Commit 12bb20e5 authored by Jim Fulton's avatar Jim Fulton

Merging changes from the Security-Dev branch

parent 8dc0c578
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
'''Add security system support to Document Templates
$Id: DTML.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
from DocumentTemplate import DT_Util
import SecurityManagement
# Allow access to unprotected attributes
DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
DT_Util.string.__allow_access_to_unprotected_subobjects__=1
DT_Util.math.__allow_access_to_unprotected_subobjects__=1
DT_Util.whrandom.__allow_access_to_unprotected_subobjects__=1
try: DT_Util.random.__allow_access_to_unprotected_subobjects__=1
except: pass
# Add security testing capabilities
class DTMLSecurityAPI:
"""API for performing security checks in DTML using '_' methods.
"""
def SecurityValidate(md, inst, parent, name, value):
"""Validate access.
Arguments:
accessed -- the object that was being accessed
container -- the object the value was found in
name -- The name used to access the value
value -- The value retrieved though the access.
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
return (SecurityManagement
.getSecurityManager()
.validate(inst, parent, name, value)
)
def SecurityValidateValue(md, value):
"""Convenience for common case of simple value validation.
"""
return (SecurityManagement
.getSecurityManager()
.validateValue(value)
)
def SecurityCheckPermission(md, permission, object):
"""Check whether the security context allows the given permission on
the given object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
return (SecurityManagement
.getSecurityManager()
.checkPermission(permission, object)
)
def SecurityGetUser(md):
"""Gen the current authenticated user"""
return (SecurityManagement
.getSecurityManager()
.getUser()
)
def SecurityCalledByExecutable(md):
"""Return a boolean value indicating if this context was called
by an executable"""
r = (SecurityManagement
.getSecurityManager()
.calledByExecutable()
)
if r > 0: return r-1
return r
DT_Util.TemplateDict.__dict__.update(DTMLSecurityAPI.__dict__)
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Support for owned objects
$Id: Owned.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import Globals, urlparse, SpecialUsers, ExtensionClass, string
from AccessControl import getSecurityManager
from Acquisition import aq_get, aq_parent, aq_base
UnownableOwner=[]
def ownableFilter(self,
aq_get=aq_get,
UnownableOwner=UnownableOwner):
_owner=aq_get(self, '_owner', None, 1)
return _owner is not UnownableOwner
class Owned(ExtensionClass.Base):
__ac_permissions__=(
('View management screens',
('manage_owner', 'owner_info', 'userCanChangeOwnershipType')),
('Take ownership',
('manage_takeOwnership','manage_changeOwnershipType'),
("Owner",)),
)
manage_options=({'label': 'Ownership',
'action': 'manage_owner',
'help': ('OFSP','Ownership.dtml'),
'filter': ownableFilter
},
)
manage_owner=Globals.HTMLFile('owner', globals())
def owner_info(self):
"""Get ownership info for display
"""
owner=self.getOwner(1)
if owner is None or owner is UnownableOwner: return owner
d={'path': string.join(owner[0], '/'), 'id': owner[1],
'explicit': hasattr(self, '_owner'),
'userCanChangeOwnershipType':
getSecurityManager().checkPermission('Take ownership', self)
}
return d
getOwner__roles__=()
def getOwner(self, info=0,
aq_get=aq_get, None=None, UnownableOwner=UnownableOwner,
):
"""Get the owner
If a true argument is provided, then only the owner path and id are
returned. Otherwise, the owner object is returned.
"""
owner=aq_get(self, '_owner', None, 1)
if owner is None: return owner
if info: return owner
if owner is UnownableOwner: return None
udb, oid = owner
root=self.getPhysicalRoot()
udb=root.unrestrictedTraverse(udb, None)
if udb is None: return SpecialUsers.nobody
owner = udb.getUserById(oid, None)
if owner is None: return SpecialUsers.nobody
return owner
changeOwnership__roles__=()
def changeOwnership(self, user,
aq_get=aq_get, None=None,
):
"""Change the ownership to the given user.
If possible, make the ownership acquired.
"""
new=ownerInfo(user)
if new is None: return # Special user!
old=aq_get(self, '_owner', None, 1)
if old==new: return
if hasattr(self, '_owner'):
# Hm, maybe we can acquire ownership
del self._owner
self.changeOwnership(user)
else:
if old is not UnownableOwner:
self._owner=new
def userCanTakeOwnership(self):
security=getSecurityManager()
user=security.getUser()
info=ownerInfo(user)
if info is None: return 0
owner=self.getOwner(1)
if owner == info: return 0
return security.checkPermission('Take ownership', self)
def manage_takeOwnership(self, REQUEST, RESPONSE):
"""Take ownership (responsibility) for an object.
"""
security=getSecurityManager()
want_referer=REQUEST['URL1']+'/manage_owner'
got_referer=("%s://%s%s" %
urlparse.urlparse(REQUEST['HTTP_REFERER'])[:3])
__traceback_info__=want_referer, got_referer
if (want_referer != got_referer or security.calledByExecutable()):
raise 'Unauthorized', (
'manage_takeOwnership was called from an invalid context'
)
self.changeOwnership(security.getUser())
RESPONSE.redirect(REQUEST['HTTP_REFERER'])
def manage_changeOwnershipType(self, explicit=1,
RESPONSE=None, REQUEST=None):
"""Change the type (implicit or explicit) of ownership.
"""
old=getattr(self, '_owner', None)
if explicit:
if old is not None: return
owner=aq_get(self, '_owner', None, 1)
if owner is not None and owner is not UnownableOwner:
self._owner=owner
else:
if old is None: return
new=aq_get(aq_parent(self), '_owner', None, 1)
if old is new: del self._owner
if RESPONSE is not None: RESPONSE.redirect(REQUEST['HTTP_REFERER'])
def _deleteOwnershipAfterAdd(self):
if hasattr(self, '_owner'):
del self._owner
for object in self.objectValues():
try: s=object._p_changed
except: s=0
try: object._deleteOwnershipAfterAdd()
except: pass
if s is None: object._p_deactivate()
def manage_fixupOwnershipAfterAdd(self):
# Sigh, get the parent's _owner
parent=getattr(self, 'aq_parent', None)
if parent is not None: _owner=aq_get(parent, '_owner', None, 1)
else: _owner=None
if (_owner is None and
((not hasattr(self, 'aq_parent')) or
(not hasattr(self, 'getPhysicalRoot'))
)
):
# This is a special case. An object is
# being added to an object that hasn't
# been added to the object hierarchy yet.
# We can delay fixing up the ownership until the
# object is actually added.
return None
if _owner is UnownableOwner:
# We want to acquire Unownable oenership!
return self._deleteOwnershipAfterAdd()
else:
# Otherwise change the ownership
user=getSecurityManager().getUser()
if aq_base(user) is SpecialUsers.super:
raise SuperCannotOwn, (
"Objects cannot be owned by the superuser")
self.changeOwnership(user)
# Force all subs to acquire ownership!
for object in self.objectValues():
try: s=object._p_changed
except: s=0
try: object._deleteOwnershipAfterAdd()
except: pass
if s is None: object._p_deactivate()
Globals.default__class_init__(Owned)
class SuperCannotOwn(Exception):
"The superuser cannot own anything"
class EditUnowned(Exception):
"Can't edit unowned executables"
def ownerInfo(user,
getattr=getattr, type=type, st=type(''), None=None):
uid=user.getId()
if uid is None: return uid
db=user.aq_inner.aq_parent
path=[db.id]
root=db.getPhysicalRoot()
while 1:
db=getattr(db,'aq_inner', None)
if db is None: break
db=db.aq_parent
if db is root: break
id=db.id
if type(id) is not st:
try: id=id()
except: id=str(id)
path.append(id)
path.reverse()
return path, uid
......@@ -90,7 +90,8 @@ need the object's ordinary permissions intact so we can manage it.
"""
import ExtensionClass, Acquisition
from AccessControl.Permission import pname
from Permission import pname
from Owned import UnownableOwner
class RoleManager:
......@@ -181,6 +182,8 @@ def setPermissionMapping(name, obj, v):
elif obj.__dict__.has_key(name): delattr(obj, name)
class PM(ExtensionClass.Base):
_owner=UnownableOwner
_View_Permission='_View_Permission'
def __getattr__(self, name):
......
......@@ -84,18 +84,24 @@
##############################################################################
"""Access control support"""
__version__='$Revision: 1.36 $'[11:-2]
__version__='$Revision: 1.37 $'[11:-2]
from Globals import HTMLFile, MessageDialog, Dictionary
from string import join, strip, split, find
from Acquisition import Implicit, Acquired
from Acquisition import Implicit, Acquired, aq_get
import Globals, ExtensionClass, PermissionMapping, Products
from Permission import Permission
from App.Common import aq_base
ListType=type([])
def _isBeingUsedAsAMethod(self):
return aq_get(self, '_isBeingUsedAsAMethod_', 0)
def _isNotBeingUsedAsAMethod(self):
return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
"""An obect that has configurable permissions"""
......@@ -113,7 +119,17 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
'manage_setLocalRoles', 'manage_addLocalRoles',
'manage_delLocalRoles',
)),
# ('View management screens', ('manage_access',)),
)
manage_options=(
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Security.dtml'),
'filter': _isNotBeingUsedAsAMethod,
},
{'label':'Define Permissions', 'action':'manage_access',
'help':('OFSP','Security-DefinePermissions.dtml'),
'filter': _isBeingUsedAsAMethod,
},
)
__ac_roles__=('Manager', 'Owner', 'Anonymous')
......@@ -570,3 +586,4 @@ def gather_permissions(klass, result, seen):
seen[name]=None
gather_permissions(base, result, seen)
return result
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''short description
$Id: SecurityManagement.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import SpecialUsers
from thread import get_ident
from SecurityManager import SecurityManager
_managers={}
def newSecurityManager(request, user):
"""Set up a new security context for a request for a user
"""
thread_id=get_ident()
_managers[thread_id]=SecurityManager(
thread_id,
SecurityContext(user),
)
def noSecurityManager():
try: del _managers[get_ident()]
except: pass
def getSecurityManager():
"""Get a security manager, for the current thread.
"""
thread_id=get_ident()
manager=_managers.get(thread_id, None)
if manager is None:
manager=SecurityManager(
thread_id,
SecurityContext(SpecialUsers.nobody))
_managers[thread_id]=manager
return manager
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
This method should only be caused by system startup code. It should
never, for example, be called during a web request.
"""
SecurityManager.setSecurityPolicy(aSecurityPolicy)
class SecurityContext:
"""The security context is an object used internally to the security
machinery. It captures data about the current security context.
"""
def __init__(self, user):
self.stack=[]
self.user=user
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''short description
$Id: SecurityManager.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import ZopeSecurityPolicy, os, string
try: max_stack_size=string.atoi(os.environ.get('Z_MAX_STACK_SIZE','100'))
except: max_stack_size=100
_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy()
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
This method should only be caused by system startup code. It should
never, for example, be called during a web request.
"""
global _defaultPolicy
last=_defaultPolicy
_defaultPolicy=aSecurityPolicy
return last
class SecurityManager:
"""A security manager provides methods for checking access and managing
executable context and policies
"""
def __init__(self, thread_id, context):
self._thread_id=thread_id
self._context=context
self._policy=None
def validate(self, accessed=None, container=None, name=None, value=None):
"""Validate access.
Arguments:
accessed -- the object that was being accessed
container -- the object the value was found in
name -- The name used to access the value
value -- The value retrieved though the access.
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
policy=self._policy
if policy is None: policy=_defaultPolicy
return policy.validate(accessed, container, name, value,
self._context)
def validateValue(self, value):
"""Convenience for common case of simple value validation.
"""
policy=self._policy
if policy is None: policy=_defaultPolicy
return policy.validate(None, None, None, value,
self._context)
def checkPermission(self, permission, object):
"""Check whether the security context allows the given permission on
the given object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
policy=self._policy
if policy is None: policy=_defaultPolicy
return policy.checkPermission(permission, object,
self._context)
def addContext(self, anExecutableObject,
getattr=getattr):
"""Add an ExecutableObject to the current security
context. Optionally, add a new SecurityPolicy as well.
"""
stack=self._context.stack
if len(stack) > max_stack_size:
raise SystemError, 'Excessive recursion'
stack.append(anExecutableObject)
p=getattr(anExecutableObject, '_customSecurityPolicy', None)
if p is not None: p=p()
self._policy=p
def removeContext(self, anExecutableObject,
getattr=getattr):
"""Remove an ExecutableObject, and optionally, a
SecurityPolicy, from the current security context.
"""
stack=self._context.stack
if not stack: return
top=stack[-1]
if top is anExecutableObject:
del stack[-1]
else:
indexes=range(len(stack))
indexes.reverse()
for i in indexes:
top=stack[i]
if top is anExecutableObject:
del stack[i:]
break
else:
return
if stack:
top=stack[-1]
p=getattr(top, '_customSecurityPolicy', None)
if p is not None: p=p()
self._policy=p
else:
self._policy=None
def getUser(self):
"""Gen the current authenticated user"""
return self._context.user
def calledByExecutable(self):
"""Return a boolean value indicating if this context was called
by an executable"""
return len(self._context.stack)
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Collect rules for access to objects that don\'t have roles.
$Id: SimpleObjectPolicies.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import Record
# Allow access to unprotected attributes
Record.Record.__allow_access_to_unprotected_subobjects__=1
ContainerAssertions={
type(()): 1,
type([]): 1,
type({}): 1,
}
from DocumentTemplate.cDocumentTemplate import InstanceDict
ContainerAssertions[InstanceDict]=1
Containers=ContainerAssertions.get
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Place to find special users
This is needed to avoid a circular import problem.
$Id: SpecialUsers.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
......@@ -84,9 +84,9 @@
##############################################################################
"""Access control package"""
__version__='$Revision: 1.103 $'[11:-2]
__version__='$Revision: 1.104 $'[11:-2]
import Globals, App.Undo, socket, regex
import Globals, socket, regex, SpecialUsers
from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping
from string import join,strip,split,lower
from App.Management import Navigation, Tabs
......@@ -110,7 +110,10 @@ class BasicUser(Implicit):
# ----------------------------
# Public User object interface
# ----------------------------
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __init__(self,name,password,roles,domains):
raise NotImplemented
......@@ -324,14 +327,16 @@ except:
nobody=SpecialUser('Anonymous User','',('Anonymous',), [])
system=Super('System Processes','',('manage',), [])
import ZPublisher.BaseRequest
# Make anonymous users always pass the watermark test.
nobody._v__marker__ = ZPublisher.BaseRequest._marker
# stuff these in a handier place for importing
SpecialUsers.nobody=nobody
SpecialUsers.system=system
SpecialUsers.super=super
class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
Item, App.Undo.UndoSupport):
Item):
"""Base class for UserFolder-like objects"""
meta_type='User Folder'
......@@ -342,13 +347,13 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
isAUserFolder=1
manage_options=(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','User-Folder_Contents.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','User-Folder_Security.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','User-Folder_Undo.dtml')},
)
(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','User-Folder_Contents.dtml')},
)
+Item.manage_options
+RoleManager.manage_options
)
__ac_permissions__=(
('Manage users',
......@@ -740,18 +745,6 @@ def manage_addUserFolder(self,dtself=None,REQUEST=None,**ignored):
if REQUEST: return self.manage_main(self,REQUEST,update_menu=1)
# This bit performs watermark verification on authenticated users.
from ZPublisher.BaseRequest import _marker
def verify_watermark(auth_user):
if not hasattr(auth_user, '_v__marker__') or \
auth_user._v__marker__ is not _marker:
raise 'Unauthorized', (
'You are not authorized to access this resource.'
)
def rolejoin(roles, other):
dict={}
for role in roles:
......
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Define Zope\'s default security policy
$Id: ZopeSecurityPolicy.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import SimpleObjectPolicies
_noroles=[]
from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
class ZopeSecurityPolicy:
def validate(self, accessed, container, name, value, context,
None=None, type=type, IntType=type(0), DictType=type({}),
getattr=getattr, _noroles=_noroles, StringType=type(''),
Containers=SimpleObjectPolicies.Containers,
valid_aq_=('aq_parent','aq_explicit')):
############################################################
# Provide special rules for the acquisition attributes
if type(name) is StringType:
if name[:3]=='aq_' and name not in valid_aq_:
return 0
if container is None:
container=accessed
containerbase=accessedbase=accessed
else:
containerbase=getattr(container, 'aq_base', container)
accessedbase=getattr(accessed, 'aq_base', container)
############################################################
# Try to get roles
roles=getattr(value, '__roles__', _noroles)
if roles is _noroles:
############################################################
# We have an object without roles. Presumabely, it's
# some simple object, like a string or a list.
if container is None: return 0 # Bail if no container
roles=getattr(container, '__roles__', _noroles)
if roles is _noroles:
aq=getattr(container, 'aq_acquire', None)
if aq is None:
roles=_noroles
if containerbase is not accessedbase: return 0
else:
# Try to acquire roles
try: roles=aq('__roles__')
except AttributeError:
roles=_noroles
if containerbase is not accessedbase: return 0
# We need to make sure that we are allowed to
# get unprotected attributes from the container. We are
# allowed for certain simple containers and if the
# container says we can. Simple containers
# may also impose name restrictions.
p=Containers(type(container), None)
if p is None:
p=getattr(container,
'__allow_access_to_unprotected_subobjects__', None)
if p is not None:
tp=type(p)
if tp is not IntType:
if tp is DictType:
p=p.get(name, None)
else:
p=p(name, value)
if not p:
if (containerbase is accessedbase):
raise 'Unauthorized', name
else:
return 0
if roles is _noroles: return 1
# We are going to need a security-aware object to pass
# to hasRole. We'll use the container.
value=container
# Short-circuit tests if we can:
if roles is None or 'Anonymous' in roles: return 1
# Check executable security
stack=context.stack
if stack:
eo=stack[-1]
# If the executable had an owner, can it execute?
owner=eo.getOwner()
if (owner is not None) and not owner.hasRole(value, roles):
# We don't want someone to acquire if they can't
# get an unacquired!
if accessed is container:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
# Proxy roles, which are alot safer now.
proxy_roles=getattr(eo, '_proxy_roles', None)
if proxy_roles:
for r in proxy_roles:
if r in roles: return 1
# Proxy roles actually limit access!
if accessedbase is containerbase:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
try:
if context.user.hasRole(value, roles): return 1
except AttributeError: pass
# We don't want someone to acquire if they can't get an unacquired!
if accessedbase is containerbase:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
def checkPermission(self, permission, object, context):
roles=rolesForPermissionOn(permission, object)
if roles is _what_not_even_god_should_do: return 0
return context.user.has_role(roles, object)
......@@ -82,3 +82,8 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
import DTML
del DTML
from SecurityManagement import getSecurityManager, setSecurityPolicy
......@@ -5,12 +5,26 @@
<dtml-var manage_tabs>
</dtml-if manage_tabs>
<p>This interface is used to define how the operations of this object
(or objects that acquire permission settings from this object)
correspond to the operations defined by your product or ZClass.</p>
<p>The table below has two columns. The first column
lists the permissions for this object. The second column specifies
the permissions that should have this permission in this product or
ZClass. For ZClass methods, only permissions that are defined for the
ZClass are permitted.</p>
<p>In general, any permissions that include operations that change
(mutate) an object should be disabled.</p>
<p>The listing below shows the current permission mappings for this item.</p>
<dtml-with "_(valid=permissionMappingPossibleValues())">
<form action="manage_setPermissionMapping" method="POST">
<table>
<tr><th align=left>Permission</th>
<th align=left>is mapped to</th></tr>
<tr><th align=left>Permission for this object</th>
<th align=left>Permissions that correspond to<br>
(i.e. have) this permission</th></tr>
<dtml-in manage_getPermissionMapping mapping>
<tr>
<th align=left><dtml-var permission_name></th>
......
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML lang="en">
<HEAD>
<TITLE>&dtml-id; Owner</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<dtml-var manage_tabs>
<dtml-var title_and_id> is
<dtml-if owner_info>
<dtml-with owner_info mapping>
owned <dtml-if explicit> directly
<dtml-else> indirectly (through acquisition)
</dtml-if> by &dtml-id; (&dtml-path;).
<dtml-if userCanChangeOwnershipType>
<form action="manage_changeOwnershipType">
<dtml-if explicit>
<input type="hidden" name="explicit" value="">
<input type="submit" value="Make ownership implicit (acquired)">
<dtml-else>
<input type="hidden" name="explicit" value="y">
<input type="submit" value="Make ownership explicit">
</dtml-if>
</form>
</dtml-if>
</dtml-with>
<dtml-else>
unowned.
</dtml-if>
<dtml-if userCanTakeOwnership>
<form action="manage_takeOwnership">
<input type="submit" value="Take ownership">
</form>
</dtml-if>
</BODY></HTML>
......@@ -83,10 +83,10 @@
#
##############################################################################
__doc__="""System management components"""
__version__='$Revision: 1.58 $'[11:-2]
__version__='$Revision: 1.59 $'[11:-2]
import sys,os,time,string,Globals, Acquisition, os
import sys,os,time,string,Globals, Acquisition, os, Undo
from Globals import HTMLFile
from OFS.ObjectManager import ObjectManager
from OFS.Folder import Folder
......@@ -114,15 +114,18 @@ class DatabaseManager(Fake, SimpleItem.Item, Acquisition.Implicit):
icon='p_/DatabaseManagement_icon'
manage_options=(
(
{'label':'Database', 'action':'manage_main',
'help':('OFSP','Database-Management_Database.dtml')},
'help':('OFSP','Database-Management_Database.dtml')},
{'label':'Cache Parameters', 'action':'manage_cacheParameters',
'help':('OFSP','Database-Management_Cache-Parameters.dtml')},
'help':('OFSP','Database-Management_Cache-Parameters.dtml')},
{'label':'Flush Cache', 'action':'manage_cacheGC',
'help':('OFSP','Database-Management_Flush-Cache.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Database-Management_Undo.dtml')},
'help':('OFSP','Database-Management_Flush-Cache.dtml')},
)
+SimpleItem.Item.manage_options
)
Globals.default__class_init__(DatabaseManager)
class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit):
"""Version management"""
......@@ -133,10 +136,14 @@ class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit):
icon='p_/VersionManagement_icon'
manage_options=(
(
{'label':'Version', 'action':'manage_main',
'help':('OFSP','Version-Management_Version.dtml')},
)
+SimpleItem.Item.manage_options
)
Globals.default__class_init__(VersionManager)
......@@ -148,7 +155,7 @@ _v_rst=None
class ApplicationManager(Folder,CacheManager):
"""System management"""
__roles__=['Manager']
__roles__=('Manager',)
isPrincipiaFolderish=1
Database=DatabaseManager()
Versions=VersionManager()
......@@ -175,12 +182,13 @@ class ApplicationManager(Folder,CacheManager):
)
manage_options=(
(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','Control-Panel_Contents.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Control-Panel_Undo.dtml')},
)
+Undo.UndoSupport.manage_options
)
id ='Control_Panel'
name=title='Control Panel'
meta_type ='Control Panel'
......
......@@ -85,8 +85,8 @@
__doc__='''Cache management support
$Id: CacheManager.py,v 1.16 1999/10/07 19:53:25 jim Exp $'''
__version__='$Revision: 1.16 $'[11:-2]
$Id: CacheManager.py,v 1.17 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.17 $'[11:-2]
import Globals, time, sys
......@@ -298,3 +298,6 @@ class CacheManager:
else:
# ZODB 3
return db.cacheExtremeDetail()
Globals.default__class_init__(CacheManager)
......@@ -84,8 +84,8 @@
##############################################################################
__doc__='''Factory objects
$Id: Factory.py,v 1.16 2000/03/20 16:24:07 jim Exp $'''
__version__='$Revision: 1.16 $'[11:-2]
$Id: Factory.py,v 1.17 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.17 $'[11:-2]
import OFS.SimpleItem, Acquisition, Globals, AccessControl.Role
import Products, Product
......@@ -108,11 +108,14 @@ class Factory(
)
manage_options=(
(
{'label':'Edit', 'action':'manage_main',
'help':('OFSP','Zope-Factory_Edit.dtml')},
{'label':'Security', 'action':'manage_access',
{'label':'Define Permissions', 'action':'manage_access',
'help':('OFSP','Zope-Factory_Define-Permissions.dtml')},
)
)
+OFS.SimpleItem.Item.manage_options
)
def __init__(self, id, title, object_type, initial, permission=''):
self.id=id
......
......@@ -145,7 +145,7 @@ class FactoryDispatcher(Acquisition.Implicit):
raise AttributeError, name
# Provide acquired indicators for critical OM methods:
_setObject=Acquisition.Acquired
_setObject=_getOb=Acquisition.Acquired
# Provide a replacement for manage_main that does a redirection:
def manage_main(trueself, self, REQUEST, update_menu=0):
......
......@@ -85,14 +85,15 @@
"""Standard management interface support
$Id: Management.py,v 1.30 1999/09/27 14:07:05 jim Exp $"""
$Id: Management.py,v 1.31 2000/05/11 18:54:13 jim Exp $"""
__version__='$Revision: 1.30 $'[11:-2]
__version__='$Revision: 1.31 $'[11:-2]
import sys, Globals, ExtensionClass, urllib
from Dialogs import MessageDialog
from Globals import HTMLFile
from string import split, join, find
from AccessControl import getSecurityManager
class Tabs(ExtensionClass.Base):
"""Mix-in provides management folder tab support."""
......@@ -100,92 +101,37 @@ class Tabs(ExtensionClass.Base):
manage_tabs__roles__=('Anonymous',)
manage_tabs =HTMLFile('manage_tabs', globals())
#__ac_permissions__=(
# ('View management screens', ('manage_help', )),
# )
manage_help__roles__=()
def manage_help(self, RESPONSE, SCRIPT_NAME):
"Help!"
RESPONSE.redirect(SCRIPT_NAME+'/HelpSys/hs_index')
return ''
manage_options =()
filtered_manage_options__roles__=None
def filtered_manage_options(self, REQUEST=None):
def filtered_manage_options(
self, REQUEST=None,
help_option_=({'label': 'Help', 'action': 'manage_help',
'target':"z_help_wnd"},),
):
if REQUEST is None and hasattr(self, 'aq_acquire'):
try: REQUEST=self.aq_acquire('REQUEST')
except: pass
try: user=REQUEST['AUTHENTICATED_USER']
except: user=None
validate=getSecurityManager().validate
result=[]
seen_roles={}
try: options=tuple(self.manage_options)+help_option_
except: options=tuple(self.manage_options())+help_option_
try: options=tuple(self.manage_options)
except: options=tuple(self.manage_options())
for d in options:
label=d.get('label', None)
if (label=='Security'
and hasattr(self, '_isBeingUsedAsAMethod')
and self._isBeingUsedAsAMethod()):
d['label']='Define Permissions'
filter=d.get('filter', None)
if filter is not None and not filter(self):
continue
path=d.get('path', None)
if path is None: path=d['action']
o=self.unrestrictedTraverse(path, None)
if o is None: continue
try:
# Traverse to get the action:
o=self
for a in split(path,'/'):
if not a: continue
if a=='..':
o=o.aq_parent
continue
if hasattr(o, '__bobo_traverse__'):
o=o.__bobo_traverse__(REQUEST, a)
elif hasattr(o,a):
o=getattr(o,a)
else:
o=o[a]
if validate(value=o):
result.append(d)
except:
o=None
if o is None:
continue
result.append(d) # Waaaa
# Get the roles and check for public methods
try: roles=o.__roles__
except: roles=None
if roles is None or 'Anonymous' in roles:
result.append(d)
continue
# Do the validation check, trying to
# optimize things for the common case of
# many actions with the same roles.
for r in roles:
ok=seen_roles.get(r,None)
if ok is None:
if user is None: break
else:
try: ok=user.allowed(o, (r,))
except: ok=0
seen_roles[r]=ok
if ok:
if not hasattr(o, '__roles__'):
result.append(d)
break
return result
......
......@@ -84,8 +84,8 @@
##############################################################################
__doc__='''Zope registerable permissions
$Id: Permission.py,v 1.2 2000/01/10 20:21:11 amos Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
$Id: Permission.py,v 1.3 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.3 $'[11:-2]
import OFS.SimpleItem, Acquisition, Globals, ExtensionClass, AccessControl.Role
......@@ -98,11 +98,15 @@ class Permission(
icon='p_/Permission_icon'
manage_options=(
(
{'label':'Edit', 'action':'manage_main',
'help':('OFSP','Zope-Permission_Edit.dtml')},
{'label':'Security', 'action':'manage_access',
{'label':'Define Permissions', 'action':'manage_access',
'help':('OFSP','Zope-Permission_Define-Permissions.dtml')},
)
)
+OFS.SimpleItem.Item.manage_options
)
def __init__(self, id, title, name):
self.id=id
......
......@@ -107,8 +107,10 @@
import Globals, OFS.Folder, OFS.SimpleItem, os, string, Acquisition, Products
from OFS.Folder import Folder
import regex, zlib, Globals, cPickle, marshal, rotor
import ZClasses, ZClasses.ZClass, AccessControl.Owned
from OFS.Folder import Folder
from string import rfind, atoi, find, strip, join
from Factory import Factory
from Permission import PermissionManager
......@@ -124,24 +126,12 @@ class ProductFolder(Folder):
meta_type ='Product Management'
icon='p_/ProductFolder_icon'
manage_options=(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','Product-Management_Contents.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Product-Management_Properties.dtml')},
{'label':'Import/Export', 'action':'manage_importExportForm',
'help':('OFSP','Product-Management_Import-Export.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Product-Management_Security.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Product-Management_Undo.dtml')},
{'label':'Find', 'action':'manage_findFrame',
'help':('OFSP','Product-Management_Find.dtml')},
)
all_meta_types={'name': 'Product', 'action': 'manage_addProductForm'},
meta_types=all_meta_types
# This prevents subobjects from being owned!
_owner=AccessControl.Owned.UnownableOwner
def _product(self, name): return getattr(self, name)
manage_addProductForm=Globals.HTMLFile('addProduct',globals())
......@@ -192,19 +182,12 @@ class Product(Folder, PermissionManager):
'manage_subclassableClassNames']
manage_options=(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','Product_Contents.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Product_Properties.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Product_Define-Permissions.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Product_Undo.dtml')},
{'label':'Find', 'action':'manage_findFrame',
'help':('OFSP','Product_Find.dtml')},
{'label':'Distribution', 'action':'manage_distributionView',
'help':('OFSP','Product_Distribution.dtml')},
)
Folder.manage_options+
(
{'label':'Distribution', 'action':'manage_distributionView',
'help':('OFSP','Product_Distribution.dtml')},
)
)
manage_distributionView=Globals.HTMLFile('distributionView',globals())
......
......@@ -84,9 +84,8 @@
##############################################################################
__doc__='''short description
$Id: Undo.py,v 1.19 2000/05/09 19:06:39 jim Exp $'''
__version__='$Revision: 1.19 $'[11:-2]
$Id: Undo.py,v 1.20 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.20 $'[11:-2]
import Globals, ExtensionClass
from DateTime import DateTime
......@@ -101,6 +100,11 @@ class UndoSupport(ExtensionClass.Base):
)),
)
manage_options=(
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Undo.dtml')},
)
manage_UndoForm=Globals.HTMLFile(
'undo', globals(),
PrincipiaUndoBatchSize=20,
......
......@@ -84,7 +84,7 @@
##############################################################################
"""Encapsulation of date/time values"""
__version__='$Revision: 1.47 $'[11:-2]
__version__='$Revision: 1.48 $'[11:-2]
import sys, os, math, regex, ts_regex, DateTimeZone
......@@ -477,6 +477,10 @@ class DateTime:
and numeric operations return a new DateTime object rather than
modify the current object."""
# For security machinery:
__roles__=None
__allow_access_to_unprotected_subobjects__=1
def __init__(self,*args):
"""Return a new date-time object
......
......@@ -382,8 +382,8 @@
''' #'
__rcs_id__='$Id: DT_In.py,v 1.38 1999/08/27 14:56:27 petrilli Exp $'
__version__='$Revision: 1.38 $'[11:-2]
__rcs_id__='$Id: DT_In.py,v 1.39 2000/05/11 18:54:14 jim Exp $'
__version__='$Revision: 1.39 $'[11:-2]
from DT_Util import ParseError, parse_params, name_param, str
from DT_Util import render_blocks, InstanceDict, ValidationError
......@@ -592,7 +592,7 @@ class InClass:
client=sequence[index]
if validate is not None:
try: vv=validate(sequence,sequence,index,client,md)
try: vv=validate(sequence,sequence,None,client,md)
except: vv=0
if not vv:
if (params.has_key('skip_unauthorized') and
......@@ -672,7 +672,7 @@ class InClass:
client=sequence[index]
if validate is not None:
try: vv=validate(sequence,sequence,index,client,md)
try: vv=validate(sequence,sequence,None,client,md)
except: vv=0
if not vv:
if (self.args.has_key('skip_unauthorized') and
......
......@@ -82,7 +82,7 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
"$Id: DT_String.py,v 1.34 2000/03/09 20:07:56 brian Exp $"
"$Id: DT_String.py,v 1.35 2000/05/11 18:54:14 jim Exp $"
from string import split, strip
import regex, ts_regex
......@@ -464,8 +464,6 @@ class String:
if globals: push(globals)
if mapping:
push(mapping)
if hasattr(mapping,'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=mapping['AUTHENTICATED_USER']
md.validate=self.validate
if client is not None:
if type(client)==type(()):
......
......@@ -82,8 +82,8 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
'''$Id: DT_Util.py,v 1.61 1999/10/22 18:08:45 jim Exp $'''
__version__='$Revision: 1.61 $'[11:-2]
'''$Id: DT_Util.py,v 1.62 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.62 $'[11:-2]
import regex, string, math, os
from string import strip, join, atoi, lower, split, find
......@@ -163,7 +163,7 @@ def careful_getitem(md, mapping, key):
if type(v) is type(''): return v # Short-circuit common case
validate=md.validate
if validate is None or validate(mapping,mapping,key,v,md): return v
if validate is None or validate(mapping,mapping,None,v,md): return v
raise ValidationError, key
def careful_getslice(md, seq, *indexes):
......@@ -179,7 +179,7 @@ def careful_getslice(md, seq, *indexes):
validate=md.validate
if validate is not None:
for e in v:
if not validate(seq,seq,'',e,md):
if not validate(seq,seq,None,e,md):
raise ValidationError, 'unauthorized access to slice member'
return v
......@@ -201,7 +201,6 @@ def careful_range(md, iFirst, *args):
if iLen >= RANGELIMIT: raise ValueError, 'range() too large'
return range(iStart, iEnd, iStep)
import string, math, whrandom
try:
......@@ -210,6 +209,7 @@ try:
from cDocumentTemplate import cDocument
except: from pDocumentTemplate import InstanceDict, TemplateDict, render_blocks
d=TemplateDict.__dict__
for name in ('None', 'abs', 'chr', 'divmod', 'float', 'hash', 'hex', 'int',
'len', 'max', 'min', 'oct', 'ord', 'round', 'str'):
......@@ -224,8 +224,6 @@ def careful_pow(self, x, y, z):
d['pow']=careful_pow
try:
import random
d['random']=random
......
......@@ -105,8 +105,8 @@
'''
__rcs_id__='$Id: DT_With.py,v 1.10 1999/03/10 00:15:08 klm Exp $'
__version__='$Revision: 1.10 $'[11:-2]
__rcs_id__='$Id: DT_With.py,v 1.11 2000/05/11 18:54:14 jim Exp $'
__version__='$Revision: 1.11 $'[11:-2]
from DT_Util import parse_params, name_param, InstanceDict, render_blocks, str
from DT_Util import TemplateDict
......@@ -139,8 +139,6 @@ class With:
if self.only:
_md=md
md=TemplateDict()
if hasattr(_md, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=_md.AUTHENTICATED_USER
if hasattr(_md, 'validate'):
md.validate=_md.validate
......
......@@ -84,7 +84,7 @@
****************************************************************************/
static char cDocumentTemplate_module_documentation[] =
""
"\n$Id: cDocumentTemplate.c,v 1.31 2000/01/04 16:24:42 jim Exp $"
"\n$Id: cDocumentTemplate.c,v 1.32 2000/05/11 18:54:14 jim Exp $"
;
#include "ExtensionClass.h"
......@@ -1063,11 +1063,13 @@ void
initcDocumentTemplate()
{
PyObject *m, *d;
char *rev="$Revision: 1.31 $";
char *rev="$Revision: 1.32 $";
PURE_MIXIN_CLASS(cDocument,
"Base class for documents that adds fast validation method",
Document_methods);
DictInstanceType.ob_type=&PyType_Type;
UNLESS(py_isDocTemp=PyString_FromString("isDocTemp")) return;
UNLESS(py_blocks=PyString_FromString("blocks")) return;
UNLESS(py_acquire=PyString_FromString("aq_acquire")) return;
......
......@@ -85,9 +85,8 @@
__doc__='''Application support
$Id: Application.py,v 1.122 2000/05/04 15:31:44 shane Exp $'''
__version__='$Revision: 1.122 $'[11:-2]
$Id: Application.py,v 1.123 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.123 $'[11:-2]
import Globals,Folder,os,sys,App.Product, App.ProductRegistry, misc_
import time, traceback, os, string, Products
......@@ -193,6 +192,9 @@ class Application(Globals.ApplicationDefaultPermissions,
__allow_groups__=UserFolder()
def title_and_id(self): return self.title
def title_or_id(self): return self.title
def __init__(self):
# Initialize users
self.__allow_groups__=UserFolder()
......
......@@ -83,13 +83,14 @@
#
##############################################################################
__doc__="""Copy interface"""
__version__='$Revision: 1.47 $'[11:-2]
__version__='$Revision: 1.48 $'[11:-2]
import sys, string, Globals, Moniker, tempfile, ExtensionClass
from marshal import loads, dumps
from urllib import quote, unquote
from zlib import compress, decompress
from App.Dialogs import MessageDialog
from AccessControl import getSecurityManager
CopyError='Copy Error'
......@@ -341,35 +342,11 @@ class CopyContainer(ExtensionClass.Base):
if method_name is not None:
meth=None
if hasattr(self, method_name):
meth=getattr(self, method_name)
else:
# Handle strange names that come from the Product
# machinery ;(
mn=string.split(method_name, '/')
if len(mn) > 1:
pname= mn[1]
product=self.manage_addProduct[pname]
fname=mn[2]
factory=getattr(product, fname)
try: meth=getattr(factory, factory.initial)
except: meth=factory
# if we still have a factory, get the add method
try: meth=getattr(meth, meth.initial)
except: pass
if hasattr(meth, '__roles__'):
roles=meth.__roles__
user=REQUEST.get('AUTHENTICATED_USER', None)
if (not hasattr(user, 'has_role') or
not user.has_role(roles, self)):
raise 'Unauthorized', (
"""You are not authorized to perform this
operation."""
)
meth=self.unrestrictedTraverse(method_name)
if getSecurityManager().validateValue(meth):
return
raise CopyError, MessageDialog(
title='Not Supported',
message='The object <EM>%s</EM> does not support this ' \
......
......@@ -84,7 +84,7 @@
##############################################################################
"""DTML Document objects."""
__version__='$Revision: 1.32 $'[11:-2]
__version__='$Revision: 1.33 $'[11:-2]
from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
from ZPublisher.Converters import type_converters
from Globals import HTML, HTMLFile, MessageDialog
......@@ -96,6 +96,7 @@ from sgmllib import SGMLParser
from string import find
from urllib import quote
import Globals
from AccessControl import getSecurityManager
done='done'
......@@ -107,19 +108,10 @@ class DTMLDocument(PropertyManager, DTMLMethod):
meta_type='DTML Document'
icon ='p_/dtmldoc'
manage_options=({'label':'Edit', 'action':'manage_main',
'help':('OFSP','DTML-Document_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','DTML-Document_Upload.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','DTML-Document_Properties.dtml')},
{'label':'View', 'action':'',
'help':('OFSP','DTML-Document_View.dtml')},
{'label':'Proxy', 'action':'manage_proxyForm',
'help':('OFSP','DTML-Document_Proxy.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','DTML-Document_Security.dtml')},
)
manage_options=(
DTMLMethod.manage_options+
PropertyManager.manage_options
)
__ac_permissions__=(
('Change DTML Documents', ('manage_edit', 'manage_upload', 'PUT')),
......@@ -163,6 +155,10 @@ class DTMLDocument(PropertyManager, DTMLMethod):
kw['document_title']=self.title
if hasattr(self, 'aq_explicit'): bself=self.aq_explicit
else: bself=self
security=getSecurityManager()
security.addContext(self)
if client is None:
# Called as subtemplate, so don't need error propigation!
r=apply(HTML.__call__, (self, bself, REQUEST), kw)
......
......@@ -84,7 +84,7 @@
##############################################################################
"""DTML Method objects."""
__version__='$Revision: 1.42 $'[11:-2]
__version__='$Revision: 1.43 $'[11:-2]
from Globals import HTML, HTMLFile, MessageDialog
from string import join,split,strip,rfind,atoi,lower
......@@ -93,12 +93,13 @@ from OFS.content_types import guess_content_type
from DocumentTemplate.DT_Util import cDocument
from PropertyManager import PropertyManager
from AccessControl.Role import RoleManager
from AccessControl.User import verify_watermark
from webdav.common import rfc1123_date
from ZDOM import ElementWithTitle
from DateTime.DateTime import DateTime
from urllib import quote
import ts_regex, Globals, sys, Acquisition
from AccessControl import getSecurityManager
class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
......@@ -115,17 +116,20 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
func_code.co_varnames='self','REQUEST','RESPONSE'
func_code.co_argcount=3
manage_options=({'label':'Edit', 'action':'manage_main',
'help':('OFSP','DTML-Method_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','DTML-Method_Upload.dtml')},
{'label':'View', 'action':'',
'help':('OFSP','DTML-Method_View.dtml')},
{'label':'Proxy', 'action':'manage_proxyForm',
'help':('OFSP','DTML-Method_Proxy.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','DTML-Method_Security.dtml')},
)
manage_options=(
(
{'label':'Edit', 'action':'manage_main',
'help':('OFSP','DTML-DocumentOrMethod_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','DTML-DocumentOrMethod_Upload.dtml')},
{'label':'View', 'action':'',
'help':('OFSP','DTML-DocumentOrMethod_View.dtml')},
{'label':'Proxy', 'action':'manage_proxyForm',
'help':('OFSP','DTML-DocumentOrMethod_Proxy.dtml')},
)
+RoleManager.manage_options
+Item_w__name__.manage_options
)
__ac_permissions__=(
('View management screens',
......@@ -143,20 +147,22 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
kw['document_id'] =self.id
kw['document_title']=self.title
# Verify the authenticated user object.
if REQUEST.has_key('AUTHENTICATED_USER'):
verify_watermark(REQUEST['AUTHENTICATED_USER'])
security=getSecurityManager()
security.addContext(self)
try:
if client is None:
# Called as subtemplate, so don't need error propigation!
r=apply(HTML.__call__, (self, client, REQUEST), kw)
if RESPONSE is None: return r
return decapitate(r, RESPONSE)
if client is None:
# Called as subtemplate, so don't need error propigation!
r=apply(HTML.__call__, (self, client, REQUEST), kw)
if type(r) is not type(''): return r
if RESPONSE is None: return r
return decapitate(r, RESPONSE)
r=apply(HTML.__call__, (self, client, REQUEST), kw)
if type(r) is not type(''): return r
if RESPONSE is None: return r
finally: security.removeContext(self)
# Ick. I don't like this. But someone can override it with
# a header if they have to.
......@@ -170,54 +176,8 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
return len(self.raw)
getSize=get_size
def oldvalidate(self, inst, parent, name, value, md):
#################################################################
# Note that this method is not used normally. It is simply a
# Python rendition of the validate method implemented in
# DocumentTemplate.cDocumentTemplate. The Python version
# serves the role of a requirements spec for the C version and
# can also be useful (if temporarily renamed to validate) for
# debugging.
#################################################################
try:
if (name[:3]=='aq_' and
name != 'aq_parent' and name != 'aq_explicit'):
return 0
except: pass # name might not be a string!
# Try to get roles
if hasattr(value, '__roles__'): roles=value.__roles__
else:
if hasattr(parent,'__roles__'): roles=parent.__roles__
elif hasattr(parent, 'aq_acquire'):
try: roles=parent.aq_acquire('__roles__')
except AttributeError:
if hasattr(inst, 'aq_base'): inst=inst.aq_base
if hasattr(parent, 'aq_base'): parent=parent.aq_base
return inst is parent
else:
if hasattr(inst, 'aq_base'): inst=inst.aq_base
if hasattr(parent, 'aq_base'): parent=parent.aq_base
return inst is parent
value=parent
if roles is None: return 1
try:
if md.AUTHENTICATED_USER.hasRole(value, roles):
return 1
except AttributeError: pass
for r in self._proxy_roles:
if r in roles: return 1
if inst is parent:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
manage_editForm=HTMLFile('documentEdit', globals())
manage_uploadForm=HTMLFile('documentUpload', globals())
......@@ -285,16 +245,14 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
def _validateProxy(self, request, roles=None):
if roles is None: roles=self._proxy_roles
if not roles: return
user=u=request.get('AUTHENTICATED_USER',None)
if user is not None:
verify_watermark(user)
user=user.hasRole
for r in roles:
if r and not user(self, (r,)):
user=None
break
if user is not None: return
user=u=getSecurityManager().getUser()
user=user.hasRole
for r in roles:
if r and not user(self, (r,)):
user=None
break
if user is not None: return
raise 'Forbidden', (
'You are not authorized to change <em>%s</em> because you '
......
......@@ -83,7 +83,7 @@
#
##############################################################################
__doc__="""Find support"""
__version__='$Revision: 1.15 $'[11:-2]
__version__='$Revision: 1.16 $'[11:-2]
import sys, os, string, time, Globals, ExtensionClass
......@@ -93,8 +93,7 @@ from Globals import HTMLFile
from DocumentTemplate.DT_Util import InstanceDict, TemplateDict, cDocument
from DateTime import DateTime
from string import find
from AccessControl import getSecurityManager
class FindSupport(ExtensionClass.Base):
"""Find support for Zope Folders"""
......@@ -110,6 +109,11 @@ class FindSupport(ExtensionClass.Base):
'manage_findResult')),
)
manage_options=(
{'label':'Find', 'action':'manage_findFrame', 'target':'manage_main',
'help':('OFSP','Find.dtml')},
)
def ZopeFind(self, obj, obj_ids=None, obj_metatypes=None,
obj_searchterm=None, obj_expr=None,
obj_mtime=None, obj_mspec=None,
......@@ -136,8 +140,6 @@ class FindSupport(ExtensionClass.Base):
if obj_expr:
# Setup expr machinations
md=td()
if hasattr(REQUEST, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER
obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop)
base=obj
......@@ -230,8 +232,6 @@ class FindSupport(ExtensionClass.Base):
if obj_expr:
# Setup expr machinations
md=td()
if hasattr(REQUEST, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER
obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop)
base=obj
......@@ -299,9 +299,10 @@ class FindSupport(ExtensionClass.Base):
class td(TemplateDict, cDocument):
pass
class td(TemplateDict):
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
def expr_match(ob, ed, c=InstanceDict, r=0):
......
......@@ -87,17 +87,15 @@
Folders are the basic container objects and are analogous to directories.
$Id: Folder.py,v 1.86 2000/03/28 16:58:55 michel Exp $"""
$Id: Folder.py,v 1.87 2000/05/11 18:54:14 jim Exp $"""
__version__='$Revision: 1.86 $'[11:-2]
__version__='$Revision: 1.87 $'[11:-2]
import Globals, SimpleItem, ObjectManager, PropertyManager
import AccessControl.Role, webdav.Collection, FindSupport
import Globals, SimpleItem
from ObjectManager import ObjectManager
from PropertyManager import PropertyManager
from AccessControl.Role import RoleManager
from webdav.Collection import Collection
from FindSupport import FindSupport
from Globals import HTMLFile
from AccessControl import getSecurityManager
manage_addFolderForm=HTMLFile('folderAdd', globals())
......@@ -116,29 +114,37 @@ def manage_addFolder(self, id, title='',
ob.id=id
ob.title=title
self._setObject(id, ob)
try: user=REQUEST['AUTHENTICATED_USER']
except: user=None
ob=self._getOb(id)
checkPermission=getSecurityManager().checkPermission
if createUserF:
if (user is not None) and not (
user.has_permission('Add User Folders', self)):
if not checkPermission('Add User Folders', ob):
raise 'Unauthorized', (
'You are not authorized to add User Folders.'
)
ob.manage_addUserFolder()
if createPublic:
if (user is not None) and not (
user.has_permission('Add Documents, Images, and Files', self)):
if not checkPermission('Add Documents, Images, and Files', ob):
raise 'Unauthorized', (
'You are not authorized to add DTML Documents.'
)
ob.manage_addDTMLDocument(id='index_html', title='')
if REQUEST is not None:
return self.manage_main(self, REQUEST, update_menu=1)
class Folder(ObjectManager, PropertyManager, RoleManager, Collection,
SimpleItem.Item, FindSupport):
class Folder(
ObjectManager.ObjectManager,
PropertyManager.PropertyManager,
AccessControl.Role.RoleManager,
webdav.Collection.Collection,
SimpleItem.Item,
FindSupport.FindSupport,
):
"""
Folders are basic container objects that provide a standard
interface for object management. Folder objects also implement
......@@ -149,21 +155,16 @@ class Folder(ObjectManager, PropertyManager, RoleManager, Collection,
_properties=({'id':'title', 'type': 'string'},)
manage_options=(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','Folder_Contents.dtml')},
ObjectManager.ObjectManager.manage_options+
PropertyManager.PropertyManager.manage_options+
(
{'label':'View', 'action':'index_html',
'help':('OFSP','Folder_View.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Folder_Properties.dtml')},
{'label':'Import/Export', 'action':'manage_importExportForm',
'help':('OFSP','Folder_Import-Export.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Folder_Security.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Folder_Undo.dtml')},
{'label':'Find', 'action':'manage_findFrame', 'target':'manage_main',
'help':('OFSP','Folder_Find.dtml')},
)
)+
FindSupport.FindSupport.manage_options+
AccessControl.Role.RoleManager.manage_options+
SimpleItem.Item.manage_options
)
__ac_permissions__=()
......
......@@ -84,7 +84,7 @@
##############################################################################
"""Image object"""
__version__='$Revision: 1.99 $'[11:-2]
__version__='$Revision: 1.100 $'[11:-2]
import Globals, string, struct, content_types
from OFS.content_types import guess_content_type
......@@ -136,18 +136,20 @@ class File(Persistent,Implicit,PropertyManager,
manage_editForm =HTMLFile('fileEdit',globals(),Kind='File',kind='file')
manage_uploadForm=HTMLFile('imageUpload',globals(),Kind='File',kind='file')
manage=manage_main=manage_editForm
manage_options=({'label':'Edit', 'action':'manage_main',
'help':('OFSP','File_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','File_Upload.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','File_Properties.dtml')},
{'label':'View', 'action':'',
'help':('OFSP','File_View.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','File_Security.dtml')},
)
manage_options=(
(
{'label':'Edit', 'action':'manage_main',
'help':('OFSP','File_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','File_Upload.dtml')},
{'label':'View', 'action':'',
'help':('OFSP','File_View.dtml')},
)
+PropertyManager.manage_options
+Item_w__name__.manage_options
+RoleManager.manage_options
)
__ac_permissions__=(
('View management screens',
......@@ -434,18 +436,17 @@ class Image(File):
{'id':'height', 'type':'string'},
{'id':'width', 'type':'string'},
)
manage_options=({'label':'Edit', 'action':'manage_main',
'help':('OFSP','Image_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','Image_Upload.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Image_Properties.dtml')},
{'label':'View', 'action':'view_image_or_file',
'help':('OFSP','Image_View.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Image_Security.dtml')},
)
# Grrrrr, need to replace the view option.
manage_options=tuple(map(
lambda o:
(o['label']=='View'
and
{'label':'View', 'action':'view_image_or_file',
'help':('OFSP','Image_View.dtml')}
or o)
, File.manage_options))
manage_editForm =HTMLFile('imageEdit',globals(),Kind='Image',kind='image')
view_image_or_file =HTMLFile('imageView',globals())
......
......@@ -84,11 +84,11 @@
##############################################################################
__doc__="""Object Manager
$Id: ObjectManager.py,v 1.88 2000/05/11 16:24:44 tseaver Exp $"""
$Id: ObjectManager.py,v 1.89 2000/05/11 18:54:14 jim Exp $"""
__version__='$Revision: 1.88 $'[11:-2]
__version__='$Revision: 1.89 $'[11:-2]
import App.Management, Acquisition, App.Undo, Globals, CopySupport, Products
import App.Management, Acquisition, Globals, CopySupport, Products
import os, App.FactoryDispatcher, ts_regex, Products
from Globals import HTMLFile, HTMLFile, Persistent
from Globals import MessageDialog, default__class_init__
......@@ -98,6 +98,7 @@ from urllib import quote
from cStringIO import StringIO
import marshal
import App.Common
from AccessControl import getSecurityManager
bad_id=ts_regex.compile('[^a-zA-Z0-9-_~\,\. ]').search #TS
......@@ -108,7 +109,6 @@ class ObjectManager(
App.Management.Tabs,
Acquisition.Implicit,
Persistent,
App.Undo.UndoSupport,
Collection,
):
"""Generic object manager
......@@ -139,10 +139,12 @@ class ObjectManager(
manage_main=HTMLFile('main', globals())
manage_options=(
{'label':'Contents', 'action':'manage_main'},
)
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','ObjectManager_Contents.dtml')},
{'label':'Import/Export', 'action':'manage_importExportForm',
'help':('OFSP','ObjectManager_Import-Export.dtml')},
)
isAnObjectManager=1
......@@ -175,8 +177,11 @@ class ObjectManager(
)
def filtered_meta_types(self, user):
def filtered_meta_types(self, user=None):
"Those meta types for which a user has adequite permissions."
user=getSecurityManager().getUser()
meta_types=[]
if callable(self.all_meta_types):
all=self.all_meta_types()
......@@ -235,14 +240,14 @@ class ObjectManager(
self._objects=self._objects+({'id':id,'meta_type':t},)
self._setOb(id,object)
object=self._getOb(id)
object.manage_fixupOwnershipAfterAdd()
object.manage_afterAdd(object, self)
# Try to give user the local role "Owner", but only if
# no local roles have been set on the object yet.
if hasattr(self, 'REQUEST') and type(self.REQUEST) != type('') and \
hasattr(object, '__ac_local_roles__'):
if hasattr(object, '__ac_local_roles__'):
if object.__ac_local_roles__ is None:
user=self.REQUEST['AUTHENTICATED_USER']
user=getSecurityManager().getUser()
name=user.getUserName()
if name != 'Anonymous User':
object.manage_setLocalRoles(name, ['Owner'])
......@@ -537,10 +542,10 @@ class ObjectManager(
# check to see if we are acquiring our objectValues or not
if not (len(REQUEST.PARENTS) > 1 and
self.objectValues() == REQUEST.PARENTS[1].objectValues()):
if REQUEST['AUTHENTICATED_USER'].allowed(
self.manage_FTPlist,
self.manage_FTPlist.__roles__):
mode=mode | 0770
try:
if getSecurityManager().validateValue(self.manage_FTPlist):
mode=mode | 0770
except: pass
if nobody.allowed(
self.manage_FTPlist,
self.manage_FTPlist.__roles__):
......
......@@ -84,7 +84,7 @@
##############################################################################
"""Property management"""
__version__='$Revision: 1.19 $'[11:-2]
__version__='$Revision: 1.20 $'[11:-2]
import ExtensionClass, Globals
import ZDOM
......@@ -161,6 +161,12 @@ class PropertyManager(ExtensionClass.Base, ZDOM.ElementWithAttributes):
'manage_delProperties',
'manage_changeProperties',)),
"""
manage_options=(
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Properties.dtml')},
)
manage_propertiesForm=HTMLFile('properties', globals(),
property_extensible_schema__=1)
......
......@@ -89,11 +89,11 @@ Aqueduct database adapters, etc.
This module can also be used as a simple template for implementing new
item types.
$Id: SimpleItem.py,v 1.68 2000/04/04 22:41:52 jim Exp $'''
__version__='$Revision: 1.68 $'[11:-2]
$Id: SimpleItem.py,v 1.69 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.69 $'[11:-2]
import regex, sys, Globals, App.Management, Acquisition
import AccessControl.Role
import regex, sys, Globals, App.Management, Acquisition, App.Undo
import AccessControl.Role, AccessControl.Owned, App.Common
from webdav.Resource import Resource
from ExtensionClass import Base
from DateTime import DateTime
......@@ -102,20 +102,24 @@ from string import join, lower, find, split
from types import InstanceType, StringType
from ComputedAttribute import ComputedAttribute
from urllib import quote
import App.Common
from AccessControl import getSecurityManager
import marshal
import ZDOM
HTML=Globals.HTML
_marker=[]
StringType=type('')
class Item(Base, Resource, CopySource, App.Management.Tabs,
ZDOM.Element):
ZDOM.Element,
AccessControl.Owned.Owned,
App.Undo.UndoSupport,
):
"""A common base class for simple, non-container objects."""
isPrincipiaFolderish=0
isTopLevelPrincipiaApplicationObject=0
def manage_afterAdd(self, item, container): pass
def manage_beforeDelete(self, item, container): pass
def manage_afterClone(self, item): pass
......@@ -140,11 +144,17 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
# Default propertysheet info:
__propsets__=()
manage_options=()
manage_options=(
App.Undo.UndoSupport.manage_options
+AccessControl.Owned.Owned.manage_options
)
# Attributes that must be acquired
REQUEST=Acquisition.Acquired
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
getPhysicalRoot=Acquisition.Acquired
getPhysicalRoot__roles__=()
......@@ -268,21 +278,28 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
"psuedo stat, used by FTP for directory listings"
from AccessControl.User import nobody
mode=0100000
# check read permissions
if hasattr(self.aq_base,'manage_FTPget') and \
hasattr(self.manage_FTPget, '__roles__'):
if REQUEST['AUTHENTICATED_USER'].allowed(self.manage_FTPget,
self.manage_FTPget.__roles__):
mode=mode | 0440
if nobody.allowed(self.manage_FTPget, self.manage_FTPget.__roles__):
if (hasattr(self.aq_base,'manage_FTPget') and
hasattr(self.manage_FTPget, '__roles__')):
try:
if getSecurityManager().validateValue(self.manage_FTPget):
mode=mode | 0440
except: pass
if nobody.allowed(self.manage_FTPget,
self.manage_FTPget.__roles__):
mode=mode | 0004
# check write permissions
if hasattr(self.aq_base,'PUT') and hasattr(self.PUT, '__roles__'):
if REQUEST['AUTHENTICATED_USER'].allowed(self.PUT,
self.PUT.__roles__):
mode=mode | 0220
try:
if getSecurityManager().validateValue(self.PUT):
mode=mode | 0220
except: pass
if nobody.allowed(self.PUT, self.PUT.__roles__):
mode=mode | 0002
# get size
if hasattr(self, 'get_size'):
size=self.get_size()
......@@ -332,12 +349,31 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
unrestrictedTraverse__roles__=()
def unrestrictedTraverse(self, path, default=_marker):
if not path: return self
object = self
get=getattr
N=None
M=_marker
if type(path) is StringType: path=split(path,'/')
else: path=list(path)
REQUEST={'path': path}
path.reverse()
pop=path.pop
try:
for name in path:
while path:
name=pop()
if name=='..':
o=getattr(object, 'aq_parent', M)
if o is not M:
object=o
continue
t=get(object, '__bobo_traverse__', N)
if t is not N:
object=t(N, name)
......@@ -416,7 +452,6 @@ def pretty_tb(t,v,tb):
tb=join(tb,'\n')
return tb
class SimpleItem(Item, Globals.Persistent,
Acquisition.Implicit,
AccessControl.Role.RoleManager,
......@@ -425,7 +460,7 @@ class SimpleItem(Item, Globals.Persistent,
"""Mix-in class combining the most common set of basic mix-ins
"""
manage_options=(
manage_options=Item.manage_options+(
{'label':'Security', 'action':'manage_access'},
)
......
......@@ -6,11 +6,10 @@
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<dtml-var manage_tabs>
<P>
Proxy Roles allow a DTML Document or Method to access
restricted Zope resources. Normally a DTML Method or Document
can only access resources for which the user is authorized.
By adding Proxy Roles, you allow the DTML Document or Method
to act with additional roles, beyond what the user may have.
Proxy roles allow you to control the access that a DTML document or
method has. Proxy roles replace the roles of the user who is viewing
the document or method. This can be used to both expand and limit
access to resources.
</P>
<P>Use the form below to select which roles this DTML document
......
......@@ -42,7 +42,7 @@ information for the Folder.
</TR>
<TR><TD COLSPAN="2"><BR></TD></TR>
<dtml-if "AUTHENTICATED_USER.has_permission('Add Documents, Images, and Files',this())">
<dtml-if "_.SecurityCheckPermission('Add Documents, Images, and Files',this())">
<TR>
<TD ALIGN="TOP" COLSPAN="2">
<INPUT TYPE="CHECKBOX" NAME="createPublic:int" VALUE="1" CHECKED ID="cbCreatePublic">
......@@ -51,7 +51,7 @@ information for the Folder.
</TR>
</dtml-if>
<dtml-if "AUTHENTICATED_USER.has_permission('Add User Folders',this())">
<dtml-if "_.SecurityCheckPermission('Add User Folders',this())">
<TR>
<TD ALIGN="TOP" COLSPAN="2">
<INPUT TYPE="CHECKBOX" NAME="createUserF:int" VALUE="1" CHECKED ID="cbCreateUserF">
......
......@@ -54,10 +54,10 @@
<INPUT TYPE="SUBMIT" NAME="manage_pasteObjects:method" VALUE="Paste">
</dtml-if>
</dtml-unless>
<dtml-if "AUTHENTICATED_USER.has_permission('Delete objects', this())">
<dtml-if "_.SecurityCheckPermission('Delete objects',this())">
<INPUT TYPE="SUBMIT" NAME="manage_delObjects:method" VALUE="Delete">
</dtml-if>
<dtml-if "AUTHENTICATED_USER.has_permission('Import/Export objects', this())">
<dtml-if "_.SecurityCheckPermission('Import/Export objects', this())">
<INPUT TYPE="SUBMIT" NAME="manage_importExportForm:method" VALUE="Export...">
</dtml-if>
</TD>
......@@ -79,9 +79,9 @@ There are currently no items in <EM><dtml-var title_or_id></EM>
</dtml-if>
</FORM>
<dtml-if "filtered_meta_types(AUTHENTICATED_USER)">
<dtml-if filtered_meta_types>
<dtml-if "_.len(filtered_meta_types(AUTHENTICATED_USER)) > 1">
<dtml-if "_.len(filtered_meta_types) > 1">
<TABLE ALIGN="LEFT">
<TR>
<TD VALIGN="MIDDLE">
......@@ -95,7 +95,7 @@ There are currently no items in <EM><dtml-var title_or_id></EM>
<SELECT NAME=":method" ONCHANGE="location.href='<dtml-var URL1
>/'+this.options[this.selectedIndex].value">
<OPTION value="manage_workspace" DISABLED>Available Objects
<dtml-in "filtered_meta_types(AUTHENTICATED_USER)" mapping sort=name>
<dtml-in filtered_meta_types mapping sort=name>
<OPTION value="<dtml-var action fmt="url-quote">"><dtml-var name>
</dtml-in>
</SELECT>
......@@ -107,7 +107,7 @@ There are currently no items in <EM><dtml-var title_or_id></EM>
<dtml-else>
<FORM ACTION="<dtml-var URL1>/" METHOD="GET">
To add a new item click &quot;Add&quot;.
<dtml-in "filtered_meta_types(AUTHENTICATED_USER)" mapping sort=name>
<dtml-in filtered_meta_types mapping sort=name>
<input type=hidden name=":method" value="<dtml-var action fmt="url-quote">">
<INPUT TYPE="SUBMIT" VALUE=" Add ">
</dtml-in>
......
......@@ -88,7 +88,7 @@
This product provides support for external methods, which allow
domain-specific customization of web environments.
"""
__version__='$Revision: 1.36 $'[11:-2]
__version__='$Revision: 1.37 $'[11:-2]
from Globals import Persistent, HTMLFile, MessageDialog, HTML
import OFS.SimpleItem, Acquisition
from string import split, join, find, lower
......@@ -152,12 +152,14 @@ class ExternalMethod(OFS.SimpleItem.Item, Persistent, Acquisition.Explicit,
HelpSys=Acquisition.Acquired
manage_options=(
(
{'label':'Properties', 'action':'manage_main',
'help':('ExternalMethod','External-Method_Properties.dtml')},
{'label':'Try It', 'action':'',
'help':('ExternalMethod','External-Method_Try-It.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('ExternalMethod','External-Method_Security.dtml')},
)
+OFS.SimpleItem.Item.manage_options
+AccessControl.Role.RoleManager.manage_options
)
__ac_permissions__=(
......
......@@ -82,7 +82,10 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
"""SMTP mail objects"""
"""SMTP mail objects
$Id: MailHost.py,v 1.48 2000/05/11 18:54:15 jim Exp $"
__version__ = "$Revision: 1.48 $"[11:-2]
from Globals import Persistent, HTMLFile, HTML, MessageDialog
from smtplib import SMTP
......@@ -93,8 +96,6 @@ import OFS.SimpleItem, re, quopri, rfc822
import Globals
from cStringIO import StringIO
#$Id: MailHost.py,v 1.47 2000/04/21 14:10:20 tseaver Exp $
__version__ = "$Revision: 1.47 $"[11:-2]
smtpError = "SMTP Error"
MailHostError = "MailHost Error"
......@@ -118,16 +119,18 @@ class MailBase(Acquisition.Implicit, OFS.SimpleItem.Item, RoleManager):
timeout=1.0
manage_options=({'icon':'', 'label':'Edit',
'action':'manage_main', 'target':'manage_main',
'help':('MailHost','Mail-Host_Edit.dtml')},
{'icon':'', 'label':'Security',
'action':'manage_access', 'target':'manage_main',
'help':('MailHost','Mail-Host_Security.dtml')},
)
manage_options=(
(
{'icon':'', 'label':'Edit',
'action':'manage_main', 'target':'manage_main',
'help':('MailHost','Mail-Host_Edit.dtml')},
)
+OFS.SimpleItem.Item.manage_options
+RoleManager.manage_options
)
__ac_permissions__=(
('View management screens', ('manage',)),
('View management screens', ('manage','manage_main')),
('Change configuration', ('manage_makeChanges',)),
('Use mailhost services',('',)),
)
......@@ -221,10 +224,14 @@ class MailBase(Acquisition.Implicit, OFS.SimpleItem.Item, RoleManager):
smtpserver.sendmail(headers['from'], headers['to'], messageText)
def simple_send(self, mto, mfrom, subject, body):
body="from: %s\nto: %s\nsubject: %s\n\n%s" % (mfrom, mto, subject, body)
body="from: %s\nto: %s\nsubject: %s\n\n%s" % (
mfrom, mto, subject, body)
mailserver = SMTP(self.smtphost, self.smtpport)
mailserver.sendmail(mfrom, mto, body)
Globals.default__class_init__(MailBase)
class MailHost(Persistent, MailBase):
"persistent version"
......
......@@ -84,7 +84,7 @@
##############################################################################
"""Version object"""
__version__='$Revision: 1.37 $'[11:-2]
__version__='$Revision: 1.38 $'[11:-2]
import Globals, time
from AccessControl.Role import RoleManager
......@@ -111,14 +111,16 @@ class Version(Persistent,Implicit,RoleManager,Item):
meta_type='Version'
manage_options=(
(
{'label':'Join/Leave', 'action':'manage_main',
'help':('OFSP','Version_Join-Leave.dtml')},
{'label':'Save/Discard', 'action':'manage_end',
'help':('OFSP','Version_Save-Discard.dtml')},
{'label':'Properties', 'action':'manage_editForm',
'help':('OFSP','Version_Properties.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Version_Security.dtml')},
)
+Item.manage_options
+RoleManager.manage_options
)
__ac_permissions__=(
......
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Advanced Find</h1>
<dtml-var standard_html_header><h1>Advanced Find</h1>
<p> This view allows you to search for Zope objects. </p>
<p> To find objects you specify search criteria in the top frame and
then click the <tt>Find</tt> button. The find results will appear in
......@@ -21,4 +20,4 @@
restrict found objects to those for which the selected roles have the selected
permission. Finally you may choose to either the <tt>Search only in this
folder</tt> or the <tt>Search all subfolders</tt> radio box to
control where Zope should look for found items. </p><dtml-var standard_html_footer>
\ No newline at end of file
control where Zope should look for found items. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Common-Instance-Property-Sheet.dtml">Common Instance Property Sheet</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Control-Panel.dtml">Control Panel</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Edit</h1>
<p> This view allows you to edit the contents of a document. </p>
DTML
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
Edit</h1>
<p> This view allows you to edit the contents of a DTML document or method. </p>
<p> The <tt>id</tt> field indicates the id of the document.
The <tt>Title</tt> field allows you to edit the title of the
document. The <tt>Size</tt> field indicates the size of the
......@@ -11,4 +15,4 @@
click the <tt>Taller</tt>, <tt>Shorter</tt>,
<tt>Wider</tt>, or <tt>Narrower</tt> buttons repeatedly
until the size is correctly adjusted. To change the contents of the document
click the <tt>Change</tt> button. </p><dtml-var standard_html_footer>
\ No newline at end of file
click the <tt>Change</tt> button. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
DTML
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
Proxy</h1>
<p> This view allows you to manage proxy roles for a document or method. </p>
<p>
Proxy roles replace the roles of the user who is viewing the
document or method to allow the document additional access or to limit the
access the document or method has.
</p>
<p>
To see how proxy roles can be used to limit access, suppose we want to
assure that a document can only access public resources. We might do
this if we allowed untrusted users to edit the document. All we need
to do is to set the proxy roles to Anonymous. As long as we don't let
untrusted users change the proxy roles, we can let them edit the
document freely without worrying about giving them the ability to have
protected resources accessed when the document is viewed.
</p>
<p>
To see how proxy roles can be used to grant access, we might have a
method that performs some management task for an unpriviledged user.
For example, we might have a method that creates a folder for a user
and makes them the owner. The method needs to call the
'manage_addFolder' method to add the folder. Perhaps the
'manage_addFolder' requires the 'Manager' role. Simply give the method
the 'Manager' proxy role. This effectively allows the unpriviledged
user to create a folder, but only though the special method.
</p>
<p> Select the role(s) you wish to assign to the document from the
<tt>Proxy Roles</tt> multiple select list and click the
<tt>Change</tt> button to set proxy roles for the document. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Upload</h1>
<p> This view allows you to upload document files. </p>
<p> Use this view to completely replace the contents of a document
DTML
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
Upload</h1>
<p> This view allows you to upload DTML files. </p>
<p> Use this view to completely replace the contents of a document or method
with the contents of an uploaded text file from your local computer. Click the
<tt>Browse...</tt> button to locate a file to upload. Click the
<tt>Change</tt> button to replace the document's contents with the
uploaded file. </p><dtml-var standard_html_footer>
\ No newline at end of file
uploaded file. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
DTML
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
View</h1>
<p> This view allows you to preview the document or method. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Proxy</h1>
<p> This view allows you to manage proxy roles for a document. </p>
<p> Proxy roles supplement the roles of the user who is viewing the
document in order to allow the document additional access. </p>
<p> Select the role(s) you wish to assign to the document from the
<tt>Proxy Roles</tt> multiple select list and click the
<tt>Change</tt> button to set proxy roles for the document. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;View</h1>
<p> This view allows you to preview the document. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Edit</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_Edit.dtml">DTML Document&gt;Edit</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Proxy</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_Proxy.dtml">DTML Document&gt;Proxy</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Upload</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_Upload.dtml">DTML Document&gt;Upload</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;View</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_View.dtml">DTML Document&gt;View</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Database-Management.dtml">Database Management</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File.dtml">File</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File.dtml">File</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Find</h1>
<dtml-var standard_html_header><h1>Find</h1>
<p> This view allows you to search for Zope objects. </p>
<p> To find objects you specify search criteria in the top frame and
then click the <tt>Find</tt> button. The find results will appear in
......@@ -14,4 +13,4 @@
and enter a DateTime string in the field to restrict found items by
modification date. Finally you may choose to either the <tt>Search only in
this folder</tt> or the <tt>Search all subfolders</tt> radio box
to control where Zope should look for found items. </p><dtml-var standard_html_footer>
\ No newline at end of file
to control where Zope should look for found items. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Edit</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File_Edit.dtml">File&gt;Edit</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Upload</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File_Upload.dtml">File&gt;Upload</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Contents</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Contents.dtml">Folder&gt;Contents</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Find</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Find.dtml">Folder&gt;Find</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Contents</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Contents.dtml">Folder&gt;Contents</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Find</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Find.dtml">Folder&gt;Find</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Properties</h1>
<dtml-var standard_html_header><h1>Properties</h1>
<p> This view allows you to define properties on your folder. </p>
<p> Current properties are listed one per line. You can change the
value of existing properties by entering new values in the text entry field(s)
......@@ -74,4 +73,4 @@
<td>A list of strings selected by a selection list.</td>
</tr>
</table><dtml-var standard_html_footer>
\ No newline at end of file
</table><dtml-var standard_html_footer>
<dtml-var standard_html_header>
<h3>The "Define Permissions" View</h3>
<p> Permissions are used to represent abstract operations or
types of usage. A permission may correspond to many
low-level object operations. Permissions provide a way to
control access to operations without having to list each
operation explicitly.</p>
<p> When creating products or ZClasses, we use high-level
objects, like DTML Methods to define operations. These
high-level objects have thier own permissions, which
represent abstract operations on the low-level
operations of these high-level objects.</p>
<p> When defining permissions for our products and ZClasses,
we need to define what low-level operations these new
permissions correspond to. We could enumerate the
low-level operations of the high-level objects used to
implement the operations of our products or ZClasses, but
this would be:</p>
<ul><li><p>Cumbersone,</p>
<li><p>Error prone, and</p>
<li><p>likely to break as the interfaces of the high-level
objects evolve.</p>
</ul>
<p> What we do instead is to treat the permissions of the
high-level objects used to implement a product or ZClass'
operations as the low-level operations that the product or
ZClass operation's abstract. </p>
<p> This is done via the "Define Permissions" view.
The "Define Permissions" view is used to define how the
operations of this object (or objects that acquire
permission settings from this object) correspond to the
operations defined by your product or ZClass.</p>
<p> The view has a table with two columns. The first
column lists the permissions for an object. The second
column specifies the permissions that should have this
permission in this product or ZClass. For ZClass methods,
only permissions that are defined for the ZClass are
permitted.</p>
<p> In general, any permissions that include operations that
change (mutate) an object should be disabled. Otherwise,
a method could be modified when used on an instance, such
as a ZClass instance.</p>
<dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Security</h1>
<dtml-var standard_html_header><h1>Security</h1>
<p> This view allows you to define security settings for this item.
Security settings are defined in terms of roles and permissions. When a role is
assigned to a permission, users with the given role will be able to perform
......@@ -22,4 +21,4 @@
clicking the <tt>Add Role</tt> button. You can delete any existing
user defined roles by selecting them from the selection list under the
<tt>User defined roles</tt> heading and clicking the <tt>Delete
Role</tt> button. </p><dtml-var standard_html_footer>
\ No newline at end of file
Role</tt> button. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Undo</h1>
<dtml-var standard_html_header><h1>Undo</h1>
<p> This view allows you to undo changes to Zope's database. </p>
<p> Zope allows you to undo changes to its database. Changes are
defined in terms of transactions which group together related changes. Each
......@@ -9,4 +8,4 @@
checking the checkbox next to it and then click either of the
<tt>Undo</tt> buttons. To see earlier or later transactions click the
<tt>Earlier Transactions</tt> or <tt>Later
Transactions</tt> links a the bottom and top of the view. </p><dtml-var standard_html_footer>
\ No newline at end of file
Transactions</tt> links a the bottom and top of the view. </p><dtml-var standard_html_footer>
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/User-Folder.dtml">User Folder</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/User-Folder.dtml">User Folder</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Version.dtml">Version</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
......@@ -82,12 +82,15 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''$Id: Lazy.py,v 1.1 1999/06/22 14:14:47 michel Exp $'''
__version__='$Revision: 1.1 $'[11:-2]
__doc__='''$Id: Lazy.py,v 1.2 2000/05/11 18:54:16 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
class Lazy:
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __repr__(self): return `list(self)`
def __len__(self):
......
......@@ -85,7 +85,7 @@
"""ZCatalog product"""
from Globals import HTMLFile, MessageDialog
import Globals
import Globals, AccessControl.Role
from Acquisition import Implicit
from Persistence import Persistent
from OFS.SimpleItem import Item
......@@ -104,7 +104,9 @@ def manage_addVocabulary(self, id, title, globbing=None, REQUEST=None):
return self.manage_main(self,REQUEST)
class Vocabulary(Item, Persistent, Implicit):
class Vocabulary(Item, Persistent, Implicit,
AccessControl.Role.RoleManager,
):
"""
A Vocabulary is a user managable relization of a Lexicon object.
......@@ -115,15 +117,15 @@ class Vocabulary(Item, Persistent, Implicit):
manage_options=(
## {'label': 'Manage', 'action': 'manage_main',
## 'target': 'manage_main'},
(
{'label': 'Vocabulary', 'action': 'manage_vocabulary',
'target': 'manage_main'},
{'label': 'Query', 'action': 'manage_query',
'target': 'manage_main'},
)
+Item.manage_options
+AccessControl.Role.RoleManager.manage_options
)
__ac_permissions__=(
......
......@@ -101,6 +101,7 @@ from Catalog import Catalog, orify
from SearchIndex import UnIndex, UnTextIndex
from Vocabulary import Vocabulary
import IOBTree
from AccessControl import getSecurityManager
manage_addZCatalogForm=HTMLFile('addZCatalog',globals())
......@@ -166,9 +167,6 @@ class ZCatalog(Folder, Persistent, Implicit):
icon='misc_/ZCatalog/ZCatalog.gif'
manage_options=(
{'label': 'Contents', 'action': 'manage_main',
'target': 'manage_main',
'help':('ZCatalog','ZCatalog_Contents.dtml')},
{'label': 'Cataloged Objects', 'action': 'manage_catalogView',
'target': 'manage_main',
'help':('ZCatalog','ZCatalog_Cataloged-Objects.dtml')},
......@@ -184,7 +182,7 @@ class ZCatalog(Folder, Persistent, Implicit):
{'label': 'Status', 'action': 'manage_catalogStatus',
'target':'manage_main',
'help':('ZCatalog','ZCatalog_Status.dtml')},
)
)+Folder.manage_options
__ac_permissions__=(
......@@ -540,8 +538,6 @@ class ZCatalog(Folder, Persistent, Implicit):
if obj_expr:
# Setup expr machinations
md=td()
if hasattr(REQUEST, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER
obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop)
base=obj
......@@ -633,8 +629,10 @@ def absattr(attr):
return attr
class td(TemplateDict, cDocument):
pass
class td(TemplateDict):
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
def expr_match(ob, ed, c=InstanceDict, r=0):
e, md, push, pop=ed
......
......@@ -84,9 +84,8 @@
##############################################################################
__doc__='''Generic Database Connection Support
$Id: Connection.py,v 1.22 2000/05/04 13:32:06 shane Exp $'''
__version__='$Revision: 1.22 $'[11:-2]
$Id: Connection.py,v 1.23 2000/05/11 18:54:16 jim Exp $'''
__version__='$Revision: 1.23 $'[11:-2]
import Globals, OFS.SimpleItem, AccessControl.Role, Acquisition, sys
from DateTime import DateTime
......@@ -106,10 +105,13 @@ class Connection(
# Specify definitions for tabs:
manage_options=(
(
{'label':'Status', 'action':'manage_main'},
{'label':'Properties', 'action':'manage_properties'},
{'label':'Test', 'action':'manage_testForm'},
{'label':'Security', 'action':'manage_access'},
)
+OFS.SimpleItem.Item.manage_options
+AccessControl.Role.RoleManager.manage_options
)
# Specify how individual operations add up to "permissions":
......
......@@ -85,8 +85,8 @@
__doc__='''Generic Database adapter
$Id: DA.py,v 1.81 2000/04/19 17:50:43 jeffrey Exp $'''
__version__='$Revision: 1.81 $'[11:-2]
$Id: DA.py,v 1.82 2000/05/11 18:54:16 jim Exp $'''
__version__='$Revision: 1.82 $'[11:-2]
import OFS.SimpleItem, Aqueduct, RDB
import DocumentTemplate, marshal, md5, base64, Acquisition, os
......@@ -97,7 +97,6 @@ from cStringIO import StringIO
import sys, Globals, OFS.SimpleItem, AccessControl.Role
from string import atoi, find, join, split
import DocumentTemplate, sqlvar, sqltest, sqlgroup
from AccessControl.User import verify_watermark
from DocumentTemplate.DT_Util import cDocument
from time import time
from zlib import compress, decompress
......@@ -108,6 +107,7 @@ import DocumentTemplate.DT_Util
from cPickle import dumps, loads
from Results import Results
from App.Extensions import getBrain
from AccessControl import getSecurityManager
try: from IOBTree import Bucket
except: Bucket=lambda:{}
......@@ -147,14 +147,16 @@ class DA(
template_class=SQL
manage_options=(
(
{'label':'Edit', 'action':'manage_main',
'help':('ZSQLMethods','Z-SQL-Method_Edit.dtml')},
{'label':'Test', 'action':'manage_testForm',
'help':('ZSQLMethods','Z-SQL-Method_Test.dtml')},
{'label':'Advanced', 'action':'manage_advancedForm',
'help':('ZSQLMethods','Z-SQL-Method_Advanced.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('ZSQLMethods','Z-SQL-Method_Security.dtml')},
)
+OFS.SimpleItem.Item.manage_options
+AccessControl.Role.RoleManager.manage_options
)
# Specify how individual operations add up to "permissions":
......@@ -425,19 +427,10 @@ class DA(
argdata['sql_delimiter']='\0'
argdata['sql_quote__']=dbc.sql_quote__
# Also need the authenticated user.
auth_user=REQUEST.get('AUTHENTICATED_USER', None)
if auth_user is None:
auth_user=getattr(self, 'REQUEST', None)
if auth_user is not None:
try: auth_user=auth_user.get('AUTHENTICATED_USER', None)
except: auth_user=None
if auth_user is not None:
verify_watermark(auth_user)
argdata['AUTHENTICATED_USER']=auth_user
query=apply(self.template, (p, argdata))
security=getSecurityManager()
security.addContext(self)
try: query=apply(self.template, (p, argdata))
finally: security.removeContext(self)
if src__: return query
......
......@@ -82,7 +82,7 @@
# attributions are listed in the accompanying credits file.
#
##############################################################################
__version__='$Revision: 1.25 $'[11:-2]
__version__='$Revision: 1.26 $'[11:-2]
from string import join, split, find, rfind, lower, upper
from urllib import quote
......@@ -124,6 +124,9 @@ class BaseRequest:
_auth=None
_held=()
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __init__(self, other=None, **kw):
"""The constructor is not allowed to raise errors
"""
......@@ -218,7 +221,7 @@ class BaseRequest:
__repr__=__str__
def traverse(self, path, response=None):
def traverse(self, path, response=None, validated_hook=None):
"""Traverse the object space
The REQUEST must already have a PARENTS item with at least one
......@@ -264,8 +267,7 @@ class BaseRequest:
try:
# We build parents in the wrong order, so we
# need to make sure we reverse it when we're doe.
if hasattr(object,'__roles__'): roles=object.__roles__
else: roles=UNSPECIFIED_ROLES
roles=getattr(object,'__roles__', UNSPECIFIED_ROLES)
# if the top object has a __bobo_traverse__ method, then use it
# to possibly traverse to an alternate top-level object.
......@@ -296,9 +298,12 @@ class BaseRequest:
steps=self.steps
path.reverse()
pop=path.pop
# request['path']=path
while path:
entry_name=path[-1]
del path[-1]
entry_name=pop()
URL="%s/%s" % (URL,quote(entry_name))
got=0 # Can't find it? XXX
if entry_name:
......@@ -356,13 +361,11 @@ class BaseRequest:
"Missing doc string at: %s" % URL)
else: return response.notFoundError("%s" % (URL))
if hasattr(subobject,'__roles__'):
roles=subobject.__roles__
else:
if not got:
roleshack=entry_name+'__roles__'
if hasattr(object, roleshack):
roles=getattr(object, roleshack)
r=getattr(subobject, '__roles__', UNSPECIFIED_ROLES)
if r is not UNSPECIFIED_ROLES:
roles=r
elif not got:
roles=getattr(subobject, entry_name+'__roles__', roles)
# Promote subobject to object
parents.append(object)
......@@ -377,7 +380,7 @@ class BaseRequest:
and getattr(object, method) is not None
):
request._hacked_path=1
path=[method]
path.append(method)
else:
if (hasattr(object, '__call__') and
hasattr(object.__call__,'__roles__')):
......@@ -458,8 +461,7 @@ class BaseRequest:
steps=join(steps[:-i],'/')
if user is not None:
# Try to set a watermark on the user object.
user._v__marker__=_marker
if validated_hook is not None: validated_hook(self, user)
request['AUTHENTICATED_USER']=user
request['AUTHENTICATION_PATH']=steps
......
......@@ -84,8 +84,8 @@
##############################################################################
'''CGI Response Output formatter
$Id: BaseResponse.py,v 1.5 1999/09/23 21:55:12 jim Exp $'''
__version__='$Revision: 1.5 $'[11:-2]
$Id: BaseResponse.py,v 1.6 2000/05/11 18:54:17 jim Exp $'''
__version__='$Revision: 1.6 $'[11:-2]
import string, types, sys, regex
from string import find, rfind, lower, upper, strip, split, join, translate
......@@ -99,7 +99,10 @@ class BaseResponse:
debug_mode=None
_auth=None
_error_format='text/plain'
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __init__(self, stdout, stderr,
body='', headers=None, status=None, cookies=None):
self.stdout=stdout
......
......@@ -84,8 +84,8 @@
##############################################################################
__doc__="""Python Object Publisher -- Publish Python objects on web servers
$Id: Publish.py,v 1.145 2000/05/09 19:20:28 jim Exp $"""
__version__='$Revision: 1.145 $'[11:-2]
$Id: Publish.py,v 1.146 2000/05/11 18:54:17 jim Exp $"""
__version__='$Revision: 1.146 $'[11:-2]
import sys, os
from string import lower, atoi, rfind, strip
......@@ -128,7 +128,7 @@ def publish(request, module_name, after_list, debug=0,
):
(bobo_before, bobo_after, object, realm, debug_mode, err_hook,
have_transactions)= get_module_info(module_name)
validated_hook, have_transactions)= get_module_info(module_name)
parents=None
......@@ -158,7 +158,7 @@ def publish(request, module_name, after_list, debug=0,
if have_transactions: get_transaction().begin()
object=request.traverse(path)
object=request.traverse(path, validated_hook=validated_hook)
# Record transaction meta-data
if have_transactions:
......@@ -312,13 +312,14 @@ def get_module_info(module_name, modules={},
else: object=module
error_hook=getattr(module,'zpublisher_exception_hook', None)
validated_hook=getattr(module,'zpublisher_validated_hook', None)
try: get_transaction()
except: have_transactions=0
else: have_transactions=1
info= (bobo_before, bobo_after, object, realm, debug_mode,
error_hook, have_transactions)
error_hook, validated_hook, have_transactions)
modules[module_name]=modules[module_name+'.cgi']=info
......
......@@ -93,6 +93,7 @@ sys.path.insert(0, os.path.join(SOFTWARE_HOME, 'ZopeZODB3'))
import ZODB, ZODB.ZApplication, imp
import Globals, OFS.Application, sys
import AccessControl.SecurityManagement, AccessControl.User
Globals.BobobaseName = '%s/Data.fs' % Globals.data_dir
Globals.DatabaseVersion='3'
......@@ -128,6 +129,10 @@ Globals.opened.append(DB)
import ClassFactory
DB.setClassFactory(ClassFactory.ClassFactory)
# "Log on" as system user
AccessControl.SecurityManagement.newSecurityManager(
None, AccessControl.User.system)
# Set up the "application" object that automagically opens
# connections
app=bobo_application=ZODB.ZApplication.ZApplicationWrapper(
......@@ -140,10 +145,14 @@ OFS.Application.initialize(c)
c._p_jar.close()
del c
# "Log off" as system user
AccessControl.SecurityManagement.noSecurityManager()
# This is sneaky, but we don't want to play with Main:
sys.modules['Main']=sys.modules['Zope']
import ZODB.POSException, ZPublisher, string, ZPublisher, AccessControl.User
import ZODB.POSException, ZPublisher, string, ZPublisher
import ExtensionClass
from zLOG import LOG, INFO
......@@ -212,3 +221,7 @@ def zpublisher_exception_hook(
f(client, REQUEST, t, v, traceback)
finally: traceback=None
zpublisher_validated_hook=AccessControl.SecurityManagement.newSecurityManager
__bobo_before__=AccessControl.SecurityManagement.noSecurityManager
......@@ -85,7 +85,7 @@
"""WebDAV support - resource objects."""
__version__='$Revision: 1.28 $'[11:-2]
__version__='$Revision: 1.29 $'[11:-2]
import sys, os, string, mimetypes, davcmds, ExtensionClass
from common import absattr, aq_base, urlfix, rfc1123_date
......@@ -129,13 +129,11 @@ class Resource(ExtensionClass.Base):
else:
try: method=object.aq_acquire(methodname)
except: method=None
if (method is not None) and hasattr(method, '__roles__'):
roles=method.__roles__
user=REQUEST.get('AUTHENTICATED_USER', None)
__traceback_info__=methodname, str(roles), user
if (not hasattr(user, 'hasRole') or not user.hasRole(None, roles)):
raise 'Unauthorized', msg
return 1
if method is not None:
try: return getSecurityManager().validateValue(method)
except: pass
raise 'Unauthorized', msg
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment