Skip to content

erp5
erp5
Commit c085db81 authored by Sebastien Robin's avatar Sebastien Robin
Browse files
Options

ERP5Workflow: add security declarations

parent fb4dc00e
Hide whitespace changes
Inline Side-by-side
Showing with 51 additions and 3 deletions
product/ERP5/InteractionWorkflow.py
View file @ c085db81
...@@ -336,27 +336,33 @@ class InteractionWorkflowDefinition (DCWorkflowDefinition, ActiveObject): ...@@ -336,27 +336,33 @@ class InteractionWorkflowDefinition (DCWorkflowDefinition, ActiveObject):
return DCWorkflowDefinition._checkTransitionGuard(self, t, ob, **kw) return DCWorkflowDefinition._checkTransitionGuard(self, t, ob, **kw)
security.declarePrivate('getReference')
def getReference(self): def getReference(self):
return self.id return self.id
security.declarePrivate('getTransitionValueById')
def getTransitionValueById(self, transition_id): def getTransitionValueById(self, transition_id):
if self.interactions is not None: if self.interactions is not None:
return self.interactions.get(transition_id, None) return self.interactions.get(transition_id, None)
return None return None
security.declarePrivate('getTransitionValueList')
def getTransitionValueList(self): def getTransitionValueList(self):
if self.interactions is not None: if self.interactions is not None:
return self.interactions.values() return self.interactions.values()
return [] return []
security.declarePrivate('getTransitionIdList')
def getTransitionIdList(self): def getTransitionIdList(self):
if self.interactions is not None: if self.interactions is not None:
return self.interactions.objectIds() return self.interactions.objectIds()
return [] return []
security.declarePrivate('getPortalType')
def getPortalType(self): def getPortalType(self):
return self.__class__.__name__ return self.__class__.__name__
security.declarePrivate('showAsXML')
def showAsXML(self, root=None): def showAsXML(self, root=None):
if root is None: if root is None:
root = Element('erp5') root = Element('erp5')
......
product/ERP5Workflow/Document/Workflow.py
View file @ c085db81
...@@ -150,6 +150,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -150,6 +150,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
PropertySheet.Workflow, PropertySheet.Workflow,
) )
security.declarePrivate('notifyCreated')
def notifyCreated(self, document): def notifyCreated(self, document):
""" """
Notifies this workflow after an object has been created and added. Notifies this workflow after an object has been created and added.
...@@ -160,8 +161,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -160,8 +161,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
# Swallow. # Swallow.
pass pass
security.declareProtected(Permissions.ModifyPortalContent, security.declarePrivate('initializeDocument')
'initializeDocument')
initializeDocument = notifyCreated initializeDocument = notifyCreated
def _generateHistoryKey(self): def _generateHistoryKey(self):
...@@ -358,6 +358,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -358,6 +358,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
# This method allows to update all objects using one workflow, for example # This method allows to update all objects using one workflow, for example
# after the permissions per state for this workflow were modified # after the permissions per state for this workflow were modified
security.declareProtected(Permissions.ModifyPortalContent, 'updateRoleMappings')
def updateRoleMappings(self, REQUEST=None): def updateRoleMappings(self, REQUEST=None):
""" """
Changes permissions of all objects related to this workflow Changes permissions of all objects related to this workflow
...@@ -454,6 +455,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -454,6 +455,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
# Re-raise. # Re-raise.
raise moved_exc raise moved_exc
security.declarePrivate('listObjectActions')
def listObjectActions(self, info): def listObjectActions(self, info):
fmt_data = None fmt_data = None
document = info.object document = info.object
...@@ -485,6 +487,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -485,6 +487,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
return [ result[1] for result in object_action_list ] return [ result[1] for result in object_action_list ]
security.declarePrivate('getWorklistVariableMatchDict')
def getWorklistVariableMatchDict(self, info, check_guard=True): def getWorklistVariableMatchDict(self, info, check_guard=True):
""" """
Return a dict which has an entry per worklist definition Return a dict which has an entry per worklist definition
...@@ -640,62 +643,98 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -640,62 +643,98 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
else: else:
return state return state
security.declareProtected(Permissions.AccessContentsInformation,
'getVariableValueDict')
def getVariableValueDict(self): def getVariableValueDict(self):
return {variable.getReference(): variable return {variable.getReference(): variable
for variable in self.objectValues(portal_type="Workflow Variable")} for variable in self.objectValues(portal_type="Workflow Variable")}
security.declareProtected(Permissions.AccessContentsInformation,
'getCurrentStatusDict')
security.declarePrivate('listObjectActions')
def getVariableValueList(self): def getVariableValueList(self):
return self.objectValues(portal_type="Workflow Variable") return self.objectValues(portal_type="Workflow Variable")
security.declareProtected(Permissions.AccessContentsInformation,
'getVariableIdList')
def getVariableIdList(self): def getVariableIdList(self):
return [variable.getReference() return [variable.getReference()
for variable in self.objectValues(portal_type="Workflow Variable")] for variable in self.objectValues(portal_type="Workflow Variable")]
security.declareProtected(Permissions.AccessContentsInformation,
'getVariableValueById')
def getVariableValueById(self, variable_id): def getVariableValueById(self, variable_id):
return self._getOb('variable_' + variable_id, default=None) return self._getOb('variable_' + variable_id, default=None)
security.declareProtected(Permissions.AccessContentsInformation,
'getStateValueById')
def getStateValueById(self, stated_id): def getStateValueById(self, stated_id):
return self._getOb('state_' + stated_id, default=None) return self._getOb('state_' + stated_id, default=None)
security.declareProtected(Permissions.AccessContentsInformation,
'getStateValueList')
def getStateValueList(self): def getStateValueList(self):
return self.objectValues(portal_type="State") return self.objectValues(portal_type="State")
security.declareProtected(Permissions.AccessContentsInformation,
'getStateIdList')
def getStateIdList(self): def getStateIdList(self):
return [state.getReference() return [state.getReference()
for state in self.objectValues(portal_type="State")] for state in self.objectValues(portal_type="State")]
security.declareProtected(Permissions.AccessContentsInformation,
'getWorklistValueList')
def getWorklistValueList(self): def getWorklistValueList(self):
return self.objectValues(portal_type="Worklist") return self.objectValues(portal_type="Worklist")
security.declareProtected(Permissions.AccessContentsInformation,
'getWorklistIdList')
def getWorklistIdList(): def getWorklistIdList():
return [worklist.getReference() return [worklist.getReference()
for worklist in self.objectValues(portal_type="Worklist")] for worklist in self.objectValues(portal_type="Worklist")]
security.declareProtected(Permissions.AccessContentsInformation,
'getTransitionIdByReference')
def getTransitionIdByReference(self, transition_reference): def getTransitionIdByReference(self, transition_reference):
return 'transition_' + transition_reference return 'transition_' + transition_reference
security.declareProtected(Permissions.AccessContentsInformation,
'getScriptIdByReference')
def getScriptIdByReference(self, script_reference): def getScriptIdByReference(self, script_reference):
return SCRIPT_PREFIX + script_reference return SCRIPT_PREFIX + script_reference
security.declareProtected(Permissions.AccessContentsInformation,
'getScriptValueById')
def getScriptValueById(self, script_id): def getScriptValueById(self, script_id):
return self._getOb(script_id, default=None) return self._getOb(script_id, default=None)
security.declareProtected(Permissions.AccessContentsInformation,
'getWorklistValueById')
def getWorklistValueById(self, worklist_reference): def getWorklistValueById(self, worklist_reference):
return self._getOb('worklist_' + worklist_reference, None) return self._getOb('worklist_' + worklist_reference, None)
security.declareProtected(Permissions.AccessContentsInformation,
'getTransitionValueById')
def getTransitionValueById(self, transition_reference): def getTransitionValueById(self, transition_reference):
return self._getOb('transition_' + transition_reference, None) return self._getOb('transition_' + transition_reference, None)
security.declareProtected(Permissions.AccessContentsInformation,
'getTransitionValueList')
def getTransitionValueList(self): def getTransitionValueList(self):
return self.objectValues(portal_type="Transition") return self.objectValues(portal_type="Transition")
security.declareProtected(Permissions.AccessContentsInformation,
'getTransitionIdList')
def getTransitionIdList(self): def getTransitionIdList(self):
return [transition.getReference() for transition return [transition.getReference() for transition
in self.objectValues(portal_type="Transition")] in self.objectValues(portal_type="Transition")]
security.declareProtected(Permissions.AccessContentsInformation,
'getScriptValueList')
def getScriptValueList(self): def getScriptValueList(self):
return self.objectValues(portal_type='Workflow Script') return self.objectValues(portal_type='Workflow Script')
security.declarePrivate('notifyWorkflowMethod')
def notifyWorkflowMethod(self, ob, transition_list, args=None, kw=None): def notifyWorkflowMethod(self, ob, transition_list, args=None, kw=None):
""" Execute workflow methods. """ Execute workflow methods.
""" """
...@@ -726,12 +765,15 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -726,12 +765,15 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
activate_kw = {} activate_kw = {}
ob.reindexObject(activate_kw=activate_kw) ob.reindexObject(activate_kw=activate_kw)
security.declarePrivate('notifyBefore')
def notifyBefore(self, ob, transition_list, args=None, kw=None): def notifyBefore(self, ob, transition_list, args=None, kw=None):
pass pass
security.declarePrivate('notifySuccess')
def notifySuccess(self, ob, transition_list, result, args=None, kw=None): def notifySuccess(self, ob, transition_list, result, args=None, kw=None):
pass pass
security.declarePrivate('notifyException')
def notifyException(self, ob, action, exc): def notifyException(self, ob, action, exc):
''' '''
Notifies this workflow that an action failed. Notifies this workflow that an action failed.
...@@ -905,7 +947,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject): ...@@ -905,7 +947,7 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
else: else:
return new_state return new_state
security.declarePublic('wrapWorkflowMethod') security.declarePrivate('wrapWorkflowMethod')
def wrapWorkflowMethod(self, ob, method_id, func, args, kw): def wrapWorkflowMethod(self, ob, method_id, func, args, kw):
''' '''
Allows the user to request a workflow action. This method Allows the user to request a workflow action. This method
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7