self):
    """
    Returns a dictionary of default properties for specified
@@ -92,6 +94,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
    else:
      return solver_type.getDefaultConfigurationPropertyDict(self)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConfigurationPropertyListDict')
  def getConfigurationPropertyListDict(self):
    """
    Returns a dictionary of possible values for specified
@@ -104,6 +108,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
    else:
      return solver_type.getConfigurationPropertyListDict(self)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'searchDeliverySolverList')
  def searchDeliverySolverList(self, **kw):
    """
    this method returns a list of delivery solvers, as predicates against
@@ -115,6 +121,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
    solver_list = target_solver_type.getDeliverySolverValueList()
    return filter(lambda x:x.test(self), solver_list)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getExplanationMessage')
  def getExplanationMessage(self, all=False):
    """
    Returns the HTML message that describes the detail of divergences to

--- a/product/ERP5/Document/SolverProcess.py
+++ b/product/ERP5/Document/SolverProcess.py
@@ -78,6 +78,7 @@ class SolverProcess(XMLObject, ActiveProcess):
                           )

  # Implementation
+  security.declareProtected(Permissions.ModifyPortalContent, 'buildTargetSolverList')
  @UnrestrictedMethod
  def buildTargetSolverList(self):
    """
@@ -176,6 +177,7 @@ class SolverProcess(XMLObject, ActiveProcess):
  # ISolver implementation
  # Solver Process Workflow Interface
  #  NOTE: how can we consider that a workflow defines or provides an interface ?
+  security.declareProtected(Permissions.ModifyPortalContent, 'solve')
  def solve(self, activate_kw=None):
    """
      Start solving
@@ -200,6 +202,8 @@ class SolverProcess(XMLObject, ActiveProcess):
          activate_kw=activate_kw)

  # API
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'isSolverDecisionListConsistent')
  def isSolverDecisionListConsistent(self):
    """
    Returns True is the Solver Process decisions do not
@@ -208,6 +212,8 @@ class SolverProcess(XMLObject, ActiveProcess):
    this helps reducing CPU time.
    """

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'buildSolverDecisionList')
  def buildSolverDecisionList(self, delivery_or_movement=None):
    """
    Build (or rebuild) the solver decisions in the solver process

--- a/product/ERP5/Document/SolverTypeInformation.py
+++ b/product/ERP5/Document/SolverTypeInformation.py
@@ -51,6 +51,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
                    , PropertySheet.Configurable
                    )

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverConflictMessageList')
  def getSolverConflictMessageList(self, movement, configuration_mapping, solver_dict, movement_dict):
    """
    Returns the list of conflictings messgaes if the solver and configuration_mapping
@@ -89,6 +91,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
    # Return emtpty message list
    return ()

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverProcessGroupingKey')
  def getSolverProcessGroupingKey(self, movement, configuration_mapping, solver_dict, movement_dict):
    """
    Returns a key which can be used to group solvers during the
@@ -140,6 +144,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):

    return movement.getRelativeUrl()

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDefaultConfigurationPropertyDict')
  def getDefaultConfigurationPropertyDict(self, configurable):
    """
    Returns a dictionary of default properties for specified
@@ -155,6 +161,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
    else:
      return {}

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDefaultConfigurationProperty')
  def getDefaultConfigurationProperty(self, property, configurable):
    """
    Returns the default value for a given property
@@ -167,6 +175,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
    """
    return self.getDefaultConfigurationPropertyDict().get(property, None)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConfigurationPropertyListDict')
  def getConfigurationPropertyListDict(self, configurable):
    """
    Returns a dictionary of possible values for specified
@@ -182,6 +192,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
    else:
      return {}

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConfigurationPropertyList')
  def getConfigurationPropertyList(self, property, configurable):
    """
    Returns a list of possible values for a given property

--- a/product/ERP5/Document/TradeCondition.py
+++ b/product/ERP5/Document/TradeCondition.py
@@ -104,6 +104,8 @@ class TradeCondition(MappedValue, AmountGeneratorMixin, VariatedMixin):
      return [x for x in context._findEffectiveSpecialiseValueList()
                if x.getPortalType() in portal_type_set]

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getAggregatedAmountList')
    def getAggregatedAmountList(self, *args, **kw):
      """
      """

--- a/product/ERP5/Document/TradeModelCell.py
+++ b/product/ERP5/Document/TradeModelCell.py
@@ -68,6 +68,8 @@ class TradeModelCell(TradeModelLine):
      """
      return 0

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getQuantity')
    def getQuantity(self):
      """Overridden getter to return None instead 0 if undefined"""
      return self._baseGetQuantity(None)

--- a/product/ERP5/Document/TransformedResource.py
+++ b/product/ERP5/Document/TransformedResource.py
@@ -101,11 +101,15 @@ class TransformedResource(AmountGeneratorLine):
        value += delivery_amount.getConvertedQuantity()
      return value

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBaseApplication')
    def getBaseApplication(self):
      """
      """
      return self.getBaseApplicationList()[0]

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBaseApplicationList')
    def getBaseApplicationList(self):
      """
      """

--- a/product/ERP5/Document/Url.py
+++ b/product/ERP5/Document/Url.py
@@ -90,6 +90,8 @@ class Url(Coordinate, UrlMixin):
    return ("http://www.erp5.org", "mailto:info@erp5.org")


+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUrlString')
  def getUrlString(self, default=_marker):
    """Fallback on coordinate_text
    """

--- a/product/ERP5/Document/VariationEquivalenceTester.py
+++ b/product/ERP5/Document/VariationEquivalenceTester.py
@@ -85,6 +85,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
          dict(property_name=tested_property))
    return None

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'generateHashKey')
  def generateHashKey(self, movement):
    """
    Returns a hash key which can be used to optimise the
@@ -106,6 +108,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
                                                       tested_property))
    return 'variation/%r' % (value_list)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUpdatablePropertyDict')
  def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
    """
    Returns a list of properties to update on decision_movement

--- a/product/ERP5/Tool/CategoryTool.py
+++ b/product/ERP5/Tool/CategoryTool.py
@@ -85,6 +85,7 @@ class CategoryTool(CopyContainer, CMFCategoryTool, BaseTool):
    def hasContent(self,id):
      return id in self.objectIds()

+    security.declareProtected(Permissions.AccessContentsInformation, 'getBaseCategoryDict')
    @caching_instance_method(
      id='portal_categories.getBaseCategoryDict',
      cache_factory='erp5_content_long',

--- a/product/ERP5/Tool/DomainTool.py
+++ b/product/ERP5/Tool/DomainTool.py
@@ -359,6 +359,8 @@ class DomainTool(BaseTool):
        return mapped_value


+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getChildDomainValueList')
    def getChildDomainValueList(self, parent, **kw):
      """
      Return child domain objects already present adn thois generetaded dynamically
@@ -370,6 +372,8 @@ class DomainTool(BaseTool):
      return object_list


+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getDomainByPath')
    def getDomainByPath(self, path, default=_MARKER):
      """
      Return the domain object for a given path

--- a/product/ERP5/Tool/IdTool.py
+++ b/product/ERP5/Tool/IdTool.py
@@ -279,6 +279,8 @@ class IdTool(BaseTool):

  ## XXX Old API deprecated
  #backward compatibility
+  security.declareProtected(Permissions.AccessContentsInformation,
+                           'generateNewLengthIdList')
  generateNewLengthIdList = generateNewIdList

  security.declareProtected(Permissions.AccessContentsInformation,

--- a/product/ERP5/Tool/LogMixin.py
+++ b/product/ERP5/Tool/LogMixin.py
@@ -28,6 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions

 # XXX This Mixin is not finished yet. Added as a reference for the
@@ -86,3 +87,5 @@ class LogMixin:
    """
    method = self.getTypeBasedMethod('parseLogLine')
    return method(log_name, log_line)
+
+InitializeClass(LogMixin)
--- a/product/ERP5/Tool/PasswordTool.py
+++ b/product/ERP5/Tool/PasswordTool.py
@@ -110,7 +110,7 @@ class PasswordTool(BaseTool):
  def getExpirationDateForKey(self, key=None):
    return self._password_request_dict[key][1]

-
+  security.declarePublic('mailPasswordResetRequest')
  def mailPasswordResetRequest(self, user_login=None, REQUEST=None,
                               notification_message=None, sender=None,
                               store_as_event=False,
@@ -227,33 +227,7 @@ class PasswordTool(BaseTool):
    data = ' '.join((str(t), str(r), str(a), str(args)))
    return md5(data).hexdigest()

-  def resetPassword(self, reset_key=None, REQUEST=None):
-    """
-    """
-    # XXX-Aurel : is it used ?
-    if REQUEST is None:
-      REQUEST = get_request()
-    user_login, expiration_date = self._password_request_dict.get(reset_key, (None, None))
-    site_url = self.getPortalObject().absolute_url()
-    if REQUEST and 'came_from' in REQUEST:
-      site_url = REQUEST.came_from
-    if reset_key is None or user_login is None:
-      ret_url = '%s/login_form' % site_url
-      return REQUEST.RESPONSE.redirect( ret_url )
-
-    # check date
-    current_date = DateTime()
-    if current_date > expiration_date:
-      msg = translateString("Date has expire.")
-      parameter = urlencode(dict(portal_status_message=msg))
-      ret_url = '%s/login_form?%s' % (site_url, parameter)
-      return REQUEST.RESPONSE.redirect( ret_url )
-
-    # redirect to form as all is ok
-    REQUEST.set("password_key", reset_key)
-    return self.reset_password_form(REQUEST=REQUEST)
-
-
+  security.declareProtected(Permissions.ModifyPortalContent, 'removeExpiredRequests')
  def removeExpiredRequests(self):
    """
    Browse dict and remove expired request
@@ -264,6 +238,7 @@ class PasswordTool(BaseTool):
      if date < current_date:
        del password_request_dict[key]

+  security.declarePublic('changeUserPassword')
  def changeUserPassword(self, password, password_key, password_confirm=None,
                         user_login=None, REQUEST=None, **kw):
    """

--- a/product/ERP5/Tool/SimulationTool.py
+++ b/product/ERP5/Tool/SimulationTool.py
@@ -126,18 +126,26 @@ class SimulationTool(BaseTool):
            ['Manager',])
      BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'solveDelivery')
    def solveDelivery(self, delivery, delivery_solver_name, target_solver_name,
                      additional_parameters=None, **kw):
      """
+        XXX obsoleted API
+
        Solves a delivery by calling first DeliverySolver, then TargetSolver
      """
      return self._solveMovementOrDelivery(delivery, delivery_solver_name,
          target_solver_name, delivery=1,
          additional_parameters=additional_parameters, **kw)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'solveMovement')
    def solveMovement(self, movement, delivery_solver_name, target_solver_name,
                      additional_parameters=None, **kw):
      """
+        XXX obsoleted API
+
        Solves a movement by calling first DeliverySolver, then TargetSolver
      """
      return self._solveMovementOrDelivery(movement, delivery_solver_name,
@@ -1396,6 +1404,8 @@ class SimulationTool(BaseTool):
            result = delta_result
      return result

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInventoryCacheLag')
    def getInventoryCacheLag(self):
      """
      Returns a duration, in days, for stock cache management.

--- a/product/ERP5/Tool/SolverProcessTool.py
+++ b/product/ERP5/Tool/SolverProcessTool.py
@@ -30,6 +30,7 @@
 import zope.interface

 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import DTMLFile
 from Products.ERP5Type.Tool.BaseTool import BaseTool
@@ -58,6 +59,8 @@ class SolverProcessTool(BaseTool):
  manage_overview = DTMLFile( 'explainSolverTool', _dtmldir )

  # IDivergenceController implementation
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'isDivergent')
  def isDivergent(self, delivery_or_movement=None):
    """
    Returns True if any of the movements provided
@@ -73,6 +76,8 @@ class SolverProcessTool(BaseTool):
        return True
    return False

+  security.declareProtected(Permissions.AddPortalContent,
+                            'newSolverProcess')
  @UnrestrictedMethod
  def newSolverProcess(self, delivery_or_movement=None, temp_object=False):
    """
@@ -107,3 +112,5 @@ class SolverProcessTool(BaseTool):
      delivery.setSolverValueList(solver_list)

    return new_solver
+
+InitializeClass(SolverProcessTool)
--- a/product/ERP5/Tool/SolverTool.py
+++ b/product/ERP5/Tool/SolverTool.py
@@ -31,6 +31,7 @@ import zope.interface
 import re

 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Tool.TypesTool import TypeProvider
 from Products.ERP5 import DeliverySolver
@@ -55,6 +56,8 @@ class SolverTool(TypeProvider):
  zope.interface.implements(interfaces.IDeliverySolverFactory,)

  # IDeliverySolverFactory implementation
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'newDeliverySolver')
  def newDeliverySolver(self, portal_type, movement_list):
    """
    Return a new instance of delivery solver of the given
@@ -73,6 +76,8 @@ class SolverTool(TypeProvider):
    tmp_solver.setDeliveryValueList(movement_list)
    return tmp_solver

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDeliverySolverTranslatedItemList')
  def getDeliverySolverTranslatedItemList(self, portal_type_list=None):
    """
    """
@@ -81,6 +86,8 @@ class SolverTool(TypeProvider):
                   if portal_type_list is None or x in portal_type_list],
                  key=lambda x:str(x[0]))

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverProcessValueList')
  def getSolverProcessValueList(self, delivery_or_movement=None, validation_state=None):
    """
    Returns the list of solver processes which are
@@ -95,6 +102,8 @@ class SolverTool(TypeProvider):
                        to filter the result
    """

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverDecisionValueList')
  def getSolverDecisionValueList(self, delivery_or_movement=None, validation_state=None):
    """
    Returns the list of solver decisions which apply
@@ -107,6 +116,8 @@ class SolverTool(TypeProvider):
                        to filter the result
    """

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSolverDecisionApplicationValueList')
  def getSolverDecisionApplicationValueList(self, movement, divergence_tester=None):
    """
    Returns the list of documents at which a given divergence resolution
@@ -190,6 +201,8 @@ class SolverTool(TypeProvider):
            application_value_level[property_group.getCollectGroupOrder()] = None
    # etc. same

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'searchTargetSolverList')
  def searchTargetSolverList(self, divergence_tester,
                             simulation_movement,
                             automatic_solver_only=False, **kw):
@@ -203,3 +216,5 @@ class SolverTool(TypeProvider):
              x.test(simulation_movement, **kw)]
    else:
      return [x for x in solver_list if x.test(simulation_movement, **kw)]
+
+InitializeClass(SolverTool)
--- a/product/ERP5/Tool/TemplateTool.py
+++ b/product/ERP5/Tool/TemplateTool.py
@@ -113,6 +113,8 @@ class TemplateTool (BaseTool):
    security.declareProtected(Permissions.ManagePortal, 'manage_overview')
    manage_overview = DTMLFile('explainTemplateTool', _dtmldir)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplate')
    def getInstalledBusinessTemplate(self, title, strict=False, **kw):
      """Returns an installed version of business template of a given title.

@@ -148,6 +150,8 @@ class TemplateTool (BaseTool):
              last_time = t
      return last_bt

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplatesList')
    def getInstalledBusinessTemplatesList(self):
      """Deprecated.
      """
@@ -166,16 +170,22 @@ class TemplateTool (BaseTool):
          installed_bts.append(bt5)
      return installed_bts

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplateList')
    def getInstalledBusinessTemplateList(self):
      """Get the list of installed business templates.
      """
      return self._getInstalledBusinessTemplateList(only_title=0)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplateTitleList')
    def getInstalledBusinessTemplateTitleList(self):
      """Get the list of installed business templates.
      """
      return self._getInstalledBusinessTemplateList(only_title=1)

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getInstalledBusinessTemplateRevision')
    def getInstalledBusinessTemplateRevision(self, title, **kw):
      """
        Return the revision of business template installed with the title
@@ -186,6 +196,8 @@ class TemplateTool (BaseTool):
        return bt.getRevision()
      return None

+    security.declareProtected(Permissions.AccessContentsInformation,
+                              'getBuiltBusinessTemplateList')
    def getBuiltBusinessTemplateList(self):
      """Get the list of built and not installed business templates.
      """
@@ -283,6 +295,7 @@ class TemplateTool (BaseTool):
             content_type='application/x-erp5-business-template')
      business_template.setPublicationUrl(url)

+    security.declareProtected(Permissions.ManagePortal, 'update')
    def update(self, business_template):
      """
        Update an existing template from its publication URL.
@@ -371,6 +384,7 @@ class TemplateTool (BaseTool):
      bt.build(no_action=True)
      return bt

+    security.declareProtected('Import/Export objects', 'importBase64EncodedText')
    def importBase64EncodedText(self, file_data=None, id=None, REQUEST=None,
                                batch_mode=False, **kw):
      """
@@ -380,6 +394,7 @@ class TemplateTool (BaseTool):
      return self.importFile(import_file = import_file, id = id, REQUEST = REQUEST,
                             batch_mode = batch_mode, **kw)

+    security.declareProtected('Import/Export objects', 'importFile')
    def importFile(self, import_file=None, id=None, REQUEST=None,
                   batch_mode=False, **kw):
      """
@@ -421,6 +436,7 @@ class TemplateTool (BaseTool):
      elif batch_mode:
        return bt

+    security.declareProtected(Permissions.ManagePortal, 'getDiffFilterScriptList')
    def getDiffFilterScriptList(self):
      """
      Return list of scripts usable to filter diff
@@ -438,12 +454,14 @@ class TemplateTool (BaseTool):
          LOG("TemplateTool", WARNING, "Unable to find %r script" % script_id)
      return script_list

+    security.declareProtected(Permissions.ManagePortal, 'getFilteredDiffAsHTML')
    def getFilteredDiffAsHTML(self, diff):
      """
      Return the diff filtered by python scripts into html format
      """
      return self.getFilteredDiff(diff).toHTML()

+    security.declareProtected(Permissions.ManagePortal, 'getFilteredDiff')
    def getFilteredDiff(self, diff):
      """
      Filter the diff using python scripts
@@ -461,6 +479,7 @@ class TemplateTool (BaseTool):
      # DiffFile does not provide yet such feature
      return diff_file_object

+    security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
    def diffObjectAsHTML(self, REQUEST, **kw):
      """
        Convert diff into a HTML format before reply
@@ -469,6 +488,7 @@ class TemplateTool (BaseTool):
      """
      return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()

+    security.declareProtected(Permissions.ManagePortal, 'diffObject')
    def diffObject(self, REQUEST, **kw):
      """
        Make diff between two objects, whose paths are stored in values bt1
@@ -612,6 +632,7 @@ class TemplateTool (BaseTool):
      """
      return b64encode(cPickle.dumps((repository, id)))

+    security.declarePublic('compareVersionStrings')
    def compareVersionStrings(self, version, comparing_string):
      """
       comparing_string is like "<= 0.2" | "operator version"
@@ -755,6 +776,8 @@ class TemplateTool (BaseTool):
        raise BusinessTemplateUnknownError, 'The Business Template %s could not be found on repository %s'%(bt[1], bt[0])
      return []

+    security.declareProtected(Permissions.ManagePortal,
+                              'findProviderInBTList')
    def findProviderInBTList(self, provider_list, bt_list):
      """
       Find one provider in provider_list which is present in
@@ -968,6 +991,7 @@ class TemplateTool (BaseTool):
      #LOG('getUpdatedRepositoryBusinessTemplateList', 0, 'kw = %r' % (kw,))
      return self.getRepositoryBusinessTemplateList(update_only=True, **kw)

+    security.declarePublic('compareVersions')
    def compareVersions(self, version1, version2):
      """
        Return negative if version1 < version2, 0 if version1 == version2,

--- a/product/ERP5/Tool/TestTool.py
+++ b/product/ERP5/Tool/TestTool.py
@@ -58,6 +58,7 @@ try:
    security.declareProtected( Permissions.ManagePortal, 'manage_overview' )
    manage_overview = DTMLFile( 'explainTestTool', _dtmldir )

+    security.declarePublic('getZeleniumVersion')
    def getZeleniumVersion(self):
      """Returns the version of the zelenium product
      """

--- a/product/ERP5/Tool/TrashTool.py
+++ b/product/ERP5/Tool/TrashTool.py
@@ -55,6 +55,7 @@ class TrashTool(BaseTool):
  security.declareProtected(Permissions.ManagePortal, 'manage_overview' )
  manage_overview = DTMLFile( 'explainTrashTool', _dtmldir )

+  security.declarePrivate('backupObject')
  def backupObject(self, trashbin, container_path, object_id, save, **kw):
    """
      Backup an object in a trash bin
@@ -159,6 +160,7 @@ class TrashTool(BaseTool):
              obj._cleanup()
    return subobjects_dict

+  security.declarePrivate('newTrashBin')
  def newTrashBin(self, bt_title='trash', bt=None):
    """
      Create a new trash bin at upgrade of bt
@@ -191,6 +193,7 @@ class TrashTool(BaseTool):
                              )
    return trashbin

+  security.declareProtected(Permissions.ManagePortal, 'getTrashBinObjectsList')
  def getTrashBinObjectsList(self, trashbin):
    """
      Return a list of trash objects for a given trash bin

--- a/product/ERP5/Tool/UrlRegistryTool.py
+++ b/product/ERP5/Tool/UrlRegistryTool.py
@@ -154,6 +154,8 @@ class UrlRegistryTool(BaseTool):
        url_list.append(url)
    return url_list

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'updateUrlRegistryTool')
  def updateUrlRegistryTool(self):
    """
    Fetch all document path, then call in activities

--- a/product/ERP5/mixin/amount_generator.py
+++ b/product/ERP5/mixin/amount_generator.py
@@ -30,7 +30,7 @@ from collections import defaultdict, deque
 import random
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base, Implicit
 from Products.ERP5.AggregatedAmountList import AggregatedAmountList
 from Products.ERP5Type import Permissions, interfaces

--- a/product/ERP5/mixin/base_convertable.py
+++ b/product/ERP5/mixin/base_convertable.py
@@ -28,7 +28,7 @@
 ##############################################################################
 from Products.CMFCore.utils import getToolByName
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from OFS.Image import Pdata
 from cStringIO import StringIO

--- a/product/ERP5/mixin/builder.py
+++ b/product/ERP5/mixin/builder.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, PropertySheet
 from Products.ERP5Type.XMLObject import XMLObject
 from Products.ERP5Type.Core.Predicate import Predicate
@@ -150,6 +150,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
  def getRelatedBusinessLinkValueList(self):
    return self.getDeliveryBuilderRelatedValueList(portal_type='Business Link')

+  security.declarePrivate('callBeforeBuildingScript')
  def callBeforeBuildingScript(self):
    """
      Call a script on the module, for example, to remove some
@@ -284,8 +285,10 @@ class BuilderMixin(XMLObject, Amount, Predicate):

    return movement_list

+  security.declarePrivate('searchMovementList')
  searchMovementList = UnrestrictedMethod(_searchMovementList)

+  security.declarePrivate('collectMovement')
  def collectMovement(self, movement_list):
    """
      group movements in the way we want. Thanks to this method, we are able
@@ -366,6 +369,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
                            for movement_group_node in movement_group_node_list]
    return instance, self._getSortedPropertyDict(property_dict_list)

+  security.declarePrivate('buildDeliveryList')
  @UnrestrictedMethod
  def buildDeliveryList(self, movement_group_node,
                        delivery_relative_url_list=None,
@@ -717,6 +721,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
      # Update properties on object (quantity, price...)
      delivery_movement._edit(force_update=1, **property_dict)

+  security.declarePrivate('callAfterBuildingScript')
  @UnrestrictedMethod
  def callAfterBuildingScript(self, delivery_list, movement_list=(), **kw):
    """

--- a/product/ERP5/mixin/cached_convertable.py
+++ b/product/ERP5/mixin/cached_convertable.py
@@ -33,7 +33,7 @@ import string

 from Acquisition import aq_base
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
 from OFS.Image import Pdata, Image as OFSImage

--- a/product/ERP5/mixin/composition.py
+++ b/product/ERP5/mixin/composition.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Cache import transactional_cached

--- a/product/ERP5/mixin/configurable.py
+++ b/product/ERP5/mixin/configurable.py
@@ -28,7 +28,7 @@

 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import PersistentMapping

--- a/product/ERP5/mixin/crawlable.py
+++ b/product/ERP5/mixin/crawlable.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import normaliseUrl
 from Products.ERP5Type.DateUtils import convertDateToHour,\

--- a/product/ERP5/mixin/discoverable.py
+++ b/product/ERP5/mixin/discoverable.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo, getSecurityManager
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from ZODB.POSException import ConflictError
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import convertToUpperCase

--- a/product/ERP5/mixin/document.py
+++ b/product/ERP5/mixin/document.py
@@ -28,7 +28,7 @@
 ##############################################################################
 from Products.CMFCore.utils import getToolByName
 from AccessControl import ClassSecurityInfo, Unauthorized
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from OFS.Image import Pdata
 from cStringIO import StringIO
@@ -85,7 +85,8 @@ class DocumentMixin:
    if LOCK_PERMISSION_KEY in transaction_variable:
      del transaction_variable[LOCK_PERMISSION_KEY]
    return result
-
+  
+  security.declareProtected(Permissions.AccessContentsInformation, 'getFailsafeConversion')
  def getFailsafeConversion(self, **kw):
    """
      Return a failure resistent conversion of a document

--- a/product/ERP5/mixin/document_proxy.py
+++ b/product/ERP5/mixin/document_proxy.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from warnings import warn

@@ -59,7 +59,7 @@ class DocumentProxyMixin:
    return self.getProxiedDocumentValue()

  security.declareProtected(Permissions.AccessContentsInformation,
-                            'getProxiedDocument' )
+                            'getProxiedDocumentValue')
  def getProxiedDocumentValue(self):
    """
    Try to retrieve the original document

--- a/product/ERP5/mixin/downloadable.py
+++ b/product/ERP5/mixin/downloadable.py
@@ -27,7 +27,7 @@
 #
 ##############################################################################
 from AccessControl import ClassSecurityInfo, Unauthorized
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import fill_args_from_request
 from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders,\

--- a/product/ERP5/mixin/encrypted_password.py
+++ b/product/ERP5/mixin/encrypted_password.py
@@ -31,7 +31,7 @@
 import zope.interface
 from AccessControl import ClassSecurityInfo
 from AccessControl.AuthEncoding import pw_encrypt, pw_validate
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import PersistentMapping
@@ -55,6 +55,7 @@ class EncryptedPasswordMixin:
      return pw_validate(self.getPassword(), value)
    return False

+  security.declareProtected(Permissions.SetOwnPassword, 'checkPasswordValueAcceptable')
  def checkPasswordValueAcceptable(self, value):
    """
    Check the password. This method is defined explicitly, because:

--- a/product/ERP5/mixin/equivalence_tester.py
+++ b/product/ERP5/mixin/equivalence_tester.py
@@ -28,7 +28,7 @@

 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.DivergenceMessage import DivergenceMessage
 from Products.ERP5Type.Message import Message
@@ -47,6 +47,7 @@ class EquivalenceTesterMixin:
  zope.interface.implements(interfaces.IEquivalenceTester,)

  # Implementation of IEquivalenceTester
+  security.declarePrivate('testEquivalence')
  def testEquivalence(self, simulation_movement):
    """
    Tests if simulation_movement is divergent. Returns False (0)
@@ -59,6 +60,7 @@ class EquivalenceTesterMixin:
    """
    return self.explain(simulation_movement) is not None

+  security.declarePrivate('explain')
  def explain(self, simulation_movement):
    """
    Returns a single message which explain the nature of
@@ -99,6 +101,7 @@ class EquivalenceTesterMixin:
    """
    return movement.getProperty(property)

+  security.declarePrivate('generateHashKey')
  def generateHashKey(self, movement):
    """
    Returns a hash key which can be used to optimise the
@@ -117,6 +120,7 @@ class EquivalenceTesterMixin:
      value = self._getTestedPropertyValue(movement, tested_property)
    return '%s/%r' % (tested_property, value)

+  security.declarePrivate('compare')
  def compare(self, prevision_movement, decision_movement):
    """
    Returns True if prevision_movement and delivery_movement
@@ -136,6 +140,7 @@ class EquivalenceTesterMixin:
    """
    return (self._compare(prevision_movement, decision_movement) is None)

+  security.declarePrivate('update')
  def update(self, prevision_movement, decision_movement):
    """
    Updates decision_movement with properties from
@@ -164,6 +169,8 @@ class EquivalenceTesterMixin:
    decision_movement.edit(
      **self.getUpdatablePropertyDict(prevision_movement, decision_movement))

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getExplanationMessage')
  def getExplanationMessage(self, simulation_movement):
    """
    Returns the HTML message that describes the detail of the
@@ -201,6 +208,8 @@ class EquivalenceTesterMixin:
    """
    raise NotImplementedError

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getUpdatablePropertyDict')
  def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
    """
    Returns a mapping of properties to update on decision_movement so that next

--- a/product/ERP5/mixin/explainable.py
+++ b/product/ERP5/mixin/explainable.py
@@ -28,7 +28,7 @@

 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces

 class ExplainableMixin:

--- a/product/ERP5/mixin/extensible_traversable.py
+++ b/product/ERP5/mixin/extensible_traversable.py
@@ -35,7 +35,7 @@ from Products.ERP5Type.ExtensibleTraversable import ExtensibleTraversableMixIn
 from Products.ERP5Type.Cache import getReadOnlyTransactionCache
 from AccessControl import ClassSecurityInfo, getSecurityManager
 from AccessControl.SecurityManagement import newSecurityManager, setSecurityManager
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders, _ViewEmulator
 from OFS.Image import File as OFSFile

--- a/product/ERP5/mixin/login_account_provider.py
+++ b/product/ERP5/mixin/login_account_provider.py
@@ -30,7 +30,7 @@
 from Products.ERP5Type import Permissions
 from AccessControl.AuthEncoding import pw_validate
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass

 class LoginAccountProviderMixin:
  """
@@ -87,7 +87,8 @@ class LoginAccountProviderMixin:
    if not len(result_code_list):
      return True
    return False
-
+    
+  security.declareProtected(Permissions.SetOwnPassword, 'analyzePassword')
  def analyzePassword(self, password, **kw):
    """
    Analyze password validity.

--- a/product/ERP5/mixin/movement_collection_updater.py
+++ b/product/ERP5/mixin/movement_collection_updater.py
@@ -28,7 +28,7 @@

 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5.MovementCollectionDiff import (
  MovementCollectionDiff, _getPropertyAndCategoryList)
@@ -52,6 +52,8 @@ class MovementCollectionUpdaterMixin:
  zope.interface.implements(interfaces.IMovementCollectionUpdater,)

  # Implementation of IMovementCollectionUpdater
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getMovementCollectionDiff')
  def getMovementCollectionDiff(self, context, rounding=False,
                                movement_generator=None):
    """
@@ -147,6 +149,8 @@ class MovementCollectionUpdaterMixin:

    return movement_collection_diff

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'updateMovementCollection')
  def updateMovementCollection(self, context, rounding=False,
                               movement_generator=None):
    """

--- a/product/ERP5/mixin/periodicity.py
+++ b/product/ERP5/mixin/periodicity.py
@@ -29,7 +29,7 @@

 from DateTime import DateTime
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Message import Message

@@ -237,7 +237,7 @@ class PeriodicityMixin:
    return [(Message(domain='erp5_ui', message=x), x) \
            for x in self.getWeekDayList()]

-  security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayItemList')
+  security.declareProtected(Permissions.AccessContentsInformation, 'getMonthItemList')
  def getMonthItemList(self):
    """
    returns something like [('January', 1), ('February', 2),...]

--- a/product/ERP5/mixin/property_recordable.py
+++ b/product/ERP5/mixin/property_recordable.py
@@ -28,7 +28,7 @@

 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Globals import PersistentMapping

--- a/product/ERP5/mixin/rule.py
+++ b/product/ERP5/mixin/rule.py
@@ -29,7 +29,7 @@
 import transaction
 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Acquisition import aq_base
 from Products.ERP5Type import Permissions, interfaces
 from Products.ERP5Type.Base import Base
@@ -158,6 +158,8 @@ class RuleMixin(Predicate):
  movement_type = 'Simulation Movement'

  # Implementation of IRule
+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'constructNewAppliedRule')
  def constructNewAppliedRule(self, context, **kw):
    """
    Create a new applied rule in the context.
@@ -190,6 +192,8 @@ class RuleMixin(Predicate):
      return False
    return super(RuleMixin, self).test(*args, **kw)

+  security.declareProtected(Permissions.ModifyPortalContent,
+                            'expand')
  def expand(self, applied_rule, expand_policy=None, **kw):
    """
    Expand this applied rule to create new documents inside the
@@ -473,6 +477,7 @@ class RuleMixin(Predicate):
        new_movement = self._newProfitAndLossMovement(prevision_movement)
        movement_collection_diff.addNewMovement(new_movement)

+InitializeClass(RuleMixin)

 class SimulableMixin(Base):
  security = ClassSecurityInfo()
@@ -553,6 +558,8 @@ class SimulableMixin(Base):
        if not movement.aq_inContextOf(applied_rule):
          movement.recursiveReindexObject(activate_kw=activate_kw)

+  security.declareProtected( Permissions.AccessContentsInformation,
+                             'getRuleReference')
  def getRuleReference(self):
    """Returns an appropriate rule reference

@@ -609,4 +616,4 @@ class SimulableMixin(Base):
      o.getParentValue().deleteContent(o.getId())
    super(SimulableMixin, self).manage_beforeDelete(item, container)

-InitializeClass(RuleMixin)
+InitializeClass(SimulableMixin)
--- a/product/ERP5/mixin/solver.py
+++ b/product/ERP5/mixin/solver.py
@@ -29,7 +29,7 @@

 import zope.interface
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, PropertySheet, interfaces
 from Products.ERP5Type.UnrestrictedMethod import super_user
 from Products.ERP5Type.XMLObject import XMLObject
@@ -58,6 +58,8 @@ class SolverMixin(object):
  def getPortalTypeValue(self):
    return self.getPortalObject().portal_solvers._getOb(self.getPortalType())

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'searchDeliverySolverList')
  def searchDeliverySolverList(self, **kw):
    """
    this method returns a list of delivery solvers
@@ -70,6 +72,8 @@ class SolverMixin(object):
    solver_list = target_solver_type.getDeliverySolverValueList()
    return solver_list

+InitializeClass(SolverMixin)
+
 class ConfigurablePropertySolverMixin(SolverMixin,
                                      ConfigurableMixin,
                                      XMLObject):
@@ -118,4 +122,4 @@ class ConfigurablePropertySolverMixin(SolverMixin,
      tested_property_list = portal_type.getTestedPropertyList()
    return tested_property_list

-InitializeClass(SolverMixin)
+InitializeClass(ConfigurablePropertySolverMixin)
--- a/product/ERP5/mixin/text_convertable.py
+++ b/product/ERP5/mixin/text_convertable.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from warnings import warn


--- a/product/ERP5/mixin/timer_service.py
+++ b/product/ERP5/mixin/timer_service.py
@@ -28,7 +28,7 @@

 import warnings
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.CMFActivity.ActivityTool import ActivityTool
 from Products.ERP5Type import Permissions
 try:

--- a/product/ERP5/mixin/url.py
+++ b/product/ERP5/mixin/url.py
@@ -28,7 +28,7 @@
 ##############################################################################

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Utils import normaliseUrl

@@ -133,6 +133,8 @@ class UrlMixin:
    url_string = self.getUrlString()
    return '/'.join(url_string.split('/')[1:])

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asNormalisedURL')
  def asNormalisedURL(self, base_url=None):
    """
    call normaliseUrl with raw url

--- a/product/ERP5/mixin/variated.py
+++ b/product/ERP5/mixin/variated.py
@@ -29,7 +29,7 @@

 from warnings import warn
 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.CMFCategory.Renderer import Renderer
 from Products.ERP5Type import interfaces, Permissions, PropertySheet
 import zope.interface

--- a/product/ERP5/mixin/virtual_folder.py
+++ b/product/ERP5/mixin/virtual_folder.py
@@ -31,7 +31,7 @@
 _marker=[]

 from AccessControl import ClassSecurityInfo
-from AccessControl.class_init import InitializeClass
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type.Core.Folder import Folder
 from Products.ERP5Type.TransactionalVariable import getTransactionalVariable


--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -314,6 +314,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
                , 'manage_schema')
    manage_schema = DTMLFile('dtml/manageSchema', globals())

+    security.declarePublic('getPreferredSQLCatalogId')
    def getPreferredSQLCatalogId(self, id=None):
      """
      Get the SQL Catalog from preference.
@@ -366,6 +367,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
        return result

    # Schema Management
+    security.declareProtected(Permissions.ManagePortal, 'editColumn')
    def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
      """
        Modifies a schema column of the catalog
@@ -379,17 +381,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
        new_schema.append(new_c)
      self.setColumnList(new_schema)

+    security.declareProtected(Permissions.ManagePortal, 'setColumnList')
    def setColumnList(self, column_list):
      """
      """
      self._sql_schema = column_list

+    security.declarePublic('getColumnList')
    def getColumnList(self):
      """
      """
      if not hasattr(self, '_sql_schema'): self._sql_schema = []
      return self._sql_schema

+    security.declarePublic('getColumn')
    def getColumn(self, column_id):
      """
      """
@@ -398,6 +403,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
          return c
      return None

+    security.declareProtected(Permissions.ManagePortal, 'editIndex')
    def editIndex(self, index_id, sql_definition, REQUEST=None, RESPONSE=None):
      """
        Modifies the schema of the catalog
@@ -411,17 +417,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
        new_index.append(new_c)
      self.setIndexList(new_index)

+    security.declareProtected(Permissions.ManagePortal, 'setIndexList')
    def setIndexList(self, index_list):
      """
      """
      self._sql_index = index_list

+    security.declarePublic('getIndexList')
    def getIndexList(self):
      """
      """
      if not hasattr(self, '_sql_index'): self._sql_index = []
      return self._sql_index

+    security.declarePublic('getIndex')
    def getIndex(self, index_id):
      """
      """
@@ -512,6 +521,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):

      return allowedRolesAndUsers, role_column_dict, local_role_column_dict

+    security.declarePublic('getSecurityUidDictAndRoleColumnDict')
    def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, local_roles=None):
      """
        Return a dict of local_roles_group_id -> security Uids and a

--- a/product/ERP5Form/Document/Preference.py
+++ b/product/ERP5Form/Document/Preference.py
@@ -86,10 +86,12 @@ class Preference( Folder ):
    self._clearCache()
    Folder._edit(self, **kw)

+  security.declareProtected(Permissions.ModifyPortalContent, 'enable')
  def enable(self, **kw):
    """Workflow method"""
    self._clearCache()

+  security.declareProtected(Permissions.ModifyPortalContent, 'disable')
  def disable(self, **kw):
    """Workflow method"""
    self._clearCache()
--- a/product/ERP5Form/Form.py
+++ b/product/ERP5Form/Form.py
@@ -710,6 +710,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
      return ret

    # Utilities
+    security.declareProtected('View', 'ErrorFields')
    def ErrorFields(self, validation_errors):
        """
            Create a dictionnary of validation_errors
@@ -788,6 +789,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):

    manage_FTPput = PUT

+    security.declarePrivate('getSimilarSkinFolderIdList')
    def getSimilarSkinFolderIdList(self):
      """
      Find other skins id installed in the same time

--- a/product/ERP5Form/ProxyField.py
+++ b/product/ERP5Form/ProxyField.py
@@ -412,6 +412,7 @@ class ProxyField(ZMIField):
    """
    return self.getTemplateField().get_error_names()

+  security.declareProtected('Access contents information', 'getTemplateField')
  def getTemplateField(self, cache=True):
    """
    Return template field of the proxy field.
@@ -478,6 +479,7 @@ class ProxyField(ZMIField):
      self._setTemplateFieldCache(proxy_field)
    return proxy_field

+  security.declareProtected('Access contents information', 'getRecursiveTemplateField')
  def getRecursiveTemplateField(self):
    """
    Return template field of the proxy field.
@@ -639,6 +641,7 @@ class ProxyField(ZMIField):
        else:
          return None

+  security.declareProtected('Access contents information', 'getFieldValue')
  def getFieldValue(self, field, id, **kw):
    """
      Return a callable expression and cacheable boolean flag

--- a/product/ERP5Form/Tool/SelectionTool.py
+++ b/product/ERP5Form/Tool/SelectionTool.py
@@ -1197,6 +1197,7 @@ class SelectionTool( BaseTool, SimpleItem ):
      return md5(str(sorted(map(str, uid_list)))).hexdigest()

    # Related document searching
+    security.declarePublic('viewSearchRelatedDocumentDialog')
    def viewSearchRelatedDocumentDialog(self, index, form_id,
                                        REQUEST=None, sub_index=None, **kw):
      """
@@ -1433,6 +1434,7 @@ class SelectionTool( BaseTool, SimpleItem ):
      tv['_user_id'] = user_id
      return user_id

+    security.declarePrivate('getTemporarySelectionDict')
    def getTemporarySelectionDict(self):
      """ Temporary selections are used in push/pop nested scope,
      to prevent from editting for stored selection in the scope.
@@ -1794,7 +1796,7 @@ for x in SelectionTool.__dict__:
  if x in method_id_filter_list:
    continue
  roles = getattr(SelectionTool, '%s__roles__' % x, None)
-  if roles is None:
+  if roles is None or roles == ():
    continue
  if roles.__name__ == ERP5Permissions.ManagePortal:
    continue

--- a/product/ERP5OOo/tests/testDms.py
+++ b/product/ERP5OOo/tests/testDms.py
@@ -2495,6 +2495,7 @@ return 1
    kw['portal_type'] = "Spreadsheet"
    new_document = self.portal.Base_contribute(**kw)
    self.assertEqual(new_document.getValidationState(), 'draft')
+    self.tic()

    # make it read only
    document.manage_permission(Permissions.ModifyPortalContent, [])

--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -78,6 +78,7 @@ class ERP5GroupManager(BasePlugin):
  #
  #   IGroupsPlugin implementation
  #
+  security.declarePrivate('getGroupsForPrincipal')
  def getGroupsForPrincipal(self, principal, request=None):
    """ See IGroupsPlugin.
    """

--- a/product/ERP5Security/ERP5UserFactory.py
+++ b/product/ERP5Security/ERP5UserFactory.py
@@ -209,6 +209,7 @@ class ERP5UserFactory(BasePlugin):
    self._id = self.id = id
    self.title = title

+  security.declarePrivate('createUser')
  def createUser( self, user_id, name ):
    """ See IUserFactoryPlugin
    """

--- a/product/ERP5Type/Base.py
+++ b/product/ERP5Type/Base.py
@@ -809,12 +809,16 @@ class Base( CopyContainer,
  getId = BaseAccessor.Getter('getId', 'id', 'string')

  # Debug
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getOid')
  def getOid(self):
    """
      Return ODB oid
    """
    return self._p_oid

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getOidRepr')
  def getOidRepr(self):
    """
      Return ODB oid, in an 'human' readable form.
@@ -822,10 +826,14 @@ class Base( CopyContainer,
    from ZODB.utils import oid_repr
    return oid_repr(self._p_oid)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSerial')
  def getSerial(self):
    """Return ODB Serial."""
    return self._p_serial

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getHistorySerial')
  def getHistorySerial(self):
    """Return ODB Serial, in the same format used for history keys"""
    return '.'.join([str(x) for x in unpack('>HHHH', self._p_serial)])
@@ -1378,6 +1386,8 @@ class Base( CopyContainer,
  # Accessors are not workflow methods by default
  # Ping provides a dummy method to trigger automatic methods
  # XXX : maybe an empty edit is enough (self.edit())
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'ping')
  def ping(self):
    pass

@@ -1565,6 +1575,8 @@ class Base( CopyContainer,
    """
    return self

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDocumentInstance')
  def getDocumentInstance(self):
    """
      Returns self
@@ -1584,6 +1596,8 @@ class Base( CopyContainer,
        assert mount_point._getMountedConnection(connection) is connection
        return mount_point._traverseToMountedRoot(connection.root(), None)

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'asSQLExpression')
  def asSQLExpression(self, strict_membership=0, table='category', base_category = None):
    """
      Any document can be used as a Category. It can therefore
@@ -3266,6 +3280,8 @@ class Base( CopyContainer,
    self._p_changed = 1

  # Helpers
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getQuantityPrecisionFromResource')
  def getQuantityPrecisionFromResource(self, resource, d=2):
    """
      Provides a quick access to precision without accessing the resource

--- a/product/ERP5Type/CopySupport.py
+++ b/product/ERP5Type/CopySupport.py
@@ -383,28 +383,6 @@ class CopyContainer:
                           group_method_id='portal_catalog/uncatalogObjectList',
                           serialization_tag=self.getRootDocumentPath()).unindexObject(uid=uid)

-  security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
-  def moveObject(self, idxs=None):
-      """
-          Reindex the object in the portal catalog.
-          If idxs is present, only those indexes are reindexed.
-          The metadata is always updated.
-
-          Also update the modification date of the object,
-          unless specific indexes were requested.
-
-          Passes is_object_moved to catalog to force
-          reindexing without creating new uid
-      """
-      if idxs is None: idxs = []
-      if idxs == []:
-          # Update the modification date.
-          if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
-              self.notifyModified()
-      catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
-      if catalog is not None:
-          catalog.moveObject(self, idxs=idxs)
-
  def _notifyOfCopyTo(self, container, op=0):
      """Overiden to track object cut and pastes, and update related
      content accordingly.

--- a/product/ERP5Type/Core/ActionInformation.py
+++ b/product/ERP5Type/Core/ActionInformation.py
@@ -86,18 +86,21 @@ class ActionInformation(XMLObject):
  # XXX Following getAction/getCondition/getIcon are problably not useful
  #     because properties should already be cleaned up during migration
  #     or installation from BT.
+  security.declareProtected(AccessContentsInformation, 'getAction')
  def getAction(self):
    """Overridden getter for 'action' to clean null values"""
    if getattr(aq_base(self), 'action', None) == '':
      del self.action
    return self._baseGetAction()

+  security.declareProtected(AccessContentsInformation, 'getCondition')
  def getCondition(self):
    """Overridden getter for 'condition' to clean null values"""
    if getattr(aq_base(self), 'condition', None) == '':
      del self.condition
    return self._baseGetCondition()

+  security.declareProtected(AccessContentsInformation, 'getIcon')
  def getIcon(self):
    """Overridden getter for 'icon' to clean null values"""
    if getattr(aq_base(self), 'icon', None) == '':

--- a/product/ERP5Type/Core/CacheFactory.py
+++ b/product/ERP5Type/Core/CacheFactory.py
@@ -61,6 +61,7 @@ class CacheFactory(XMLObject):
                    , PropertySheet.SortIndex
                    )

+  security.declareProtected(Permissions.AccessContentsInformation, 'getCacheId')
  def getCacheId(self):
    """
      Get a common Cache Factory / Cache Bag ID in this
@@ -94,6 +95,7 @@ class CacheFactory(XMLObject):
    for cache_plugin in cache_plugin_list:
      cache_plugin.set(cache_id, value)

+  security.declareProtected(Permissions.AccessContentsInformation, 'getCachePluginList')
  def getCachePluginList(self, allowed_type_list=None):
    """ get ordered list of installed cache plugins in ZODB """
    if allowed_type_list is None:

--- a/product/ERP5Type/Core/Folder.py
+++ b/product/ERP5Type/Core/Folder.py
@@ -587,13 +587,15 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
    """ Create a new content """
    # Create data structure if none present
    return FolderMixIn.newContent(self, *args, **kw)
-
+      
+  security.declareProtected(Permissions.AccessContentsInformation, 'isBTree')
  def isBTree(self):
    """
    Tell if we are a BTree
    """
    return self._folder_handler == BTREE_HANDLER
-
+  
+  security.declareProtected(Permissions.AccessContentsInformation, 'isHBTree')
  def isHBTree(self):
    """
    Tell if we are a HBTree
@@ -1386,6 +1388,28 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
                   'recursiveImmediateReindexObject', None) is not None:
          c.recursiveImmediateReindexObject(**kw)

+  security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
+  def moveObject(self, idxs=None):
+      """
+          Reindex the object in the portal catalog.
+          If idxs is present, only those indexes are reindexed.
+          The metadata is always updated.
+
+          Also update the modification date of the object,
+          unless specific indexes were requested.
+
+          Passes is_object_moved to catalog to force
+          reindexing without creating new uid
+      """
+      if idxs is None: idxs = []
+      if idxs == []:
+          # Update the modification date.
+          if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
+              self.notifyModified()
+      catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
+      if catalog is not None:
+          catalog.moveObject(self, idxs=idxs)
+
  security.declareProtected( Permissions.ModifyPortalContent,
                             'recursiveMoveObject' )
  def recursiveMoveObject(self):
@@ -1513,46 +1537,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
                                          strict_membership=strict_membership))
    return "( %s )" % result

-
-  def mergeContent(self,from_object=None,to_object=None, delete=1,**kw):
-    """
-    This method will merge two objects.
-
-    When we have to different objects wich represent the same content, we
-    may want to merge them. In this case, we want to be sure to report
-
-    """
-    if from_object is None or to_object is None:
-      return
-
-    from_object_related_object_list = self.portal_categories\
-                                          .getRelatedValueList(from_object)
-    to_object_url = to_object.getRelativeUrl()
-    from_object_url = from_object.getRelativeUrl()
-    corrected_list = []
-    for object in from_object_related_object_list:
-      #LOG('Folder.mergeContent, working on object:',0,object)
-      new_category_list = []
-      found = 0
-      for category in object.getCategoryList(): # so ('destination/person/1',...)
-        #LOG('Folder.mergeContent, working on category:',0,category)
-        linked_object_url = '/'.join(category.split('/')[1:])
-        if linked_object_url == from_object_url:
-          base_category = category.split('/')[0]
-          found = 1
-          new_category_list.append(base_category + '/' + to_object_url)
-        else:
-          new_category_list.append(category)
-      if found:
-        corrected_list.append(object)
-        object.setCategoryList(new_category_list)
-        object.immediateReindexObject()
-    if delete:
-      if len(from_object.portal_categories.getRelatedValueList(from_object))==0:
-        parent = from_object.getParentValue()
-        parent.manage_delObjects(from_object.getId())
-    return corrected_list
-
  security.declareProtected( Permissions.AccessContentsInformation,
                             'objectValues' )
  def objectValues(self, spec=None, meta_type=None, portal_type=None,

--- a/product/ERP5Type/Core/Predicate.py
+++ b/product/ERP5Type/Core/Predicate.py
@@ -355,12 +355,14 @@ class Predicate(XMLObject):
  security.declareProtected( Permissions.AccessContentsInformation, 'asSqlJoinExpression' )
  asSqlJoinExpression = asSQLJoinExpression

+  security.declareProtected(Permissions.AccessContentsInformation, 'searchResults')
  def searchResults(self, **kw):
    """
    """
    portal_catalog = getToolByName(self, 'portal_catalog')
    return portal_catalog.searchResults(build_sql_query_method=self.buildSQLQuery,**kw)

+  security.declareProtected(Permissions.AccessContentsInformation, 'countResults')
  def countResults(self, REQUEST=None, used=None, **kw):
    """
    """
@@ -600,6 +602,7 @@ class Predicate(XMLObject):
  def _asPredicate(self):
    return self

+  security.declareProtected(Permissions.AccessContentsInformation, 'searchPredicate')
  def searchPredicate(self, **kw):
    """
      Returns a list of documents matching the predicate

--- a/product/ERP5Type/Core/RoleInformation.py
+++ b/product/ERP5Type/Core/RoleInformation.py
@@ -76,6 +76,7 @@ class RoleInformation(XMLObject):
      value = value and Expression(value) or None
    self._baseSetCondition(value)

+  security.declareProtected(AccessContentsInformation, 'getCondition')
  def getCondition(self):
    """Overridden getter for 'condition' to clean null values"""
    if getattr(aq_base(self), 'condition', None) == '':

--- a/product/ERP5Type/Core/StandardProperty.py
+++ b/product/ERP5Type/Core/StandardProperty.py
@@ -86,6 +86,8 @@ class StandardProperty(IdAsReferenceMixin('_property'), XMLObject):
  getDescription = Base.Getter('getDescription', 'description', 'string',
                               default='')

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getElementaryType')
  def getElementaryType(self):
    """
    Define this getter manually as it is not possible to rely on

--- a/product/ERP5Type/ERP5Type.py
+++ b/product/ERP5Type/ERP5Type.py
@@ -75,7 +75,7 @@ class LocalRoleAssignorMixIn(object):

    zope.interface.implements(interfaces.ILocalRoleAssignor)

-    security.declarePrivate('updateLocalRolesOnObject')
+    security.declarePrivate('updateLocalRolesOnDocument')
    @UnrestrictedMethod
    def updateLocalRolesOnDocument(self, ob, user_name=None, reindex=True, activate_kw=()):
      """
@@ -209,6 +209,8 @@ class LocalRoleAssignorMixIn(object):
      role.uid = None
      return self[self._setObject(role.id, role, set_owner=0)]

+InitializeClass(LocalRoleAssignorMixIn)
+
 class ERP5TypeInformation(XMLObject,
                          FactoryTypeInformation,
                          LocalRoleAssignorMixIn,

--- a/product/ERP5Type/Tool/CacheTool.py
+++ b/product/ERP5Type/Tool/CacheTool.py
@@ -199,6 +199,7 @@ class CacheTool(BaseTool):
    if REQUEST is not None:
      self.REQUEST.RESPONSE.redirect('cache_tool_configure?manage_tabs_message=Cache factory scope %s cleared.' %cache_factory_id)

+  security.declareProtected(Permissions.AccessContentsInformation, 'getCacheTotalMemorySize')
  def getCacheTotalMemorySize(self, REQUEST=None):
    """ Calculate total size of memory used for cache.


--- a/product/ERP5Type/Tool/SessionTool.py
+++ b/product/ERP5Type/Tool/SessionTool.py
@@ -191,6 +191,7 @@ class SessionTool(BaseTool):
    session._updatecontext(self)
    return session

+  security.declarePrivate('getSession')
  def getSession(self, session_id, session_duration=None):
    """ Return session object. """
    storage_plugin = self._getStoragePlugin()
@@ -216,6 +217,7 @@ class SessionTool(BaseTool):
      session = session.getValue()
    return session

+  security.declarePublic('newContent')
  def newContent(self, id, **kw):
    """ Create new session object. """
    session =  self.getSession(id)

--- a/product/ERP5Type/Tool/WebServiceTool.py
+++ b/product/ERP5Type/Tool/WebServiceTool.py
@@ -89,6 +89,8 @@ class WebServiceTool(BaseTool):
  security.declareProtected(Permissions.ManagePortal, 'manage_overview')
  manage_overview = DTMLFile('explainWebServiceTool', _dtmldir )

+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getConnectionPluginList')
  def getConnectionPluginList(self):
    """
    Return list of available connection plugins
@@ -97,6 +99,7 @@ class WebServiceTool(BaseTool):
    plugin_list.sort()
    return plugin_list

+  security.declareProtected(Permissions.ManagePortal, 'connect')
  def connect(self, url, user_name=None, password=None, transport=None, transport_kw=None):
    """
    Connect to remote instances

--- a/product/ERP5Type/WebDAVSupport.py
+++ b/product/ERP5Type/WebDAVSupport.py
@@ -17,6 +17,7 @@ import re
 import transaction
 from Acquisition import aq_parent, aq_inner, aq_base
 from AccessControl import ClassSecurityInfo, ModuleSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions, PropertySheet, Constraint
 from Products.CMFCore.PortalContent import ResourceLockedError
 from Products.CMFCore.utils import getToolByName
@@ -193,6 +194,8 @@ class TextContent:
    """ Used for FTP and apparently the ZMI now too """
    return len(self.manage_FTPget())

+InitializeClass(TextContent)
+
 from webdav.common import Locked, PreconditionFailed
 from webdav.interfaces import IWriteLock
 from webdav.NullResource import NullResource

--- a/product/ERP5Type/mixin/component.py
+++ b/product/ERP5Type/mixin/component.py
@@ -32,6 +32,7 @@
 from __future__ import absolute_import

 from AccessControl import ClassSecurityInfo
+from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5.mixin.property_recordable import PropertyRecordableMixin
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.Base import Base
@@ -399,3 +400,5 @@ class ComponentMixin(PropertyRecordableMixin, Base):
    rev = historicalRevision(self, serial)

    return rev.getTextContent()
+
+InitializeClass(ComponentMixin)
--- a/product/ERP5Type/patches/ActionsTool.py
+++ b/product/ERP5Type/patches/ActionsTool.py
@@ -16,8 +16,13 @@ import logging

 logger = logging.getLogger(__name__)

+from Products.ERP5Type.Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
 from Products.CMFCore.ActionsTool import ActionsTool
 from Products.CMFCore.interfaces import IActionProvider
+from Products.CMFCore.permissions import ManagePortal
+
+security = ClassSecurityInfo()

 def migrateNonProviders(portal_actions):
  portal_actions_path = '/'.join(portal_actions.getPhysicalPath())
@@ -100,4 +105,8 @@ def reorderActions(self, REQUEST=None):
    return self.manage_editActionsForm(REQUEST,
        manage_tabs_message='Actions reordered.')

+security.declareProtected(ManagePortal, 'reorderActions')
 ActionsTool.reorderActions = reorderActions
+
+ActionsTool.security = security
+InitializeClass(ActionsTool)
--- a/product/ERP5Type/patches/CookieCrumbler.py
+++ b/product/ERP5Type/patches/CookieCrumbler.py
--- a/product/ERP5Type/patches/DA.py
+++ b/product/ERP5Type/patches/DA.py
--- a/product/ERP5Type/patches/DCWorkflow.py
+++ b/product/ERP5Type/patches/DCWorkflow.py
--- a/product/ERP5Type/patches/DCWorkflowGraph.py
+++ b/product/ERP5Type/patches/DCWorkflowGraph.py
--- a/product/ERP5Type/patches/ExternalMethod.py
+++ b/product/ERP5Type/patches/ExternalMethod.py
--- a/product/ERP5Type/patches/OFSFolder.py
+++ b/product/ERP5Type/patches/OFSFolder.py
--- a/product/ERP5Type/patches/PythonScript.py
+++ b/product/ERP5Type/patches/PythonScript.py
--- a/product/ERP5Type/patches/WorkflowTool.py
+++ b/product/ERP5Type/patches/WorkflowTool.py
--- a/product/ERP5Type/tests/utils.py
+++ b/product/ERP5Type/tests/utils.py
--- a/product/Formulator/Field.py
+++ b/product/Formulator/Field.py
--- a/product/Formulator/Form.py
+++ b/product/Formulator/Form.py
--- a/product/Formulator/StandardFields.py
+++ b/product/Formulator/StandardFields.py
--- a/product/Localizer/Localizer.py
+++ b/product/Localizer/Localizer.py
--- a/product/Localizer/MessageCatalog.py
+++ b/product/Localizer/MessageCatalog.py
--- a/product/PortalTransforms/Transform.py
+++ b/product/PortalTransforms/Transform.py
--- a/product/PortalTransforms/TransformEngine.py
+++ b/product/PortalTransforms/TransformEngine.py
--- a/product/ZSQLCatalog/SQLCatalog.py
+++ b/product/ZSQLCatalog/SQLCatalog.py