Skip to content

Z
Zope
Commit 12bb20e5 authored by Jim Fulton's avatar Jim Fulton
Browse files
Options

Merging changes from the Security-Dev branch

parent 8dc0c578
Expand all Show whitespace changes
Inline Side-by-side
Showing with 1903 additions and 623 deletions
lib/python/AccessControl/DTML.py 0 → 100644
View file @ 12bb20e5
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
'''Add security system support to Document Templates
$Id: DTML.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
from DocumentTemplate import DT_Util
import SecurityManagement
# Allow access to unprotected attributes
DT_Util.TemplateDict.__allow_access_to_unprotected_subobjects__=1
DT_Util.string.__allow_access_to_unprotected_subobjects__=1
DT_Util.math.__allow_access_to_unprotected_subobjects__=1
DT_Util.whrandom.__allow_access_to_unprotected_subobjects__=1
try: DT_Util.random.__allow_access_to_unprotected_subobjects__=1
except: pass
# Add security testing capabilities
class DTMLSecurityAPI:
"""API for performing security checks in DTML using '_' methods.
"""
def SecurityValidate(md, inst, parent, name, value):
"""Validate access.
Arguments:
accessed -- the object that was being accessed
container -- the object the value was found in
name -- The name used to access the value
value -- The value retrieved though the access.
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
return (SecurityManagement
.getSecurityManager()
.validate(inst, parent, name, value)
)
def SecurityValidateValue(md, value):
"""Convenience for common case of simple value validation.
"""
return (SecurityManagement
.getSecurityManager()
.validateValue(value)
)
def SecurityCheckPermission(md, permission, object):
"""Check whether the security context allows the given permission on
the given object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
return (SecurityManagement
.getSecurityManager()
.checkPermission(permission, object)
)
def SecurityGetUser(md):
"""Gen the current authenticated user"""
return (SecurityManagement
.getSecurityManager()
.getUser()
)
def SecurityCalledByExecutable(md):
"""Return a boolean value indicating if this context was called
by an executable"""
r = (SecurityManagement
.getSecurityManager()
.calledByExecutable()
)
if r > 0: return r-1
return r
DT_Util.TemplateDict.__dict__.update(DTMLSecurityAPI.__dict__)
lib/python/AccessControl/Owned.py 0 → 100644
View file @ 12bb20e5
This diff is collapsed.
lib/python/AccessControl/PermissionMapping.py
View file @ 12bb20e5
...@@ -90,7 +90,8 @@ need the object's ordinary permissions intact so we can manage it. ...@@ -90,7 +90,8 @@ need the object's ordinary permissions intact so we can manage it.
""" """
import ExtensionClass, Acquisition import ExtensionClass, Acquisition
from AccessControl.Permission import pname from Permission import pname
from Owned import UnownableOwner
class RoleManager: class RoleManager:
...@@ -181,6 +182,8 @@ def setPermissionMapping(name, obj, v): ...@@ -181,6 +182,8 @@ def setPermissionMapping(name, obj, v):
elif obj.__dict__.has_key(name): delattr(obj, name) elif obj.__dict__.has_key(name): delattr(obj, name)
class PM(ExtensionClass.Base): class PM(ExtensionClass.Base):
_owner=UnownableOwner
_View_Permission='_View_Permission' _View_Permission='_View_Permission'
def __getattr__(self, name): def __getattr__(self, name):
......
lib/python/AccessControl/Role.py
View file @ 12bb20e5
...@@ -84,18 +84,24 @@ ...@@ -84,18 +84,24 @@
############################################################################## ##############################################################################
"""Access control support""" """Access control support"""
__version__='$Revision: 1.36 $'[11:-2] __version__='$Revision: 1.37 $'[11:-2]
from Globals import HTMLFile, MessageDialog, Dictionary from Globals import HTMLFile, MessageDialog, Dictionary
from string import join, strip, split, find from string import join, strip, split, find
from Acquisition import Implicit, Acquired from Acquisition import Implicit, Acquired, aq_get
import Globals, ExtensionClass, PermissionMapping, Products import Globals, ExtensionClass, PermissionMapping, Products
from Permission import Permission from Permission import Permission
from App.Common import aq_base from App.Common import aq_base
ListType=type([]) ListType=type([])
def _isBeingUsedAsAMethod(self):
return aq_get(self, '_isBeingUsedAsAMethod_', 0)
def _isNotBeingUsedAsAMethod(self):
return not aq_get(self, '_isBeingUsedAsAMethod_', 0)
class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager): class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
"""An obect that has configurable permissions""" """An obect that has configurable permissions"""
...@@ -113,7 +119,17 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager): ...@@ -113,7 +119,17 @@ class RoleManager(ExtensionClass.Base, PermissionMapping.RoleManager):
'manage_setLocalRoles', 'manage_addLocalRoles', 'manage_setLocalRoles', 'manage_addLocalRoles',
'manage_delLocalRoles', 'manage_delLocalRoles',
)), )),
# ('View management screens', ('manage_access',)), )
manage_options=(
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Security.dtml'),
'filter': _isNotBeingUsedAsAMethod,
},
{'label':'Define Permissions', 'action':'manage_access',
'help':('OFSP','Security-DefinePermissions.dtml'),
'filter': _isBeingUsedAsAMethod,
},
) )
__ac_roles__=('Manager', 'Owner', 'Anonymous') __ac_roles__=('Manager', 'Owner', 'Anonymous')
...@@ -570,3 +586,4 @@ def gather_permissions(klass, result, seen): ...@@ -570,3 +586,4 @@ def gather_permissions(klass, result, seen):
seen[name]=None seen[name]=None
gather_permissions(base, result, seen) gather_permissions(base, result, seen)
return result return result
lib/python/AccessControl/SecurityManagement.py 0 → 100644
View file @ 12bb20e5
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''short description
$Id: SecurityManagement.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import SpecialUsers
from thread import get_ident
from SecurityManager import SecurityManager
_managers={}
def newSecurityManager(request, user):
"""Set up a new security context for a request for a user
"""
thread_id=get_ident()
_managers[thread_id]=SecurityManager(
thread_id,
SecurityContext(user),
)
def noSecurityManager():
try: del _managers[get_ident()]
except: pass
def getSecurityManager():
"""Get a security manager, for the current thread.
"""
thread_id=get_ident()
manager=_managers.get(thread_id, None)
if manager is None:
manager=SecurityManager(
thread_id,
SecurityContext(SpecialUsers.nobody))
_managers[thread_id]=manager
return manager
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
This method should only be caused by system startup code. It should
never, for example, be called during a web request.
"""
SecurityManager.setSecurityPolicy(aSecurityPolicy)
class SecurityContext:
"""The security context is an object used internally to the security
machinery. It captures data about the current security context.
"""
def __init__(self, user):
self.stack=[]
self.user=user
lib/python/AccessControl/SecurityManager.py 0 → 100644
View file @ 12bb20e5
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''short description
$Id: SecurityManager.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import ZopeSecurityPolicy, os, string
try: max_stack_size=string.atoi(os.environ.get('Z_MAX_STACK_SIZE','100'))
except: max_stack_size=100
_defaultPolicy=ZopeSecurityPolicy.ZopeSecurityPolicy()
def setSecurityPolicy(aSecurityPolicy):
"""Set the system default security policy.
This method should only be caused by system startup code. It should
never, for example, be called during a web request.
"""
global _defaultPolicy
last=_defaultPolicy
_defaultPolicy=aSecurityPolicy
return last
class SecurityManager:
"""A security manager provides methods for checking access and managing
executable context and policies
"""
def __init__(self, thread_id, context):
self._thread_id=thread_id
self._context=context
self._policy=None
def validate(self, accessed=None, container=None, name=None, value=None):
"""Validate access.
Arguments:
accessed -- the object that was being accessed
container -- the object the value was found in
name -- The name used to access the value
value -- The value retrieved though the access.
The arguments may be provided as keyword arguments. Some of these
arguments may be ommitted, however, the policy may reject access
in some cases when arguments are ommitted. It is best to provide
all the values possible.
"""
policy=self._policy
if policy is None: policy=_defaultPolicy
return policy.validate(accessed, container, name, value,
self._context)
def validateValue(self, value):
"""Convenience for common case of simple value validation.
"""
policy=self._policy
if policy is None: policy=_defaultPolicy
return policy.validate(None, None, None, value,
self._context)
def checkPermission(self, permission, object):
"""Check whether the security context allows the given permission on
the given object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
"""
policy=self._policy
if policy is None: policy=_defaultPolicy
return policy.checkPermission(permission, object,
self._context)
def addContext(self, anExecutableObject,
getattr=getattr):
"""Add an ExecutableObject to the current security
context. Optionally, add a new SecurityPolicy as well.
"""
stack=self._context.stack
if len(stack) > max_stack_size:
raise SystemError, 'Excessive recursion'
stack.append(anExecutableObject)
p=getattr(anExecutableObject, '_customSecurityPolicy', None)
if p is not None: p=p()
self._policy=p
def removeContext(self, anExecutableObject,
getattr=getattr):
"""Remove an ExecutableObject, and optionally, a
SecurityPolicy, from the current security context.
"""
stack=self._context.stack
if not stack: return
top=stack[-1]
if top is anExecutableObject:
del stack[-1]
else:
indexes=range(len(stack))
indexes.reverse()
for i in indexes:
top=stack[i]
if top is anExecutableObject:
del stack[i:]
break
else:
return
if stack:
top=stack[-1]
p=getattr(top, '_customSecurityPolicy', None)
if p is not None: p=p()
self._policy=p
else:
self._policy=None
def getUser(self):
"""Gen the current authenticated user"""
return self._context.user
def calledByExecutable(self):
"""Return a boolean value indicating if this context was called
by an executable"""
return len(self._context.stack)
lib/python/AccessControl/SimpleObjectPolicies.py 0 → 100644
View file @ 12bb20e5
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Collect rules for access to objects that don\'t have roles.
$Id: SimpleObjectPolicies.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import Record
# Allow access to unprotected attributes
Record.Record.__allow_access_to_unprotected_subobjects__=1
ContainerAssertions={
type(()): 1,
type([]): 1,
type({}): 1,
}
from DocumentTemplate.cDocumentTemplate import InstanceDict
ContainerAssertions[InstanceDict]=1
Containers=ContainerAssertions.get
lib/python/AccessControl/SpecialUsers.py 0 → 100644
View file @ 12bb20e5
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Place to find special users
This is needed to avoid a circular import problem.
$Id: SpecialUsers.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
lib/python/AccessControl/User.py
View file @ 12bb20e5
...@@ -84,9 +84,9 @@ ...@@ -84,9 +84,9 @@
############################################################################## ##############################################################################
"""Access control package""" """Access control package"""
__version__='$Revision: 1.103 $'[11:-2] __version__='$Revision: 1.104 $'[11:-2]
import Globals, App.Undo, socket, regex import Globals, socket, regex, SpecialUsers
from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping
from string import join,strip,split,lower from string import join,strip,split,lower
from App.Management import Navigation, Tabs from App.Management import Navigation, Tabs
...@@ -111,6 +111,9 @@ class BasicUser(Implicit): ...@@ -111,6 +111,9 @@ class BasicUser(Implicit):
# Public User object interface # Public User object interface
# ---------------------------- # ----------------------------
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __init__(self,name,password,roles,domains): def __init__(self,name,password,roles,domains):
raise NotImplemented raise NotImplemented
...@@ -324,14 +327,16 @@ except: ...@@ -324,14 +327,16 @@ except:
nobody=SpecialUser('Anonymous User','',('Anonymous',), []) nobody=SpecialUser('Anonymous User','',('Anonymous',), [])
system=Super('System Processes','',('manage',), [])
import ZPublisher.BaseRequest # stuff these in a handier place for importing
# Make anonymous users always pass the watermark test. SpecialUsers.nobody=nobody
nobody._v__marker__ = ZPublisher.BaseRequest._marker SpecialUsers.system=system
SpecialUsers.super=super
class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
Item, App.Undo.UndoSupport): Item):
"""Base class for UserFolder-like objects""" """Base class for UserFolder-like objects"""
meta_type='User Folder' meta_type='User Folder'
...@@ -342,12 +347,12 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager, ...@@ -342,12 +347,12 @@ class BasicUserFolder(Implicit, Persistent, Navigation, Tabs, RoleManager,
isAUserFolder=1 isAUserFolder=1
manage_options=( manage_options=(
(
{'label':'Contents', 'action':'manage_main', {'label':'Contents', 'action':'manage_main',
'help':('OFSP','User-Folder_Contents.dtml')}, 'help':('OFSP','User-Folder_Contents.dtml')},
{'label':'Security', 'action':'manage_access', )
'help':('OFSP','User-Folder_Security.dtml')}, +Item.manage_options
{'label':'Undo', 'action':'manage_UndoForm', +RoleManager.manage_options
'help':('OFSP','User-Folder_Undo.dtml')},
) )
__ac_permissions__=( __ac_permissions__=(
...@@ -740,18 +745,6 @@ def manage_addUserFolder(self,dtself=None,REQUEST=None,**ignored): ...@@ -740,18 +745,6 @@ def manage_addUserFolder(self,dtself=None,REQUEST=None,**ignored):
if REQUEST: return self.manage_main(self,REQUEST,update_menu=1) if REQUEST: return self.manage_main(self,REQUEST,update_menu=1)
# This bit performs watermark verification on authenticated users.
from ZPublisher.BaseRequest import _marker
def verify_watermark(auth_user):
if not hasattr(auth_user, '_v__marker__') or \
auth_user._v__marker__ is not _marker:
raise 'Unauthorized', (
'You are not authorized to access this resource.'
)
def rolejoin(roles, other): def rolejoin(roles, other):
dict={} dict={}
for role in roles: for role in roles:
......
lib/python/AccessControl/ZopeSecurityPolicy.py 0 → 100644
View file @ 12bb20e5
##############################################################################
#
# Zope Public License (ZPL) Version 1.0
# -------------------------------------
#
# Copyright (c) Digital Creations. All rights reserved.
#
# This license has been certified as Open Source(tm).
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions in source code must retain the above copyright
# notice, this list of conditions, and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions, and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. Digital Creations requests that attribution be given to Zope
# in any manner possible. Zope includes a "Powered by Zope"
# button that is installed by default. While it is not a license
# violation to remove this button, it is requested that the
# attribution remain. A significant investment has been put
# into Zope, and this effort will continue if the Zope community
# continues to grow. This is one way to assure that growth.
#
# 4. All advertising materials and documentation mentioning
# features derived from or use of this software must display
# the following acknowledgement:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# In the event that the product being advertised includes an
# intact Zope distribution (with copyright and license included)
# then this clause is waived.
#
# 5. Names associated with Zope or Digital Creations must not be used to
# endorse or promote products derived from this software without
# prior written permission from Digital Creations.
#
# 6. Modified redistributions of any form whatsoever must retain
# the following acknowledgment:
#
# "This product includes software developed by Digital Creations
# for use in the Z Object Publishing Environment
# (http://www.zope.org/)."
#
# Intact (re-)distributions of any official Zope release do not
# require an external acknowledgement.
#
# 7. Modifications are encouraged but must be packaged separately as
# patches to official Zope releases. Distributions that do not
# clearly separate the patches from the original work must be clearly
# labeled as unofficial distributions. Modifications which do not
# carry the name Zope may be packaged in any form, as long as they
# conform to all of the clauses above.
#
#
# Disclaimer
#
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This software consists of contributions made by Digital Creations and
# many individuals on behalf of Digital Creations. Specific
# attributions are listed in the accompanying credits file.
#
##############################################################################
__doc__='''Define Zope\'s default security policy
$Id: ZopeSecurityPolicy.py,v 1.2 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2]
import SimpleObjectPolicies
_noroles=[]
from PermissionRole import _what_not_even_god_should_do, rolesForPermissionOn
class ZopeSecurityPolicy:
def validate(self, accessed, container, name, value, context,
None=None, type=type, IntType=type(0), DictType=type({}),
getattr=getattr, _noroles=_noroles, StringType=type(''),
Containers=SimpleObjectPolicies.Containers,
valid_aq_=('aq_parent','aq_explicit')):
############################################################
# Provide special rules for the acquisition attributes
if type(name) is StringType:
if name[:3]=='aq_' and name not in valid_aq_:
return 0
if container is None:
container=accessed
containerbase=accessedbase=accessed
else:
containerbase=getattr(container, 'aq_base', container)
accessedbase=getattr(accessed, 'aq_base', container)
############################################################
# Try to get roles
roles=getattr(value, '__roles__', _noroles)
if roles is _noroles:
############################################################
# We have an object without roles. Presumabely, it's
# some simple object, like a string or a list.
if container is None: return 0 # Bail if no container
roles=getattr(container, '__roles__', _noroles)
if roles is _noroles:
aq=getattr(container, 'aq_acquire', None)
if aq is None:
roles=_noroles
if containerbase is not accessedbase: return 0
else:
# Try to acquire roles
try: roles=aq('__roles__')
except AttributeError:
roles=_noroles
if containerbase is not accessedbase: return 0
# We need to make sure that we are allowed to
# get unprotected attributes from the container. We are
# allowed for certain simple containers and if the
# container says we can. Simple containers
# may also impose name restrictions.
p=Containers(type(container), None)
if p is None:
p=getattr(container,
'__allow_access_to_unprotected_subobjects__', None)
if p is not None:
tp=type(p)
if tp is not IntType:
if tp is DictType:
p=p.get(name, None)
else:
p=p(name, value)
if not p:
if (containerbase is accessedbase):
raise 'Unauthorized', name
else:
return 0
if roles is _noroles: return 1
# We are going to need a security-aware object to pass
# to hasRole. We'll use the container.
value=container
# Short-circuit tests if we can:
if roles is None or 'Anonymous' in roles: return 1
# Check executable security
stack=context.stack
if stack:
eo=stack[-1]
# If the executable had an owner, can it execute?
owner=eo.getOwner()
if (owner is not None) and not owner.hasRole(value, roles):
# We don't want someone to acquire if they can't
# get an unacquired!
if accessed is container:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
# Proxy roles, which are alot safer now.
proxy_roles=getattr(eo, '_proxy_roles', None)
if proxy_roles:
for r in proxy_roles:
if r in roles: return 1
# Proxy roles actually limit access!
if accessedbase is containerbase:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
try:
if context.user.hasRole(value, roles): return 1
except AttributeError: pass
# We don't want someone to acquire if they can't get an unacquired!
if accessedbase is containerbase:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
def checkPermission(self, permission, object, context):
roles=rolesForPermissionOn(permission, object)
if roles is _what_not_even_god_should_do: return 0
return context.user.has_role(roles, object)
lib/python/AccessControl/__init__.py
View file @ 12bb20e5
...@@ -82,3 +82,8 @@ ...@@ -82,3 +82,8 @@
# attributions are listed in the accompanying credits file. # attributions are listed in the accompanying credits file.
# #
############################################################################## ##############################################################################
import DTML
del DTML
from SecurityManagement import getSecurityManager, setSecurityPolicy
lib/python/AccessControl/methodAccess.dtml
View file @ 12bb20e5
...@@ -5,12 +5,26 @@ ...@@ -5,12 +5,26 @@
<dtml-var manage_tabs> <dtml-var manage_tabs>
</dtml-if manage_tabs> </dtml-if manage_tabs>
<p>This interface is used to define how the operations of this object
(or objects that acquire permission settings from this object)
correspond to the operations defined by your product or ZClass.</p>
<p>The table below has two columns. The first column
lists the permissions for this object. The second column specifies
the permissions that should have this permission in this product or
ZClass. For ZClass methods, only permissions that are defined for the
ZClass are permitted.</p>
<p>In general, any permissions that include operations that change
(mutate) an object should be disabled.</p>
<p>The listing below shows the current permission mappings for this item.</p> <p>The listing below shows the current permission mappings for this item.</p>
<dtml-with "_(valid=permissionMappingPossibleValues())"> <dtml-with "_(valid=permissionMappingPossibleValues())">
<form action="manage_setPermissionMapping" method="POST"> <form action="manage_setPermissionMapping" method="POST">
<table> <table>
<tr><th align=left>Permission</th> <tr><th align=left>Permission for this object</th>
<th align=left>is mapped to</th></tr> <th align=left>Permissions that correspond to<br>
(i.e. have) this permission</th></tr>
<dtml-in manage_getPermissionMapping mapping> <dtml-in manage_getPermissionMapping mapping>
<tr> <tr>
<th align=left><dtml-var permission_name></th> <th align=left><dtml-var permission_name></th>
......
lib/python/AccessControl/owner.dtml 0 → 100644
View file @ 12bb20e5
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML lang="en">
<HEAD>
<TITLE>&dtml-id; Owner</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<dtml-var manage_tabs>
<dtml-var title_and_id> is
<dtml-if owner_info>
<dtml-with owner_info mapping>
owned <dtml-if explicit> directly
<dtml-else> indirectly (through acquisition)
</dtml-if> by &dtml-id; (&dtml-path;).
<dtml-if userCanChangeOwnershipType>
<form action="manage_changeOwnershipType">
<dtml-if explicit>
<input type="hidden" name="explicit" value="">
<input type="submit" value="Make ownership implicit (acquired)">
<dtml-else>
<input type="hidden" name="explicit" value="y">
<input type="submit" value="Make ownership explicit">
</dtml-if>
</form>
</dtml-if>
</dtml-with>
<dtml-else>
unowned.
</dtml-if>
<dtml-if userCanTakeOwnership>
<form action="manage_takeOwnership">
<input type="submit" value="Take ownership">
</form>
</dtml-if>
</BODY></HTML>
lib/python/App/ApplicationManager.py
View file @ 12bb20e5
...@@ -83,10 +83,10 @@ ...@@ -83,10 +83,10 @@
# #
############################################################################## ##############################################################################
__doc__="""System management components""" __doc__="""System management components"""
__version__='$Revision: 1.58 $'[11:-2] __version__='$Revision: 1.59 $'[11:-2]
import sys,os,time,string,Globals, Acquisition, os import sys,os,time,string,Globals, Acquisition, os, Undo
from Globals import HTMLFile from Globals import HTMLFile
from OFS.ObjectManager import ObjectManager from OFS.ObjectManager import ObjectManager
from OFS.Folder import Folder from OFS.Folder import Folder
...@@ -114,15 +114,18 @@ class DatabaseManager(Fake, SimpleItem.Item, Acquisition.Implicit): ...@@ -114,15 +114,18 @@ class DatabaseManager(Fake, SimpleItem.Item, Acquisition.Implicit):
icon='p_/DatabaseManagement_icon' icon='p_/DatabaseManagement_icon'
manage_options=( manage_options=(
(
{'label':'Database', 'action':'manage_main', {'label':'Database', 'action':'manage_main',
'help':('OFSP','Database-Management_Database.dtml')}, 'help':('OFSP','Database-Management_Database.dtml')},
{'label':'Cache Parameters', 'action':'manage_cacheParameters', {'label':'Cache Parameters', 'action':'manage_cacheParameters',
'help':('OFSP','Database-Management_Cache-Parameters.dtml')}, 'help':('OFSP','Database-Management_Cache-Parameters.dtml')},
{'label':'Flush Cache', 'action':'manage_cacheGC', {'label':'Flush Cache', 'action':'manage_cacheGC',
'help':('OFSP','Database-Management_Flush-Cache.dtml')}, 'help':('OFSP','Database-Management_Flush-Cache.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Database-Management_Undo.dtml')},
) )
+SimpleItem.Item.manage_options
)
Globals.default__class_init__(DatabaseManager)
class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit): class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit):
"""Version management""" """Version management"""
...@@ -133,10 +136,14 @@ class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit): ...@@ -133,10 +136,14 @@ class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit):
icon='p_/VersionManagement_icon' icon='p_/VersionManagement_icon'
manage_options=( manage_options=(
(
{'label':'Version', 'action':'manage_main', {'label':'Version', 'action':'manage_main',
'help':('OFSP','Version-Management_Version.dtml')}, 'help':('OFSP','Version-Management_Version.dtml')},
) )
+SimpleItem.Item.manage_options
)
Globals.default__class_init__(VersionManager)
...@@ -148,7 +155,7 @@ _v_rst=None ...@@ -148,7 +155,7 @@ _v_rst=None
class ApplicationManager(Folder,CacheManager): class ApplicationManager(Folder,CacheManager):
"""System management""" """System management"""
__roles__=['Manager'] __roles__=('Manager',)
isPrincipiaFolderish=1 isPrincipiaFolderish=1
Database=DatabaseManager() Database=DatabaseManager()
Versions=VersionManager() Versions=VersionManager()
...@@ -175,10 +182,11 @@ class ApplicationManager(Folder,CacheManager): ...@@ -175,10 +182,11 @@ class ApplicationManager(Folder,CacheManager):
) )
manage_options=( manage_options=(
(
{'label':'Contents', 'action':'manage_main', {'label':'Contents', 'action':'manage_main',
'help':('OFSP','Control-Panel_Contents.dtml')}, 'help':('OFSP','Control-Panel_Contents.dtml')},
{'label':'Undo', 'action':'manage_UndoForm', )
'help':('OFSP','Control-Panel_Undo.dtml')}, +Undo.UndoSupport.manage_options
) )
id ='Control_Panel' id ='Control_Panel'
......
lib/python/App/CacheManager.py
View file @ 12bb20e5
...@@ -85,8 +85,8 @@ ...@@ -85,8 +85,8 @@
__doc__='''Cache management support __doc__='''Cache management support
$Id: CacheManager.py,v 1.16 1999/10/07 19:53:25 jim Exp $''' $Id: CacheManager.py,v 1.17 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.16 $'[11:-2] __version__='$Revision: 1.17 $'[11:-2]
import Globals, time, sys import Globals, time, sys
...@@ -298,3 +298,6 @@ class CacheManager: ...@@ -298,3 +298,6 @@ class CacheManager:
else: else:
# ZODB 3 # ZODB 3
return db.cacheExtremeDetail() return db.cacheExtremeDetail()
Globals.default__class_init__(CacheManager)
lib/python/App/Factory.py
View file @ 12bb20e5
...@@ -84,8 +84,8 @@ ...@@ -84,8 +84,8 @@
############################################################################## ##############################################################################
__doc__='''Factory objects __doc__='''Factory objects
$Id: Factory.py,v 1.16 2000/03/20 16:24:07 jim Exp $''' $Id: Factory.py,v 1.17 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.16 $'[11:-2] __version__='$Revision: 1.17 $'[11:-2]
import OFS.SimpleItem, Acquisition, Globals, AccessControl.Role import OFS.SimpleItem, Acquisition, Globals, AccessControl.Role
import Products, Product import Products, Product
...@@ -108,11 +108,14 @@ class Factory( ...@@ -108,11 +108,14 @@ class Factory(
) )
manage_options=( manage_options=(
(
{'label':'Edit', 'action':'manage_main', {'label':'Edit', 'action':'manage_main',
'help':('OFSP','Zope-Factory_Edit.dtml')}, 'help':('OFSP','Zope-Factory_Edit.dtml')},
{'label':'Security', 'action':'manage_access', {'label':'Define Permissions', 'action':'manage_access',
'help':('OFSP','Zope-Factory_Define-Permissions.dtml')}, 'help':('OFSP','Zope-Factory_Define-Permissions.dtml')},
) )
+OFS.SimpleItem.Item.manage_options
)
def __init__(self, id, title, object_type, initial, permission=''): def __init__(self, id, title, object_type, initial, permission=''):
self.id=id self.id=id
......
lib/python/App/FactoryDispatcher.py
View file @ 12bb20e5
...@@ -145,7 +145,7 @@ class FactoryDispatcher(Acquisition.Implicit): ...@@ -145,7 +145,7 @@ class FactoryDispatcher(Acquisition.Implicit):
raise AttributeError, name raise AttributeError, name
# Provide acquired indicators for critical OM methods: # Provide acquired indicators for critical OM methods:
_setObject=Acquisition.Acquired _setObject=_getOb=Acquisition.Acquired
# Provide a replacement for manage_main that does a redirection: # Provide a replacement for manage_main that does a redirection:
def manage_main(trueself, self, REQUEST, update_menu=0): def manage_main(trueself, self, REQUEST, update_menu=0):
......
lib/python/App/Management.py
View file @ 12bb20e5
...@@ -85,14 +85,15 @@ ...@@ -85,14 +85,15 @@
"""Standard management interface support """Standard management interface support
$Id: Management.py,v 1.30 1999/09/27 14:07:05 jim Exp $""" $Id: Management.py,v 1.31 2000/05/11 18:54:13 jim Exp $"""
__version__='$Revision: 1.30 $'[11:-2] __version__='$Revision: 1.31 $'[11:-2]
import sys, Globals, ExtensionClass, urllib import sys, Globals, ExtensionClass, urllib
from Dialogs import MessageDialog from Dialogs import MessageDialog
from Globals import HTMLFile from Globals import HTMLFile
from string import split, join, find from string import split, join, find
from AccessControl import getSecurityManager
class Tabs(ExtensionClass.Base): class Tabs(ExtensionClass.Base):
"""Mix-in provides management folder tab support.""" """Mix-in provides management folder tab support."""
...@@ -100,92 +101,37 @@ class Tabs(ExtensionClass.Base): ...@@ -100,92 +101,37 @@ class Tabs(ExtensionClass.Base):
manage_tabs__roles__=('Anonymous',) manage_tabs__roles__=('Anonymous',)
manage_tabs =HTMLFile('manage_tabs', globals()) manage_tabs =HTMLFile('manage_tabs', globals())
#__ac_permissions__=(
# ('View management screens', ('manage_help', )),
# )
manage_help__roles__=()
def manage_help(self, RESPONSE, SCRIPT_NAME):
"Help!"
RESPONSE.redirect(SCRIPT_NAME+'/HelpSys/hs_index')
return ''
manage_options =() manage_options =()
filtered_manage_options__roles__=None filtered_manage_options__roles__=None
def filtered_manage_options(self, REQUEST=None):
def filtered_manage_options( validate=getSecurityManager().validate
self, REQUEST=None,
help_option_=({'label': 'Help', 'action': 'manage_help',
'target':"z_help_wnd"},),
):
if REQUEST is None and hasattr(self, 'aq_acquire'):
try: REQUEST=self.aq_acquire('REQUEST')
except: pass
try: user=REQUEST['AUTHENTICATED_USER']
except: user=None
result=[] result=[]
seen_roles={}
try: options=tuple(self.manage_options)+help_option_ try: options=tuple(self.manage_options)
except: options=tuple(self.manage_options())+help_option_ except: options=tuple(self.manage_options())
for d in options: for d in options:
label=d.get('label', None) filter=d.get('filter', None)
if (label=='Security' if filter is not None and not filter(self):
and hasattr(self, '_isBeingUsedAsAMethod') continue
and self._isBeingUsedAsAMethod()):
d['label']='Define Permissions'
path=d.get('path', None) path=d.get('path', None)
if path is None: path=d['action'] if path is None: path=d['action']
try: o=self.unrestrictedTraverse(path, None)
# Traverse to get the action: if o is None: continue
o=self
for a in split(path,'/'):
if not a: continue
if a=='..':
o=o.aq_parent
continue
if hasattr(o, '__bobo_traverse__'):
o=o.__bobo_traverse__(REQUEST, a)
elif hasattr(o,a):
o=getattr(o,a)
else:
o=o[a]
except:
o=None
if o is None: try:
continue if validate(value=o):
result.append(d) # Waaaa
# Get the roles and check for public methods
try: roles=o.__roles__
except: roles=None
if roles is None or 'Anonymous' in roles:
result.append(d) result.append(d)
continue except:
if not hasattr(o, '__roles__'):
# Do the validation check, trying to
# optimize things for the common case of
# many actions with the same roles.
for r in roles:
ok=seen_roles.get(r,None)
if ok is None:
if user is None: break
else:
try: ok=user.allowed(o, (r,))
except: ok=0
seen_roles[r]=ok
if ok:
result.append(d) result.append(d)
break
return result return result
......
lib/python/App/Permission.py
View file @ 12bb20e5
...@@ -84,8 +84,8 @@ ...@@ -84,8 +84,8 @@
############################################################################## ##############################################################################
__doc__='''Zope registerable permissions __doc__='''Zope registerable permissions
$Id: Permission.py,v 1.2 2000/01/10 20:21:11 amos Exp $''' $Id: Permission.py,v 1.3 2000/05/11 18:54:13 jim Exp $'''
__version__='$Revision: 1.2 $'[11:-2] __version__='$Revision: 1.3 $'[11:-2]
import OFS.SimpleItem, Acquisition, Globals, ExtensionClass, AccessControl.Role import OFS.SimpleItem, Acquisition, Globals, ExtensionClass, AccessControl.Role
...@@ -98,11 +98,15 @@ class Permission( ...@@ -98,11 +98,15 @@ class Permission(
icon='p_/Permission_icon' icon='p_/Permission_icon'
manage_options=( manage_options=(
(
{'label':'Edit', 'action':'manage_main', {'label':'Edit', 'action':'manage_main',
'help':('OFSP','Zope-Permission_Edit.dtml')}, 'help':('OFSP','Zope-Permission_Edit.dtml')},
{'label':'Security', 'action':'manage_access', {'label':'Define Permissions', 'action':'manage_access',
'help':('OFSP','Zope-Permission_Define-Permissions.dtml')}, 'help':('OFSP','Zope-Permission_Define-Permissions.dtml')},
) )
+OFS.SimpleItem.Item.manage_options
)
def __init__(self, id, title, name): def __init__(self, id, title, name):
self.id=id self.id=id
......
lib/python/App/Product.py
View file @ 12bb20e5
...@@ -107,8 +107,10 @@ ...@@ -107,8 +107,10 @@
import Globals, OFS.Folder, OFS.SimpleItem, os, string, Acquisition, Products import Globals, OFS.Folder, OFS.SimpleItem, os, string, Acquisition, Products
from OFS.Folder import Folder
import regex, zlib, Globals, cPickle, marshal, rotor import regex, zlib, Globals, cPickle, marshal, rotor
import ZClasses, ZClasses.ZClass, AccessControl.Owned
from OFS.Folder import Folder
from string import rfind, atoi, find, strip, join from string import rfind, atoi, find, strip, join
from Factory import Factory from Factory import Factory
from Permission import PermissionManager from Permission import PermissionManager
...@@ -124,24 +126,12 @@ class ProductFolder(Folder): ...@@ -124,24 +126,12 @@ class ProductFolder(Folder):
meta_type ='Product Management' meta_type ='Product Management'
icon='p_/ProductFolder_icon' icon='p_/ProductFolder_icon'
manage_options=(
{'label':'Contents', 'action':'manage_main',
'help':('OFSP','Product-Management_Contents.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Product-Management_Properties.dtml')},
{'label':'Import/Export', 'action':'manage_importExportForm',
'help':('OFSP','Product-Management_Import-Export.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Product-Management_Security.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Product-Management_Undo.dtml')},
{'label':'Find', 'action':'manage_findFrame',
'help':('OFSP','Product-Management_Find.dtml')},
)
all_meta_types={'name': 'Product', 'action': 'manage_addProductForm'}, all_meta_types={'name': 'Product', 'action': 'manage_addProductForm'},
meta_types=all_meta_types meta_types=all_meta_types
# This prevents subobjects from being owned!
_owner=AccessControl.Owned.UnownableOwner
def _product(self, name): return getattr(self, name) def _product(self, name): return getattr(self, name)
manage_addProductForm=Globals.HTMLFile('addProduct',globals()) manage_addProductForm=Globals.HTMLFile('addProduct',globals())
...@@ -192,19 +182,12 @@ class Product(Folder, PermissionManager): ...@@ -192,19 +182,12 @@ class Product(Folder, PermissionManager):
'manage_subclassableClassNames'] 'manage_subclassableClassNames']
manage_options=( manage_options=(
{'label':'Contents', 'action':'manage_main', Folder.manage_options+
'help':('OFSP','Product_Contents.dtml')}, (
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Product_Properties.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Product_Define-Permissions.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Product_Undo.dtml')},
{'label':'Find', 'action':'manage_findFrame',
'help':('OFSP','Product_Find.dtml')},
{'label':'Distribution', 'action':'manage_distributionView', {'label':'Distribution', 'action':'manage_distributionView',
'help':('OFSP','Product_Distribution.dtml')}, 'help':('OFSP','Product_Distribution.dtml')},
) )
)
manage_distributionView=Globals.HTMLFile('distributionView',globals()) manage_distributionView=Globals.HTMLFile('distributionView',globals())
......
lib/python/App/Undo.py
View file @ 12bb20e5
...@@ -84,9 +84,8 @@ ...@@ -84,9 +84,8 @@
############################################################################## ##############################################################################
__doc__='''short description __doc__='''short description
$Id: Undo.py,v 1.20 2000/05/11 18:54:14 jim Exp $'''
$Id: Undo.py,v 1.19 2000/05/09 19:06:39 jim Exp $''' __version__='$Revision: 1.20 $'[11:-2]
__version__='$Revision: 1.19 $'[11:-2]
import Globals, ExtensionClass import Globals, ExtensionClass
from DateTime import DateTime from DateTime import DateTime
...@@ -101,6 +100,11 @@ class UndoSupport(ExtensionClass.Base): ...@@ -101,6 +100,11 @@ class UndoSupport(ExtensionClass.Base):
)), )),
) )
manage_options=(
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Undo.dtml')},
)
manage_UndoForm=Globals.HTMLFile( manage_UndoForm=Globals.HTMLFile(
'undo', globals(), 'undo', globals(),
PrincipiaUndoBatchSize=20, PrincipiaUndoBatchSize=20,
......
lib/python/DateTime/DateTime.py
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Encapsulation of date/time values""" """Encapsulation of date/time values"""
__version__='$Revision: 1.47 $'[11:-2] __version__='$Revision: 1.48 $'[11:-2]
import sys, os, math, regex, ts_regex, DateTimeZone import sys, os, math, regex, ts_regex, DateTimeZone
...@@ -477,6 +477,10 @@ class DateTime: ...@@ -477,6 +477,10 @@ class DateTime:
and numeric operations return a new DateTime object rather than and numeric operations return a new DateTime object rather than
modify the current object.""" modify the current object."""
# For security machinery:
__roles__=None
__allow_access_to_unprotected_subobjects__=1
def __init__(self,*args): def __init__(self,*args):
"""Return a new date-time object """Return a new date-time object
......
lib/python/DocumentTemplate/DT_In.py
View file @ 12bb20e5
...@@ -382,8 +382,8 @@ ...@@ -382,8 +382,8 @@
''' #' ''' #'
__rcs_id__='$Id: DT_In.py,v 1.38 1999/08/27 14:56:27 petrilli Exp $' __rcs_id__='$Id: DT_In.py,v 1.39 2000/05/11 18:54:14 jim Exp $'
__version__='$Revision: 1.38 $'[11:-2] __version__='$Revision: 1.39 $'[11:-2]
from DT_Util import ParseError, parse_params, name_param, str from DT_Util import ParseError, parse_params, name_param, str
from DT_Util import render_blocks, InstanceDict, ValidationError from DT_Util import render_blocks, InstanceDict, ValidationError
...@@ -592,7 +592,7 @@ class InClass: ...@@ -592,7 +592,7 @@ class InClass:
client=sequence[index] client=sequence[index]
if validate is not None: if validate is not None:
try: vv=validate(sequence,sequence,index,client,md) try: vv=validate(sequence,sequence,None,client,md)
except: vv=0 except: vv=0
if not vv: if not vv:
if (params.has_key('skip_unauthorized') and if (params.has_key('skip_unauthorized') and
...@@ -672,7 +672,7 @@ class InClass: ...@@ -672,7 +672,7 @@ class InClass:
client=sequence[index] client=sequence[index]
if validate is not None: if validate is not None:
try: vv=validate(sequence,sequence,index,client,md) try: vv=validate(sequence,sequence,None,client,md)
except: vv=0 except: vv=0
if not vv: if not vv:
if (self.args.has_key('skip_unauthorized') and if (self.args.has_key('skip_unauthorized') and
......
lib/python/DocumentTemplate/DT_String.py
View file @ 12bb20e5
...@@ -82,7 +82,7 @@ ...@@ -82,7 +82,7 @@
# attributions are listed in the accompanying credits file. # attributions are listed in the accompanying credits file.
# #
############################################################################## ##############################################################################
"$Id: DT_String.py,v 1.34 2000/03/09 20:07:56 brian Exp $" "$Id: DT_String.py,v 1.35 2000/05/11 18:54:14 jim Exp $"
from string import split, strip from string import split, strip
import regex, ts_regex import regex, ts_regex
...@@ -464,8 +464,6 @@ class String: ...@@ -464,8 +464,6 @@ class String:
if globals: push(globals) if globals: push(globals)
if mapping: if mapping:
push(mapping) push(mapping)
if hasattr(mapping,'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=mapping['AUTHENTICATED_USER']
md.validate=self.validate md.validate=self.validate
if client is not None: if client is not None:
if type(client)==type(()): if type(client)==type(()):
......
lib/python/DocumentTemplate/DT_Util.py
View file @ 12bb20e5
...@@ -82,8 +82,8 @@ ...@@ -82,8 +82,8 @@
# attributions are listed in the accompanying credits file. # attributions are listed in the accompanying credits file.
# #
############################################################################## ##############################################################################
'''$Id: DT_Util.py,v 1.61 1999/10/22 18:08:45 jim Exp $''' '''$Id: DT_Util.py,v 1.62 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.61 $'[11:-2] __version__='$Revision: 1.62 $'[11:-2]
import regex, string, math, os import regex, string, math, os
from string import strip, join, atoi, lower, split, find from string import strip, join, atoi, lower, split, find
...@@ -163,7 +163,7 @@ def careful_getitem(md, mapping, key): ...@@ -163,7 +163,7 @@ def careful_getitem(md, mapping, key):
if type(v) is type(''): return v # Short-circuit common case if type(v) is type(''): return v # Short-circuit common case
validate=md.validate validate=md.validate
if validate is None or validate(mapping,mapping,key,v,md): return v if validate is None or validate(mapping,mapping,None,v,md): return v
raise ValidationError, key raise ValidationError, key
def careful_getslice(md, seq, *indexes): def careful_getslice(md, seq, *indexes):
...@@ -179,7 +179,7 @@ def careful_getslice(md, seq, *indexes): ...@@ -179,7 +179,7 @@ def careful_getslice(md, seq, *indexes):
validate=md.validate validate=md.validate
if validate is not None: if validate is not None:
for e in v: for e in v:
if not validate(seq,seq,'',e,md): if not validate(seq,seq,None,e,md):
raise ValidationError, 'unauthorized access to slice member' raise ValidationError, 'unauthorized access to slice member'
return v return v
...@@ -201,7 +201,6 @@ def careful_range(md, iFirst, *args): ...@@ -201,7 +201,6 @@ def careful_range(md, iFirst, *args):
if iLen >= RANGELIMIT: raise ValueError, 'range() too large' if iLen >= RANGELIMIT: raise ValueError, 'range() too large'
return range(iStart, iEnd, iStep) return range(iStart, iEnd, iStep)
import string, math, whrandom import string, math, whrandom
try: try:
...@@ -210,6 +209,7 @@ try: ...@@ -210,6 +209,7 @@ try:
from cDocumentTemplate import cDocument from cDocumentTemplate import cDocument
except: from pDocumentTemplate import InstanceDict, TemplateDict, render_blocks except: from pDocumentTemplate import InstanceDict, TemplateDict, render_blocks
d=TemplateDict.__dict__ d=TemplateDict.__dict__
for name in ('None', 'abs', 'chr', 'divmod', 'float', 'hash', 'hex', 'int', for name in ('None', 'abs', 'chr', 'divmod', 'float', 'hash', 'hex', 'int',
'len', 'max', 'min', 'oct', 'ord', 'round', 'str'): 'len', 'max', 'min', 'oct', 'ord', 'round', 'str'):
...@@ -224,8 +224,6 @@ def careful_pow(self, x, y, z): ...@@ -224,8 +224,6 @@ def careful_pow(self, x, y, z):
d['pow']=careful_pow d['pow']=careful_pow
try: try:
import random import random
d['random']=random d['random']=random
......
lib/python/DocumentTemplate/DT_With.py
View file @ 12bb20e5
...@@ -105,8 +105,8 @@ ...@@ -105,8 +105,8 @@
''' '''
__rcs_id__='$Id: DT_With.py,v 1.10 1999/03/10 00:15:08 klm Exp $' __rcs_id__='$Id: DT_With.py,v 1.11 2000/05/11 18:54:14 jim Exp $'
__version__='$Revision: 1.10 $'[11:-2] __version__='$Revision: 1.11 $'[11:-2]
from DT_Util import parse_params, name_param, InstanceDict, render_blocks, str from DT_Util import parse_params, name_param, InstanceDict, render_blocks, str
from DT_Util import TemplateDict from DT_Util import TemplateDict
...@@ -139,8 +139,6 @@ class With: ...@@ -139,8 +139,6 @@ class With:
if self.only: if self.only:
_md=md _md=md
md=TemplateDict() md=TemplateDict()
if hasattr(_md, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=_md.AUTHENTICATED_USER
if hasattr(_md, 'validate'): if hasattr(_md, 'validate'):
md.validate=_md.validate md.validate=_md.validate
......
lib/python/DocumentTemplate/cDocumentTemplate.c
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
****************************************************************************/ ****************************************************************************/
static char cDocumentTemplate_module_documentation[] = static char cDocumentTemplate_module_documentation[] =
"" ""
"\n$Id: cDocumentTemplate.c,v 1.31 2000/01/04 16:24:42 jim Exp $" "\n$Id: cDocumentTemplate.c,v 1.32 2000/05/11 18:54:14 jim Exp $"
; ;
#include "ExtensionClass.h" #include "ExtensionClass.h"
...@@ -1063,11 +1063,13 @@ void ...@@ -1063,11 +1063,13 @@ void
initcDocumentTemplate() initcDocumentTemplate()
{ {
PyObject *m, *d; PyObject *m, *d;
char *rev="$Revision: 1.31 $"; char *rev="$Revision: 1.32 $";
PURE_MIXIN_CLASS(cDocument, PURE_MIXIN_CLASS(cDocument,
"Base class for documents that adds fast validation method", "Base class for documents that adds fast validation method",
Document_methods); Document_methods);
DictInstanceType.ob_type=&PyType_Type;
UNLESS(py_isDocTemp=PyString_FromString("isDocTemp")) return; UNLESS(py_isDocTemp=PyString_FromString("isDocTemp")) return;
UNLESS(py_blocks=PyString_FromString("blocks")) return; UNLESS(py_blocks=PyString_FromString("blocks")) return;
UNLESS(py_acquire=PyString_FromString("aq_acquire")) return; UNLESS(py_acquire=PyString_FromString("aq_acquire")) return;
......
lib/python/OFS/Application.py
View file @ 12bb20e5
...@@ -85,9 +85,8 @@ ...@@ -85,9 +85,8 @@
__doc__='''Application support __doc__='''Application support
$Id: Application.py,v 1.122 2000/05/04 15:31:44 shane Exp $''' $Id: Application.py,v 1.123 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.122 $'[11:-2] __version__='$Revision: 1.123 $'[11:-2]
import Globals,Folder,os,sys,App.Product, App.ProductRegistry, misc_ import Globals,Folder,os,sys,App.Product, App.ProductRegistry, misc_
import time, traceback, os, string, Products import time, traceback, os, string, Products
...@@ -193,6 +192,9 @@ class Application(Globals.ApplicationDefaultPermissions, ...@@ -193,6 +192,9 @@ class Application(Globals.ApplicationDefaultPermissions,
__allow_groups__=UserFolder() __allow_groups__=UserFolder()
def title_and_id(self): return self.title
def title_or_id(self): return self.title
def __init__(self): def __init__(self):
# Initialize users # Initialize users
self.__allow_groups__=UserFolder() self.__allow_groups__=UserFolder()
......
lib/python/OFS/CopySupport.py
View file @ 12bb20e5
...@@ -83,13 +83,14 @@ ...@@ -83,13 +83,14 @@
# #
############################################################################## ##############################################################################
__doc__="""Copy interface""" __doc__="""Copy interface"""
__version__='$Revision: 1.47 $'[11:-2] __version__='$Revision: 1.48 $'[11:-2]
import sys, string, Globals, Moniker, tempfile, ExtensionClass import sys, string, Globals, Moniker, tempfile, ExtensionClass
from marshal import loads, dumps from marshal import loads, dumps
from urllib import quote, unquote from urllib import quote, unquote
from zlib import compress, decompress from zlib import compress, decompress
from App.Dialogs import MessageDialog from App.Dialogs import MessageDialog
from AccessControl import getSecurityManager
CopyError='Copy Error' CopyError='Copy Error'
...@@ -341,35 +342,11 @@ class CopyContainer(ExtensionClass.Base): ...@@ -341,35 +342,11 @@ class CopyContainer(ExtensionClass.Base):
if method_name is not None: if method_name is not None:
meth=None meth=self.unrestrictedTraverse(method_name)
if hasattr(self, method_name):
meth=getattr(self, method_name) if getSecurityManager().validateValue(meth):
else:
# Handle strange names that come from the Product
# machinery ;(
mn=string.split(method_name, '/')
if len(mn) > 1:
pname= mn[1]
product=self.manage_addProduct[pname]
fname=mn[2]
factory=getattr(product, fname)
try: meth=getattr(factory, factory.initial)
except: meth=factory
# if we still have a factory, get the add method
try: meth=getattr(meth, meth.initial)
except: pass
if hasattr(meth, '__roles__'):
roles=meth.__roles__
user=REQUEST.get('AUTHENTICATED_USER', None)
if (not hasattr(user, 'has_role') or
not user.has_role(roles, self)):
raise 'Unauthorized', (
"""You are not authorized to perform this
operation."""
)
return return
raise CopyError, MessageDialog( raise CopyError, MessageDialog(
title='Not Supported', title='Not Supported',
message='The object <EM>%s</EM> does not support this ' \ message='The object <EM>%s</EM> does not support this ' \
......
lib/python/OFS/DTMLDocument.py
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""DTML Document objects.""" """DTML Document objects."""
__version__='$Revision: 1.32 $'[11:-2] __version__='$Revision: 1.33 $'[11:-2]
from DocumentTemplate.DT_Util import InstanceDict, TemplateDict from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
from ZPublisher.Converters import type_converters from ZPublisher.Converters import type_converters
from Globals import HTML, HTMLFile, MessageDialog from Globals import HTML, HTMLFile, MessageDialog
...@@ -96,6 +96,7 @@ from sgmllib import SGMLParser ...@@ -96,6 +96,7 @@ from sgmllib import SGMLParser
from string import find from string import find
from urllib import quote from urllib import quote
import Globals import Globals
from AccessControl import getSecurityManager
done='done' done='done'
...@@ -107,18 +108,9 @@ class DTMLDocument(PropertyManager, DTMLMethod): ...@@ -107,18 +108,9 @@ class DTMLDocument(PropertyManager, DTMLMethod):
meta_type='DTML Document' meta_type='DTML Document'
icon ='p_/dtmldoc' icon ='p_/dtmldoc'
manage_options=({'label':'Edit', 'action':'manage_main', manage_options=(
'help':('OFSP','DTML-Document_Edit.dtml')}, DTMLMethod.manage_options+
{'label':'Upload', 'action':'manage_uploadForm', PropertyManager.manage_options
'help':('OFSP','DTML-Document_Upload.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','DTML-Document_Properties.dtml')},
{'label':'View', 'action':'',
'help':('OFSP','DTML-Document_View.dtml')},
{'label':'Proxy', 'action':'manage_proxyForm',
'help':('OFSP','DTML-Document_Proxy.dtml')},
{'label':'Security', 'action':'manage_access',
'help':('OFSP','DTML-Document_Security.dtml')},
) )
__ac_permissions__=( __ac_permissions__=(
...@@ -163,6 +155,10 @@ class DTMLDocument(PropertyManager, DTMLMethod): ...@@ -163,6 +155,10 @@ class DTMLDocument(PropertyManager, DTMLMethod):
kw['document_title']=self.title kw['document_title']=self.title
if hasattr(self, 'aq_explicit'): bself=self.aq_explicit if hasattr(self, 'aq_explicit'): bself=self.aq_explicit
else: bself=self else: bself=self
security=getSecurityManager()
security.addContext(self)
if client is None: if client is None:
# Called as subtemplate, so don't need error propigation! # Called as subtemplate, so don't need error propigation!
r=apply(HTML.__call__, (self, bself, REQUEST), kw) r=apply(HTML.__call__, (self, bself, REQUEST), kw)
......
lib/python/OFS/DTMLMethod.py
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""DTML Method objects.""" """DTML Method objects."""
__version__='$Revision: 1.42 $'[11:-2] __version__='$Revision: 1.43 $'[11:-2]
from Globals import HTML, HTMLFile, MessageDialog from Globals import HTML, HTMLFile, MessageDialog
from string import join,split,strip,rfind,atoi,lower from string import join,split,strip,rfind,atoi,lower
...@@ -93,12 +93,13 @@ from OFS.content_types import guess_content_type ...@@ -93,12 +93,13 @@ from OFS.content_types import guess_content_type
from DocumentTemplate.DT_Util import cDocument from DocumentTemplate.DT_Util import cDocument
from PropertyManager import PropertyManager from PropertyManager import PropertyManager
from AccessControl.Role import RoleManager from AccessControl.Role import RoleManager
from AccessControl.User import verify_watermark
from webdav.common import rfc1123_date from webdav.common import rfc1123_date
from ZDOM import ElementWithTitle from ZDOM import ElementWithTitle
from DateTime.DateTime import DateTime from DateTime.DateTime import DateTime
from urllib import quote from urllib import quote
import ts_regex, Globals, sys, Acquisition import ts_regex, Globals, sys, Acquisition
from AccessControl import getSecurityManager
class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager, class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
...@@ -115,16 +116,19 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager, ...@@ -115,16 +116,19 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
func_code.co_varnames='self','REQUEST','RESPONSE' func_code.co_varnames='self','REQUEST','RESPONSE'
func_code.co_argcount=3 func_code.co_argcount=3
manage_options=({'label':'Edit', 'action':'manage_main', manage_options=(
'help':('OFSP','DTML-Method_Edit.dtml')}, (
{'label':'Edit', 'action':'manage_main',
'help':('OFSP','DTML-DocumentOrMethod_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm', {'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','DTML-Method_Upload.dtml')}, 'help':('OFSP','DTML-DocumentOrMethod_Upload.dtml')},
{'label':'View', 'action':'', {'label':'View', 'action':'',
'help':('OFSP','DTML-Method_View.dtml')}, 'help':('OFSP','DTML-DocumentOrMethod_View.dtml')},
{'label':'Proxy', 'action':'manage_proxyForm', {'label':'Proxy', 'action':'manage_proxyForm',
'help':('OFSP','DTML-Method_Proxy.dtml')}, 'help':('OFSP','DTML-DocumentOrMethod_Proxy.dtml')},
{'label':'Security', 'action':'manage_access', )
'help':('OFSP','DTML-Method_Security.dtml')}, +RoleManager.manage_options
+Item_w__name__.manage_options
) )
__ac_permissions__=( __ac_permissions__=(
...@@ -143,9 +147,9 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager, ...@@ -143,9 +147,9 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
kw['document_id'] =self.id kw['document_id'] =self.id
kw['document_title']=self.title kw['document_title']=self.title
# Verify the authenticated user object. security=getSecurityManager()
if REQUEST.has_key('AUTHENTICATED_USER'): security.addContext(self)
verify_watermark(REQUEST['AUTHENTICATED_USER']) try:
if client is None: if client is None:
# Called as subtemplate, so don't need error propigation! # Called as subtemplate, so don't need error propigation!
...@@ -158,6 +162,8 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager, ...@@ -158,6 +162,8 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
if RESPONSE is None: return r if RESPONSE is None: return r
finally: security.removeContext(self)
# Ick. I don't like this. But someone can override it with # Ick. I don't like this. But someone can override it with
# a header if they have to. # a header if they have to.
hh=RESPONSE.headers.has_key hh=RESPONSE.headers.has_key
...@@ -170,54 +176,8 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager, ...@@ -170,54 +176,8 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
return len(self.raw) return len(self.raw)
getSize=get_size getSize=get_size
def oldvalidate(self, inst, parent, name, value, md): def validate(self, inst, parent, name, value, md):
################################################################# return getSecurityManager().validate(inst, parent, name, value)
# Note that this method is not used normally. It is simply a
# Python rendition of the validate method implemented in
# DocumentTemplate.cDocumentTemplate. The Python version
# serves the role of a requirements spec for the C version and
# can also be useful (if temporarily renamed to validate) for
# debugging.
#################################################################
try:
if (name[:3]=='aq_' and
name != 'aq_parent' and name != 'aq_explicit'):
return 0
except: pass # name might not be a string!
# Try to get roles
if hasattr(value, '__roles__'): roles=value.__roles__
else:
if hasattr(parent,'__roles__'): roles=parent.__roles__
elif hasattr(parent, 'aq_acquire'):
try: roles=parent.aq_acquire('__roles__')
except AttributeError:
if hasattr(inst, 'aq_base'): inst=inst.aq_base
if hasattr(parent, 'aq_base'): parent=parent.aq_base
return inst is parent
else:
if hasattr(inst, 'aq_base'): inst=inst.aq_base
if hasattr(parent, 'aq_base'): parent=parent.aq_base
return inst is parent
value=parent
if roles is None: return 1
try:
if md.AUTHENTICATED_USER.hasRole(value, roles):
return 1
except AttributeError: pass
for r in self._proxy_roles:
if r in roles: return 1
if inst is parent:
raise 'Unauthorized', (
'You are not authorized to access <em>%s</em>.' % name)
return 0
manage_editForm=HTMLFile('documentEdit', globals()) manage_editForm=HTMLFile('documentEdit', globals())
manage_uploadForm=HTMLFile('documentUpload', globals()) manage_uploadForm=HTMLFile('documentUpload', globals())
...@@ -285,9 +245,7 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager, ...@@ -285,9 +245,7 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
def _validateProxy(self, request, roles=None): def _validateProxy(self, request, roles=None):
if roles is None: roles=self._proxy_roles if roles is None: roles=self._proxy_roles
if not roles: return if not roles: return
user=u=request.get('AUTHENTICATED_USER',None) user=u=getSecurityManager().getUser()
if user is not None:
verify_watermark(user)
user=user.hasRole user=user.hasRole
for r in roles: for r in roles:
if r and not user(self, (r,)): if r and not user(self, (r,)):
......
lib/python/OFS/FindSupport.py
View file @ 12bb20e5
...@@ -83,7 +83,7 @@ ...@@ -83,7 +83,7 @@
# #
############################################################################## ##############################################################################
__doc__="""Find support""" __doc__="""Find support"""
__version__='$Revision: 1.15 $'[11:-2] __version__='$Revision: 1.16 $'[11:-2]
import sys, os, string, time, Globals, ExtensionClass import sys, os, string, time, Globals, ExtensionClass
...@@ -93,8 +93,7 @@ from Globals import HTMLFile ...@@ -93,8 +93,7 @@ from Globals import HTMLFile
from DocumentTemplate.DT_Util import InstanceDict, TemplateDict, cDocument from DocumentTemplate.DT_Util import InstanceDict, TemplateDict, cDocument
from DateTime import DateTime from DateTime import DateTime
from string import find from string import find
from AccessControl import getSecurityManager
class FindSupport(ExtensionClass.Base): class FindSupport(ExtensionClass.Base):
"""Find support for Zope Folders""" """Find support for Zope Folders"""
...@@ -110,6 +109,11 @@ class FindSupport(ExtensionClass.Base): ...@@ -110,6 +109,11 @@ class FindSupport(ExtensionClass.Base):
'manage_findResult')), 'manage_findResult')),
) )
manage_options=(
{'label':'Find', 'action':'manage_findFrame', 'target':'manage_main',
'help':('OFSP','Find.dtml')},
)
def ZopeFind(self, obj, obj_ids=None, obj_metatypes=None, def ZopeFind(self, obj, obj_ids=None, obj_metatypes=None,
obj_searchterm=None, obj_expr=None, obj_searchterm=None, obj_expr=None,
obj_mtime=None, obj_mspec=None, obj_mtime=None, obj_mspec=None,
...@@ -136,8 +140,6 @@ class FindSupport(ExtensionClass.Base): ...@@ -136,8 +140,6 @@ class FindSupport(ExtensionClass.Base):
if obj_expr: if obj_expr:
# Setup expr machinations # Setup expr machinations
md=td() md=td()
if hasattr(REQUEST, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER
obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop) obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop)
base=obj base=obj
...@@ -230,8 +232,6 @@ class FindSupport(ExtensionClass.Base): ...@@ -230,8 +232,6 @@ class FindSupport(ExtensionClass.Base):
if obj_expr: if obj_expr:
# Setup expr machinations # Setup expr machinations
md=td() md=td()
if hasattr(REQUEST, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER
obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop) obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop)
base=obj base=obj
...@@ -299,9 +299,10 @@ class FindSupport(ExtensionClass.Base): ...@@ -299,9 +299,10 @@ class FindSupport(ExtensionClass.Base):
class td(TemplateDict, cDocument): class td(TemplateDict):
pass
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
def expr_match(ob, ed, c=InstanceDict, r=0): def expr_match(ob, ed, c=InstanceDict, r=0):
......
lib/python/OFS/Folder.py
View file @ 12bb20e5
...@@ -87,17 +87,15 @@ ...@@ -87,17 +87,15 @@
Folders are the basic container objects and are analogous to directories. Folders are the basic container objects and are analogous to directories.
$Id: Folder.py,v 1.86 2000/03/28 16:58:55 michel Exp $""" $Id: Folder.py,v 1.87 2000/05/11 18:54:14 jim Exp $"""
__version__='$Revision: 1.86 $'[11:-2] __version__='$Revision: 1.87 $'[11:-2]
import Globals, SimpleItem, ObjectManager, PropertyManager
import AccessControl.Role, webdav.Collection, FindSupport
import Globals, SimpleItem
from ObjectManager import ObjectManager
from PropertyManager import PropertyManager
from AccessControl.Role import RoleManager
from webdav.Collection import Collection
from FindSupport import FindSupport
from Globals import HTMLFile from Globals import HTMLFile
from AccessControl import getSecurityManager
manage_addFolderForm=HTMLFile('folderAdd', globals()) manage_addFolderForm=HTMLFile('folderAdd', globals())
...@@ -116,29 +114,37 @@ def manage_addFolder(self, id, title='', ...@@ -116,29 +114,37 @@ def manage_addFolder(self, id, title='',
ob.id=id ob.id=id
ob.title=title ob.title=title
self._setObject(id, ob) self._setObject(id, ob)
try: user=REQUEST['AUTHENTICATED_USER'] ob=self._getOb(id)
except: user=None
checkPermission=getSecurityManager().checkPermission
if createUserF: if createUserF:
if (user is not None) and not ( if not checkPermission('Add User Folders', ob):
user.has_permission('Add User Folders', self)):
raise 'Unauthorized', ( raise 'Unauthorized', (
'You are not authorized to add User Folders.' 'You are not authorized to add User Folders.'
) )
ob.manage_addUserFolder() ob.manage_addUserFolder()
if createPublic: if createPublic:
if (user is not None) and not ( if not checkPermission('Add Documents, Images, and Files', ob):
user.has_permission('Add Documents, Images, and Files', self)):
raise 'Unauthorized', ( raise 'Unauthorized', (
'You are not authorized to add DTML Documents.' 'You are not authorized to add DTML Documents.'
) )
ob.manage_addDTMLDocument(id='index_html', title='') ob.manage_addDTMLDocument(id='index_html', title='')
if REQUEST is not None: if REQUEST is not None:
return self.manage_main(self, REQUEST, update_menu=1) return self.manage_main(self, REQUEST, update_menu=1)
class Folder(ObjectManager, PropertyManager, RoleManager, Collection, class Folder(
SimpleItem.Item, FindSupport): ObjectManager.ObjectManager,
PropertyManager.PropertyManager,
AccessControl.Role.RoleManager,
webdav.Collection.Collection,
SimpleItem.Item,
FindSupport.FindSupport,
):
""" """
Folders are basic container objects that provide a standard Folders are basic container objects that provide a standard
interface for object management. Folder objects also implement interface for object management. Folder objects also implement
...@@ -149,20 +155,15 @@ class Folder(ObjectManager, PropertyManager, RoleManager, Collection, ...@@ -149,20 +155,15 @@ class Folder(ObjectManager, PropertyManager, RoleManager, Collection,
_properties=({'id':'title', 'type': 'string'},) _properties=({'id':'title', 'type': 'string'},)
manage_options=( manage_options=(
{'label':'Contents', 'action':'manage_main', ObjectManager.ObjectManager.manage_options+
'help':('OFSP','Folder_Contents.dtml')}, PropertyManager.PropertyManager.manage_options+
(
{'label':'View', 'action':'index_html', {'label':'View', 'action':'index_html',
'help':('OFSP','Folder_View.dtml')}, 'help':('OFSP','Folder_View.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm', )+
'help':('OFSP','Folder_Properties.dtml')}, FindSupport.FindSupport.manage_options+
{'label':'Import/Export', 'action':'manage_importExportForm', AccessControl.Role.RoleManager.manage_options+
'help':('OFSP','Folder_Import-Export.dtml')}, SimpleItem.Item.manage_options
{'label':'Security', 'action':'manage_access',
'help':('OFSP','Folder_Security.dtml')},
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Folder_Undo.dtml')},
{'label':'Find', 'action':'manage_findFrame', 'target':'manage_main',
'help':('OFSP','Folder_Find.dtml')},
) )
__ac_permissions__=() __ac_permissions__=()
......
lib/python/OFS/Image.py
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Image object""" """Image object"""
__version__='$Revision: 1.99 $'[11:-2] __version__='$Revision: 1.100 $'[11:-2]
import Globals, string, struct, content_types import Globals, string, struct, content_types
from OFS.content_types import guess_content_type from OFS.content_types import guess_content_type
...@@ -137,16 +137,18 @@ class File(Persistent,Implicit,PropertyManager, ...@@ -137,16 +137,18 @@ class File(Persistent,Implicit,PropertyManager,
manage_uploadForm=HTMLFile('imageUpload',globals(),Kind='File',kind='file') manage_uploadForm=HTMLFile('imageUpload',globals(),Kind='File',kind='file')
manage=manage_main=manage_editForm manage=manage_main=manage_editForm
manage_options=({'label':'Edit', 'action':'manage_main', manage_options=(
(
{'label':'Edit', 'action':'manage_main',
'help':('OFSP','File_Edit.dtml')}, 'help':('OFSP','File_Edit.dtml')},
{'label':'Upload', 'action':'manage_uploadForm', {'label':'Upload', 'action':'manage_uploadForm',
'help':('OFSP','File_Upload.dtml')}, 'help':('OFSP','File_Upload.dtml')},
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','File_Properties.dtml')},
{'label':'View', 'action':'', {'label':'View', 'action':'',
'help':('OFSP','File_View.dtml')}, 'help':('OFSP','File_View.dtml')},
{'label':'Security', 'action':'manage_access', )
'help':('OFSP','File_Security.dtml')}, +PropertyManager.manage_options
+Item_w__name__.manage_options
+RoleManager.manage_options
) )
__ac_permissions__=( __ac_permissions__=(
...@@ -435,17 +437,16 @@ class Image(File): ...@@ -435,17 +437,16 @@ class Image(File):
{'id':'width', 'type':'string'}, {'id':'width', 'type':'string'},
) )
manage_options=({'label':'Edit', 'action':'manage_main', # Grrrrr, need to replace the view option.
'help':('OFSP','Image_Edit.dtml')}, manage_options=tuple(map(
{'label':'Upload', 'action':'manage_uploadForm', lambda o:
'help':('OFSP','Image_Upload.dtml')}, (o['label']=='View'
{'label':'Properties', 'action':'manage_propertiesForm', and
'help':('OFSP','Image_Properties.dtml')},
{'label':'View', 'action':'view_image_or_file', {'label':'View', 'action':'view_image_or_file',
'help':('OFSP','Image_View.dtml')}, 'help':('OFSP','Image_View.dtml')}
{'label':'Security', 'action':'manage_access', or o)
'help':('OFSP','Image_Security.dtml')}, , File.manage_options))
)
manage_editForm =HTMLFile('imageEdit',globals(),Kind='Image',kind='image') manage_editForm =HTMLFile('imageEdit',globals(),Kind='Image',kind='image')
view_image_or_file =HTMLFile('imageView',globals()) view_image_or_file =HTMLFile('imageView',globals())
......
lib/python/OFS/ObjectManager.py
View file @ 12bb20e5
...@@ -84,11 +84,11 @@ ...@@ -84,11 +84,11 @@
############################################################################## ##############################################################################
__doc__="""Object Manager __doc__="""Object Manager
$Id: ObjectManager.py,v 1.88 2000/05/11 16:24:44 tseaver Exp $""" $Id: ObjectManager.py,v 1.89 2000/05/11 18:54:14 jim Exp $"""
__version__='$Revision: 1.88 $'[11:-2] __version__='$Revision: 1.89 $'[11:-2]
import App.Management, Acquisition, App.Undo, Globals, CopySupport, Products import App.Management, Acquisition, Globals, CopySupport, Products
import os, App.FactoryDispatcher, ts_regex, Products import os, App.FactoryDispatcher, ts_regex, Products
from Globals import HTMLFile, HTMLFile, Persistent from Globals import HTMLFile, HTMLFile, Persistent
from Globals import MessageDialog, default__class_init__ from Globals import MessageDialog, default__class_init__
...@@ -98,6 +98,7 @@ from urllib import quote ...@@ -98,6 +98,7 @@ from urllib import quote
from cStringIO import StringIO from cStringIO import StringIO
import marshal import marshal
import App.Common import App.Common
from AccessControl import getSecurityManager
bad_id=ts_regex.compile('[^a-zA-Z0-9-_~\,\. ]').search #TS bad_id=ts_regex.compile('[^a-zA-Z0-9-_~\,\. ]').search #TS
...@@ -108,7 +109,6 @@ class ObjectManager( ...@@ -108,7 +109,6 @@ class ObjectManager(
App.Management.Tabs, App.Management.Tabs,
Acquisition.Implicit, Acquisition.Implicit,
Persistent, Persistent,
App.Undo.UndoSupport,
Collection, Collection,
): ):
"""Generic object manager """Generic object manager
...@@ -139,9 +139,11 @@ class ObjectManager( ...@@ -139,9 +139,11 @@ class ObjectManager(
manage_main=HTMLFile('main', globals()) manage_main=HTMLFile('main', globals())
manage_options=( manage_options=(
{'label':'Contents', 'action':'manage_main'}, {'label':'Contents', 'action':'manage_main',
'help':('OFSP','ObjectManager_Contents.dtml')},
{'label':'Import/Export', 'action':'manage_importExportForm',
'help':('OFSP','ObjectManager_Import-Export.dtml')},
) )
isAnObjectManager=1 isAnObjectManager=1
...@@ -175,8 +177,11 @@ class ObjectManager( ...@@ -175,8 +177,11 @@ class ObjectManager(
) )
def filtered_meta_types(self, user): def filtered_meta_types(self, user=None):
"Those meta types for which a user has adequite permissions." "Those meta types for which a user has adequite permissions."
user=getSecurityManager().getUser()
meta_types=[] meta_types=[]
if callable(self.all_meta_types): if callable(self.all_meta_types):
all=self.all_meta_types() all=self.all_meta_types()
...@@ -235,14 +240,14 @@ class ObjectManager( ...@@ -235,14 +240,14 @@ class ObjectManager(
self._objects=self._objects+({'id':id,'meta_type':t},) self._objects=self._objects+({'id':id,'meta_type':t},)
self._setOb(id,object) self._setOb(id,object)
object=self._getOb(id) object=self._getOb(id)
object.manage_fixupOwnershipAfterAdd()
object.manage_afterAdd(object, self) object.manage_afterAdd(object, self)
# Try to give user the local role "Owner", but only if # Try to give user the local role "Owner", but only if
# no local roles have been set on the object yet. # no local roles have been set on the object yet.
if hasattr(self, 'REQUEST') and type(self.REQUEST) != type('') and \ if hasattr(object, '__ac_local_roles__'):
hasattr(object, '__ac_local_roles__'):
if object.__ac_local_roles__ is None: if object.__ac_local_roles__ is None:
user=self.REQUEST['AUTHENTICATED_USER'] user=getSecurityManager().getUser()
name=user.getUserName() name=user.getUserName()
if name != 'Anonymous User': if name != 'Anonymous User':
object.manage_setLocalRoles(name, ['Owner']) object.manage_setLocalRoles(name, ['Owner'])
...@@ -537,10 +542,10 @@ class ObjectManager( ...@@ -537,10 +542,10 @@ class ObjectManager(
# check to see if we are acquiring our objectValues or not # check to see if we are acquiring our objectValues or not
if not (len(REQUEST.PARENTS) > 1 and if not (len(REQUEST.PARENTS) > 1 and
self.objectValues() == REQUEST.PARENTS[1].objectValues()): self.objectValues() == REQUEST.PARENTS[1].objectValues()):
if REQUEST['AUTHENTICATED_USER'].allowed( try:
self.manage_FTPlist, if getSecurityManager().validateValue(self.manage_FTPlist):
self.manage_FTPlist.__roles__):
mode=mode | 0770 mode=mode | 0770
except: pass
if nobody.allowed( if nobody.allowed(
self.manage_FTPlist, self.manage_FTPlist,
self.manage_FTPlist.__roles__): self.manage_FTPlist.__roles__):
......
lib/python/OFS/PropertyManager.py
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Property management""" """Property management"""
__version__='$Revision: 1.19 $'[11:-2] __version__='$Revision: 1.20 $'[11:-2]
import ExtensionClass, Globals import ExtensionClass, Globals
import ZDOM import ZDOM
...@@ -161,6 +161,12 @@ class PropertyManager(ExtensionClass.Base, ZDOM.ElementWithAttributes): ...@@ -161,6 +161,12 @@ class PropertyManager(ExtensionClass.Base, ZDOM.ElementWithAttributes):
'manage_delProperties', 'manage_delProperties',
'manage_changeProperties',)), 'manage_changeProperties',)),
""" """
manage_options=(
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Properties.dtml')},
)
manage_propertiesForm=HTMLFile('properties', globals(), manage_propertiesForm=HTMLFile('properties', globals(),
property_extensible_schema__=1) property_extensible_schema__=1)
......
lib/python/OFS/SimpleItem.py
View file @ 12bb20e5
...@@ -89,11 +89,11 @@ Aqueduct database adapters, etc. ...@@ -89,11 +89,11 @@ Aqueduct database adapters, etc.
This module can also be used as a simple template for implementing new This module can also be used as a simple template for implementing new
item types. item types.
$Id: SimpleItem.py,v 1.68 2000/04/04 22:41:52 jim Exp $''' $Id: SimpleItem.py,v 1.69 2000/05/11 18:54:14 jim Exp $'''
__version__='$Revision: 1.68 $'[11:-2] __version__='$Revision: 1.69 $'[11:-2]
import regex, sys, Globals, App.Management, Acquisition import regex, sys, Globals, App.Management, Acquisition, App.Undo
import AccessControl.Role import AccessControl.Role, AccessControl.Owned, App.Common
from webdav.Resource import Resource from webdav.Resource import Resource
from ExtensionClass import Base from ExtensionClass import Base
from DateTime import DateTime from DateTime import DateTime
...@@ -102,16 +102,20 @@ from string import join, lower, find, split ...@@ -102,16 +102,20 @@ from string import join, lower, find, split
from types import InstanceType, StringType from types import InstanceType, StringType
from ComputedAttribute import ComputedAttribute from ComputedAttribute import ComputedAttribute
from urllib import quote from urllib import quote
import App.Common from AccessControl import getSecurityManager
import marshal import marshal
import ZDOM import ZDOM
HTML=Globals.HTML HTML=Globals.HTML
_marker=[] _marker=[]
StringType=type('')
class Item(Base, Resource, CopySource, App.Management.Tabs, class Item(Base, Resource, CopySource, App.Management.Tabs,
ZDOM.Element): ZDOM.Element,
AccessControl.Owned.Owned,
App.Undo.UndoSupport,
):
"""A common base class for simple, non-container objects.""" """A common base class for simple, non-container objects."""
isPrincipiaFolderish=0 isPrincipiaFolderish=0
isTopLevelPrincipiaApplicationObject=0 isTopLevelPrincipiaApplicationObject=0
...@@ -140,11 +144,17 @@ class Item(Base, Resource, CopySource, App.Management.Tabs, ...@@ -140,11 +144,17 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
# Default propertysheet info: # Default propertysheet info:
__propsets__=() __propsets__=()
manage_options=() manage_options=(
App.Undo.UndoSupport.manage_options
+AccessControl.Owned.Owned.manage_options
)
# Attributes that must be acquired # Attributes that must be acquired
REQUEST=Acquisition.Acquired REQUEST=Acquisition.Acquired
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
getPhysicalRoot=Acquisition.Acquired getPhysicalRoot=Acquisition.Acquired
getPhysicalRoot__roles__=() getPhysicalRoot__roles__=()
...@@ -268,21 +278,28 @@ class Item(Base, Resource, CopySource, App.Management.Tabs, ...@@ -268,21 +278,28 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
"psuedo stat, used by FTP for directory listings" "psuedo stat, used by FTP for directory listings"
from AccessControl.User import nobody from AccessControl.User import nobody
mode=0100000 mode=0100000
# check read permissions # check read permissions
if hasattr(self.aq_base,'manage_FTPget') and \ if (hasattr(self.aq_base,'manage_FTPget') and
hasattr(self.manage_FTPget, '__roles__'): hasattr(self.manage_FTPget, '__roles__')):
if REQUEST['AUTHENTICATED_USER'].allowed(self.manage_FTPget, try:
self.manage_FTPget.__roles__): if getSecurityManager().validateValue(self.manage_FTPget):
mode=mode | 0440 mode=mode | 0440
if nobody.allowed(self.manage_FTPget, self.manage_FTPget.__roles__): except: pass
if nobody.allowed(self.manage_FTPget,
self.manage_FTPget.__roles__):
mode=mode | 0004 mode=mode | 0004
# check write permissions # check write permissions
if hasattr(self.aq_base,'PUT') and hasattr(self.PUT, '__roles__'): if hasattr(self.aq_base,'PUT') and hasattr(self.PUT, '__roles__'):
if REQUEST['AUTHENTICATED_USER'].allowed(self.PUT, try:
self.PUT.__roles__): if getSecurityManager().validateValue(self.PUT):
mode=mode | 0220 mode=mode | 0220
except: pass
if nobody.allowed(self.PUT, self.PUT.__roles__): if nobody.allowed(self.PUT, self.PUT.__roles__):
mode=mode | 0002 mode=mode | 0002
# get size # get size
if hasattr(self, 'get_size'): if hasattr(self, 'get_size'):
size=self.get_size() size=self.get_size()
...@@ -332,12 +349,31 @@ class Item(Base, Resource, CopySource, App.Management.Tabs, ...@@ -332,12 +349,31 @@ class Item(Base, Resource, CopySource, App.Management.Tabs,
unrestrictedTraverse__roles__=() unrestrictedTraverse__roles__=()
def unrestrictedTraverse(self, path, default=_marker): def unrestrictedTraverse(self, path, default=_marker):
if not path: return self
object = self object = self
get=getattr get=getattr
N=None N=None
M=_marker M=_marker
if type(path) is StringType: path=split(path,'/')
else: path=list(path)
REQUEST={'path': path}
path.reverse()
pop=path.pop
try: try:
for name in path: while path:
name=pop()
if name=='..':
o=getattr(object, 'aq_parent', M)
if o is not M:
object=o
continue
t=get(object, '__bobo_traverse__', N) t=get(object, '__bobo_traverse__', N)
if t is not N: if t is not N:
object=t(N, name) object=t(N, name)
...@@ -416,7 +452,6 @@ def pretty_tb(t,v,tb): ...@@ -416,7 +452,6 @@ def pretty_tb(t,v,tb):
tb=join(tb,'\n') tb=join(tb,'\n')
return tb return tb
class SimpleItem(Item, Globals.Persistent, class SimpleItem(Item, Globals.Persistent,
Acquisition.Implicit, Acquisition.Implicit,
AccessControl.Role.RoleManager, AccessControl.Role.RoleManager,
...@@ -425,7 +460,7 @@ class SimpleItem(Item, Globals.Persistent, ...@@ -425,7 +460,7 @@ class SimpleItem(Item, Globals.Persistent,
"""Mix-in class combining the most common set of basic mix-ins """Mix-in class combining the most common set of basic mix-ins
""" """
manage_options=( manage_options=Item.manage_options+(
{'label':'Security', 'action':'manage_access'}, {'label':'Security', 'action':'manage_access'},
) )
......
lib/python/OFS/documentProxy.dtml
View file @ 12bb20e5
...@@ -6,11 +6,10 @@ ...@@ -6,11 +6,10 @@
<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555"> <BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
<dtml-var manage_tabs> <dtml-var manage_tabs>
<P> <P>
Proxy Roles allow a DTML Document or Method to access Proxy roles allow you to control the access that a DTML document or
restricted Zope resources. Normally a DTML Method or Document method has. Proxy roles replace the roles of the user who is viewing
can only access resources for which the user is authorized. the document or method. This can be used to both expand and limit
By adding Proxy Roles, you allow the DTML Document or Method access to resources.
to act with additional roles, beyond what the user may have.
</P> </P>
<P>Use the form below to select which roles this DTML document <P>Use the form below to select which roles this DTML document
......
lib/python/OFS/folderAdd.dtml
View file @ 12bb20e5
...@@ -42,7 +42,7 @@ information for the Folder. ...@@ -42,7 +42,7 @@ information for the Folder.
</TR> </TR>
<TR><TD COLSPAN="2"><BR></TD></TR> <TR><TD COLSPAN="2"><BR></TD></TR>
<dtml-if "AUTHENTICATED_USER.has_permission('Add Documents, Images, and Files',this())"> <dtml-if "_.SecurityCheckPermission('Add Documents, Images, and Files',this())">
<TR> <TR>
<TD ALIGN="TOP" COLSPAN="2"> <TD ALIGN="TOP" COLSPAN="2">
<INPUT TYPE="CHECKBOX" NAME="createPublic:int" VALUE="1" CHECKED ID="cbCreatePublic"> <INPUT TYPE="CHECKBOX" NAME="createPublic:int" VALUE="1" CHECKED ID="cbCreatePublic">
...@@ -51,7 +51,7 @@ information for the Folder. ...@@ -51,7 +51,7 @@ information for the Folder.
</TR> </TR>
</dtml-if> </dtml-if>
<dtml-if "AUTHENTICATED_USER.has_permission('Add User Folders',this())"> <dtml-if "_.SecurityCheckPermission('Add User Folders',this())">
<TR> <TR>
<TD ALIGN="TOP" COLSPAN="2"> <TD ALIGN="TOP" COLSPAN="2">
<INPUT TYPE="CHECKBOX" NAME="createUserF:int" VALUE="1" CHECKED ID="cbCreateUserF"> <INPUT TYPE="CHECKBOX" NAME="createUserF:int" VALUE="1" CHECKED ID="cbCreateUserF">
......
lib/python/OFS/main.dtml
View file @ 12bb20e5
...@@ -54,10 +54,10 @@ ...@@ -54,10 +54,10 @@
<INPUT TYPE="SUBMIT" NAME="manage_pasteObjects:method" VALUE="Paste"> <INPUT TYPE="SUBMIT" NAME="manage_pasteObjects:method" VALUE="Paste">
</dtml-if> </dtml-if>
</dtml-unless> </dtml-unless>
<dtml-if "AUTHENTICATED_USER.has_permission('Delete objects', this())"> <dtml-if "_.SecurityCheckPermission('Delete objects',this())">
<INPUT TYPE="SUBMIT" NAME="manage_delObjects:method" VALUE="Delete"> <INPUT TYPE="SUBMIT" NAME="manage_delObjects:method" VALUE="Delete">
</dtml-if> </dtml-if>
<dtml-if "AUTHENTICATED_USER.has_permission('Import/Export objects', this())"> <dtml-if "_.SecurityCheckPermission('Import/Export objects', this())">
<INPUT TYPE="SUBMIT" NAME="manage_importExportForm:method" VALUE="Export..."> <INPUT TYPE="SUBMIT" NAME="manage_importExportForm:method" VALUE="Export...">
</dtml-if> </dtml-if>
</TD> </TD>
...@@ -79,9 +79,9 @@ There are currently no items in <EM><dtml-var title_or_id></EM> ...@@ -79,9 +79,9 @@ There are currently no items in <EM><dtml-var title_or_id></EM>
</dtml-if> </dtml-if>
</FORM> </FORM>
<dtml-if "filtered_meta_types(AUTHENTICATED_USER)"> <dtml-if filtered_meta_types>
<dtml-if "_.len(filtered_meta_types(AUTHENTICATED_USER)) > 1"> <dtml-if "_.len(filtered_meta_types) > 1">
<TABLE ALIGN="LEFT"> <TABLE ALIGN="LEFT">
<TR> <TR>
<TD VALIGN="MIDDLE"> <TD VALIGN="MIDDLE">
...@@ -95,7 +95,7 @@ There are currently no items in <EM><dtml-var title_or_id></EM> ...@@ -95,7 +95,7 @@ There are currently no items in <EM><dtml-var title_or_id></EM>
<SELECT NAME=":method" ONCHANGE="location.href='<dtml-var URL1 <SELECT NAME=":method" ONCHANGE="location.href='<dtml-var URL1
>/'+this.options[this.selectedIndex].value"> >/'+this.options[this.selectedIndex].value">
<OPTION value="manage_workspace" DISABLED>Available Objects <OPTION value="manage_workspace" DISABLED>Available Objects
<dtml-in "filtered_meta_types(AUTHENTICATED_USER)" mapping sort=name> <dtml-in filtered_meta_types mapping sort=name>
<OPTION value="<dtml-var action fmt="url-quote">"><dtml-var name> <OPTION value="<dtml-var action fmt="url-quote">"><dtml-var name>
</dtml-in> </dtml-in>
</SELECT> </SELECT>
...@@ -107,7 +107,7 @@ There are currently no items in <EM><dtml-var title_or_id></EM> ...@@ -107,7 +107,7 @@ There are currently no items in <EM><dtml-var title_or_id></EM>
<dtml-else> <dtml-else>
<FORM ACTION="<dtml-var URL1>/" METHOD="GET"> <FORM ACTION="<dtml-var URL1>/" METHOD="GET">
To add a new item click &quot;Add&quot;. To add a new item click &quot;Add&quot;.
<dtml-in "filtered_meta_types(AUTHENTICATED_USER)" mapping sort=name> <dtml-in filtered_meta_types mapping sort=name>
<input type=hidden name=":method" value="<dtml-var action fmt="url-quote">"> <input type=hidden name=":method" value="<dtml-var action fmt="url-quote">">
<INPUT TYPE="SUBMIT" VALUE=" Add "> <INPUT TYPE="SUBMIT" VALUE=" Add ">
</dtml-in> </dtml-in>
......
lib/python/Products/ExternalMethod/ExternalMethod.py
View file @ 12bb20e5
...@@ -88,7 +88,7 @@ ...@@ -88,7 +88,7 @@
This product provides support for external methods, which allow This product provides support for external methods, which allow
domain-specific customization of web environments. domain-specific customization of web environments.
""" """
__version__='$Revision: 1.36 $'[11:-2] __version__='$Revision: 1.37 $'[11:-2]
from Globals import Persistent, HTMLFile, MessageDialog, HTML from Globals import Persistent, HTMLFile, MessageDialog, HTML
import OFS.SimpleItem, Acquisition import OFS.SimpleItem, Acquisition
from string import split, join, find, lower from string import split, join, find, lower
...@@ -152,12 +152,14 @@ class ExternalMethod(OFS.SimpleItem.Item, Persistent, Acquisition.Explicit, ...@@ -152,12 +152,14 @@ class ExternalMethod(OFS.SimpleItem.Item, Persistent, Acquisition.Explicit,
HelpSys=Acquisition.Acquired HelpSys=Acquisition.Acquired
manage_options=( manage_options=(
(
{'label':'Properties', 'action':'manage_main', {'label':'Properties', 'action':'manage_main',
'help':('ExternalMethod','External-Method_Properties.dtml')}, 'help':('ExternalMethod','External-Method_Properties.dtml')},
{'label':'Try It', 'action':'', {'label':'Try It', 'action':'',
'help':('ExternalMethod','External-Method_Try-It.dtml')}, 'help':('ExternalMethod','External-Method_Try-It.dtml')},
{'label':'Security', 'action':'manage_access', )
'help':('ExternalMethod','External-Method_Security.dtml')}, +OFS.SimpleItem.Item.manage_options
+AccessControl.Role.RoleManager.manage_options
) )
__ac_permissions__=( __ac_permissions__=(
......
lib/python/Products/MailHost/MailHost.py
View file @ 12bb20e5
...@@ -82,7 +82,10 @@ ...@@ -82,7 +82,10 @@
# attributions are listed in the accompanying credits file. # attributions are listed in the accompanying credits file.
# #
############################################################################## ##############################################################################
"""SMTP mail objects""" """SMTP mail objects
$Id: MailHost.py,v 1.48 2000/05/11 18:54:15 jim Exp $"
__version__ = "$Revision: 1.48 $"[11:-2]
from Globals import Persistent, HTMLFile, HTML, MessageDialog from Globals import Persistent, HTMLFile, HTML, MessageDialog
from smtplib import SMTP from smtplib import SMTP
...@@ -93,8 +96,6 @@ import OFS.SimpleItem, re, quopri, rfc822 ...@@ -93,8 +96,6 @@ import OFS.SimpleItem, re, quopri, rfc822
import Globals import Globals
from cStringIO import StringIO from cStringIO import StringIO
#$Id: MailHost.py,v 1.47 2000/04/21 14:10:20 tseaver Exp $
__version__ = "$Revision: 1.47 $"[11:-2]
smtpError = "SMTP Error" smtpError = "SMTP Error"
MailHostError = "MailHost Error" MailHostError = "MailHost Error"
...@@ -118,16 +119,18 @@ class MailBase(Acquisition.Implicit, OFS.SimpleItem.Item, RoleManager): ...@@ -118,16 +119,18 @@ class MailBase(Acquisition.Implicit, OFS.SimpleItem.Item, RoleManager):
timeout=1.0 timeout=1.0
manage_options=({'icon':'', 'label':'Edit', manage_options=(
(
{'icon':'', 'label':'Edit',
'action':'manage_main', 'target':'manage_main', 'action':'manage_main', 'target':'manage_main',
'help':('MailHost','Mail-Host_Edit.dtml')}, 'help':('MailHost','Mail-Host_Edit.dtml')},
{'icon':'', 'label':'Security', )
'action':'manage_access', 'target':'manage_main', +OFS.SimpleItem.Item.manage_options
'help':('MailHost','Mail-Host_Security.dtml')}, +RoleManager.manage_options
) )
__ac_permissions__=( __ac_permissions__=(
('View management screens', ('manage',)), ('View management screens', ('manage','manage_main')),
('Change configuration', ('manage_makeChanges',)), ('Change configuration', ('manage_makeChanges',)),
('Use mailhost services',('',)), ('Use mailhost services',('',)),
) )
...@@ -221,10 +224,14 @@ class MailBase(Acquisition.Implicit, OFS.SimpleItem.Item, RoleManager): ...@@ -221,10 +224,14 @@ class MailBase(Acquisition.Implicit, OFS.SimpleItem.Item, RoleManager):
smtpserver.sendmail(headers['from'], headers['to'], messageText) smtpserver.sendmail(headers['from'], headers['to'], messageText)
def simple_send(self, mto, mfrom, subject, body): def simple_send(self, mto, mfrom, subject, body):
body="from: %s\nto: %s\nsubject: %s\n\n%s" % (mfrom, mto, subject, body) body="from: %s\nto: %s\nsubject: %s\n\n%s" % (
mfrom, mto, subject, body)
mailserver = SMTP(self.smtphost, self.smtpport) mailserver = SMTP(self.smtphost, self.smtpport)
mailserver.sendmail(mfrom, mto, body) mailserver.sendmail(mfrom, mto, body)
Globals.default__class_init__(MailBase)
class MailHost(Persistent, MailBase): class MailHost(Persistent, MailBase):
"persistent version" "persistent version"
......
lib/python/Products/OFSP/Version.py
View file @ 12bb20e5
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Version object""" """Version object"""
__version__='$Revision: 1.37 $'[11:-2] __version__='$Revision: 1.38 $'[11:-2]
import Globals, time import Globals, time
from AccessControl.Role import RoleManager from AccessControl.Role import RoleManager
...@@ -111,14 +111,16 @@ class Version(Persistent,Implicit,RoleManager,Item): ...@@ -111,14 +111,16 @@ class Version(Persistent,Implicit,RoleManager,Item):
meta_type='Version' meta_type='Version'
manage_options=( manage_options=(
(
{'label':'Join/Leave', 'action':'manage_main', {'label':'Join/Leave', 'action':'manage_main',
'help':('OFSP','Version_Join-Leave.dtml')}, 'help':('OFSP','Version_Join-Leave.dtml')},
{'label':'Save/Discard', 'action':'manage_end', {'label':'Save/Discard', 'action':'manage_end',
'help':('OFSP','Version_Save-Discard.dtml')}, 'help':('OFSP','Version_Save-Discard.dtml')},
{'label':'Properties', 'action':'manage_editForm', {'label':'Properties', 'action':'manage_editForm',
'help':('OFSP','Version_Properties.dtml')}, 'help':('OFSP','Version_Properties.dtml')},
{'label':'Security', 'action':'manage_access', )
'help':('OFSP','Version_Security.dtml')}, +Item.manage_options
+RoleManager.manage_options
) )
__ac_permissions__=( __ac_permissions__=(
......
lib/python/Products/OFSP/help/Folder_Advanced-Find.dtml lib/python/Products/OFSP/help/Advanced-Find.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>Advanced Find</h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Advanced Find</h1>
<p> This view allows you to search for Zope objects. </p> <p> This view allows you to search for Zope objects. </p>
<p> To find objects you specify search criteria in the top frame and <p> To find objects you specify search criteria in the top frame and
then click the <tt>Find</tt> button. The find results will appear in then click the <tt>Find</tt> button. The find results will appear in
......
lib/python/Products/OFSP/help/Common-Instance-Property-Sheet_Properties.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Common-Instance-Property-Sheet.dtml">Common Instance Property Sheet</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Control-Panel_Undo.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Control-Panel.dtml">Control Panel</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Document_Edit.dtml lib/python/Products/OFSP/help/DTML-DocumentOrMethod_Edit.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Edit</h1> DTML
<p> This view allows you to edit the contents of a document. </p> <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
Edit</h1>
<p> This view allows you to edit the contents of a DTML document or method. </p>
<p> The <tt>id</tt> field indicates the id of the document. <p> The <tt>id</tt> field indicates the id of the document.
The <tt>Title</tt> field allows you to edit the title of the The <tt>Title</tt> field allows you to edit the title of the
document. The <tt>Size</tt> field indicates the size of the document. The <tt>Size</tt> field indicates the size of the
......
lib/python/Products/OFSP/help/DTML-DocumentOrMethod_Proxy.dtml 0 → 100644
View file @ 12bb20e5
<dtml-var standard_html_header><h1>
DTML
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
Proxy</h1>
<p> This view allows you to manage proxy roles for a document or method. </p>
<p>
Proxy roles replace the roles of the user who is viewing the
document or method to allow the document additional access or to limit the
access the document or method has.
</p>
<p>
To see how proxy roles can be used to limit access, suppose we want to
assure that a document can only access public resources. We might do
this if we allowed untrusted users to edit the document. All we need
to do is to set the proxy roles to Anonymous. As long as we don't let
untrusted users change the proxy roles, we can let them edit the
document freely without worrying about giving them the ability to have
protected resources accessed when the document is viewed.
</p>
<p>
To see how proxy roles can be used to grant access, we might have a
method that performs some management task for an unpriviledged user.
For example, we might have a method that creates a folder for a user
and makes them the owner. The method needs to call the
'manage_addFolder' method to add the folder. Perhaps the
'manage_addFolder' requires the 'Manager' role. Simply give the method
the 'Manager' proxy role. This effectively allows the unpriviledged
user to create a folder, but only though the special method.
</p>
<p> Select the role(s) you wish to assign to the document from the
<tt>Proxy Roles</tt> multiple select list and click the
<tt>Change</tt> button to set proxy roles for the document. </p><dtml-var standard_html_footer>
lib/python/Products/OFSP/help/DTML-Document_Upload.dtml lib/python/Products/OFSP/help/DTML-DocumentOrMethod_Upload.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Upload</h1> DTML
<p> This view allows you to upload document files. </p> <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
<p> Use this view to completely replace the contents of a document or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
Upload</h1>
<p> This view allows you to upload DTML files. </p>
<p> Use this view to completely replace the contents of a document or method
with the contents of an uploaded text file from your local computer. Click the with the contents of an uploaded text file from your local computer. Click the
<tt>Browse...</tt> button to locate a file to upload. Click the <tt>Browse...</tt> button to locate a file to upload. Click the
<tt>Change</tt> button to replace the document's contents with the <tt>Change</tt> button to replace the document's contents with the
......
lib/python/Products/OFSP/help/DTML-DocumentOrMethod_View.dtml 0 → 100644
View file @ 12bb20e5
<dtml-var standard_html_header><h1>
DTML
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">Document</a>
or
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">Method</a>
View</h1>
<p> This view allows you to preview the document or method. </p><dtml-var standard_html_footer>
lib/python/Products/OFSP/help/DTML-Document_Properties.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Document_Proxy.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Proxy</h1>
<p> This view allows you to manage proxy roles for a document. </p>
<p> Proxy roles supplement the roles of the user who is viewing the
document in order to allow the document additional access. </p>
<p> Select the role(s) you wish to assign to the document from the
<tt>Proxy Roles</tt> multiple select list and click the
<tt>Change</tt> button to set proxy roles for the document. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Document_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Document_View.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document.dtml">DTML Document</a>&gt;View</h1>
<p> This view allows you to preview the document. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Method_Edit.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Edit</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_Edit.dtml">DTML Document&gt;Edit</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Method_Proxy.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Proxy</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_Proxy.dtml">DTML Document&gt;Proxy</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Method_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Method_Upload.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;Upload</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_Upload.dtml">DTML Document&gt;Upload</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/DTML-Method_View.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Method.dtml">DTML Method</a>&gt;View</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/DTML-Document_View.dtml">DTML Document&gt;View</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Database-Management_Undo.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Database-Management.dtml">Database Management</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/File_Properties.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File.dtml">File</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/File_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File.dtml">File</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Folder_Find.dtml lib/python/Products/OFSP/help/Find.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>Find</h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Find</h1>
<p> This view allows you to search for Zope objects. </p> <p> This view allows you to search for Zope objects. </p>
<p> To find objects you specify search criteria in the top frame and <p> To find objects you specify search criteria in the top frame and
then click the <tt>Find</tt> button. The find results will appear in then click the <tt>Find</tt> button. The find results will appear in
......
lib/python/Products/OFSP/help/Image_Edit.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Edit</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File_Edit.dtml">File&gt;Edit</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Image_Properties.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Image_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Image_Upload.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Image.dtml">Image</a>&gt;Upload</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/File_Upload.dtml">File&gt;Upload</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product-Management_Contents.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Contents</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Contents.dtml">Folder&gt;Contents</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product-Management_Find.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Find</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Find.dtml">Folder&gt;Find</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product-Management_Properties.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product-Management_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product-Management_Undo.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product-Management.dtml">Product Management</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product_Contents.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Contents</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Contents.dtml">Folder&gt;Contents</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product_Find.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Find</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Find.dtml">Folder&gt;Find</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product_Properties.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Properties</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Properties.dtml">Folder&gt;Properties</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Product_Undo.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Product.dtml">Product</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Folder_Properties.dtml lib/python/Products/OFSP/help/Properties.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>Properties</h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Properties</h1>
<p> This view allows you to define properties on your folder. </p> <p> This view allows you to define properties on your folder. </p>
<p> Current properties are listed one per line. You can change the <p> Current properties are listed one per line. You can change the
value of existing properties by entering new values in the text entry field(s) value of existing properties by entering new values in the text entry field(s)
......
lib/python/Products/OFSP/help/Security-DefinePermissions.dtml 0 → 100644
View file @ 12bb20e5
<dtml-var standard_html_header>
<h3>The "Define Permissions" View</h3>
<p> Permissions are used to represent abstract operations or
types of usage. A permission may correspond to many
low-level object operations. Permissions provide a way to
control access to operations without having to list each
operation explicitly.</p>
<p> When creating products or ZClasses, we use high-level
objects, like DTML Methods to define operations. These
high-level objects have thier own permissions, which
represent abstract operations on the low-level
operations of these high-level objects.</p>
<p> When defining permissions for our products and ZClasses,
we need to define what low-level operations these new
permissions correspond to. We could enumerate the
low-level operations of the high-level objects used to
implement the operations of our products or ZClasses, but
this would be:</p>
<ul><li><p>Cumbersone,</p>
<li><p>Error prone, and</p>
<li><p>likely to break as the interfaces of the high-level
objects evolve.</p>
</ul>
<p> What we do instead is to treat the permissions of the
high-level objects used to implement a product or ZClass'
operations as the low-level operations that the product or
ZClass operation's abstract. </p>
<p> This is done via the "Define Permissions" view.
The "Define Permissions" view is used to define how the
operations of this object (or objects that acquire
permission settings from this object) correspond to the
operations defined by your product or ZClass.</p>
<p> The view has a table with two columns. The first
column lists the permissions for an object. The second
column specifies the permissions that should have this
permission in this product or ZClass. For ZClass methods,
only permissions that are defined for the ZClass are
permitted.</p>
<p> In general, any permissions that include operations that
change (mutate) an object should be disabled. Otherwise,
a method could be modified when used on an instance, such
as a ZClass instance.</p>
<dtml-var standard_html_footer>
lib/python/Products/OFSP/help/Folder_Security.dtml lib/python/Products/OFSP/help/Security.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>Security</h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Security</h1>
<p> This view allows you to define security settings for this item. <p> This view allows you to define security settings for this item.
Security settings are defined in terms of roles and permissions. When a role is Security settings are defined in terms of roles and permissions. When a role is
assigned to a permission, users with the given role will be able to perform assigned to a permission, users with the given role will be able to perform
......
lib/python/Products/OFSP/help/Folder_Undo.dtml lib/python/Products/OFSP/help/Undo.dtml
View file @ 12bb20e5
<dtml-var standard_html_header><h1> <dtml-var standard_html_header><h1>Undo</h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder.dtml">Folder</a>&gt;Undo</h1>
<p> This view allows you to undo changes to Zope's database. </p> <p> This view allows you to undo changes to Zope's database. </p>
<p> Zope allows you to undo changes to its database. Changes are <p> Zope allows you to undo changes to its database. Changes are
defined in terms of transactions which group together related changes. Each defined in terms of transactions which group together related changes. Each
......
lib/python/Products/OFSP/help/User-Folder_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/User-Folder.dtml">User Folder</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/User-Folder_Undo.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/User-Folder.dtml">User Folder</a>&gt;Undo</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Undo.dtml">Folder&gt;Undo</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/OFSP/help/Version_Security.dtml deleted 100644 → 0
View file @ 8dc0c578
<dtml-var standard_html_header><h1>
<a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Version.dtml">Version</a>&gt;Security</h1>
<p> See <a href="<dtml-var SCRIPT_NAME>/Control_Panel/Products/OFSP/Help/Folder_Security.dtml">Folder&gt;Security</a>. </p><dtml-var standard_html_footer>
\ No newline at end of file
lib/python/Products/ZCatalog/Lazy.py
View file @ 12bb20e5
...@@ -82,12 +82,15 @@ ...@@ -82,12 +82,15 @@
# attributions are listed in the accompanying credits file. # attributions are listed in the accompanying credits file.
# #
############################################################################## ##############################################################################
__doc__='''$Id: Lazy.py,v 1.1 1999/06/22 14:14:47 michel Exp $''' __doc__='''$Id: Lazy.py,v 1.2 2000/05/11 18:54:16 jim Exp $'''
__version__='$Revision: 1.1 $'[11:-2] __version__='$Revision: 1.2 $'[11:-2]
class Lazy: class Lazy:
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __repr__(self): return `list(self)` def __repr__(self): return `list(self)`
def __len__(self): def __len__(self):
......
lib/python/Products/ZCatalog/Vocabulary.py
View file @ 12bb20e5
...@@ -85,7 +85,7 @@ ...@@ -85,7 +85,7 @@
"""ZCatalog product""" """ZCatalog product"""
from Globals import HTMLFile, MessageDialog from Globals import HTMLFile, MessageDialog
import Globals import Globals, AccessControl.Role
from Acquisition import Implicit from Acquisition import Implicit
from Persistence import Persistent from Persistence import Persistent
from OFS.SimpleItem import Item from OFS.SimpleItem import Item
...@@ -104,7 +104,9 @@ def manage_addVocabulary(self, id, title, globbing=None, REQUEST=None): ...@@ -104,7 +104,9 @@ def manage_addVocabulary(self, id, title, globbing=None, REQUEST=None):
return self.manage_main(self,REQUEST) return self.manage_main(self,REQUEST)
class Vocabulary(Item, Persistent, Implicit): class Vocabulary(Item, Persistent, Implicit,
AccessControl.Role.RoleManager,
):
""" """
A Vocabulary is a user managable relization of a Lexicon object. A Vocabulary is a user managable relization of a Lexicon object.
...@@ -115,15 +117,15 @@ class Vocabulary(Item, Persistent, Implicit): ...@@ -115,15 +117,15 @@ class Vocabulary(Item, Persistent, Implicit):
manage_options=( manage_options=(
(
## {'label': 'Manage', 'action': 'manage_main',
## 'target': 'manage_main'},
{'label': 'Vocabulary', 'action': 'manage_vocabulary', {'label': 'Vocabulary', 'action': 'manage_vocabulary',
'target': 'manage_main'}, 'target': 'manage_main'},
{'label': 'Query', 'action': 'manage_query', {'label': 'Query', 'action': 'manage_query',
'target': 'manage_main'}, 'target': 'manage_main'},
) )
+Item.manage_options
+AccessControl.Role.RoleManager.manage_options
)
__ac_permissions__=( __ac_permissions__=(
......
lib/python/Products/ZCatalog/ZCatalog.py
View file @ 12bb20e5
...@@ -101,6 +101,7 @@ from Catalog import Catalog, orify ...@@ -101,6 +101,7 @@ from Catalog import Catalog, orify
from SearchIndex import UnIndex, UnTextIndex from SearchIndex import UnIndex, UnTextIndex
from Vocabulary import Vocabulary from Vocabulary import Vocabulary
import IOBTree import IOBTree
from AccessControl import getSecurityManager
manage_addZCatalogForm=HTMLFile('addZCatalog',globals()) manage_addZCatalogForm=HTMLFile('addZCatalog',globals())
...@@ -166,9 +167,6 @@ class ZCatalog(Folder, Persistent, Implicit): ...@@ -166,9 +167,6 @@ class ZCatalog(Folder, Persistent, Implicit):
icon='misc_/ZCatalog/ZCatalog.gif' icon='misc_/ZCatalog/ZCatalog.gif'
manage_options=( manage_options=(
{'label': 'Contents', 'action': 'manage_main',
'target': 'manage_main',
'help':('ZCatalog','ZCatalog_Contents.dtml')},
{'label': 'Cataloged Objects', 'action': 'manage_catalogView', {'label': 'Cataloged Objects', 'action': 'manage_catalogView',
'target': 'manage_main', 'target': 'manage_main',
'help':('ZCatalog','ZCatalog_Cataloged-Objects.dtml')}, 'help':('ZCatalog','ZCatalog_Cataloged-Objects.dtml')},
...@@ -184,7 +182,7 @@ class ZCatalog(Folder, Persistent, Implicit): ...@@ -184,7 +182,7 @@ class ZCatalog(Folder, Persistent, Implicit):
{'label': 'Status', 'action': 'manage_catalogStatus', {'label': 'Status', 'action': 'manage_catalogStatus',
'target':'manage_main', 'target':'manage_main',
'help':('ZCatalog','ZCatalog_Status.dtml')}, 'help':('ZCatalog','ZCatalog_Status.dtml')},
) )+Folder.manage_options
__ac_permissions__=( __ac_permissions__=(
...@@ -540,8 +538,6 @@ class ZCatalog(Folder, Persistent, Implicit): ...@@ -540,8 +538,6 @@ class ZCatalog(Folder, Persistent, Implicit):
if obj_expr: if obj_expr:
# Setup expr machinations # Setup expr machinations
md=td() md=td()
if hasattr(REQUEST, 'AUTHENTICATED_USER'):
md.AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER
obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop) obj_expr=(Eval(obj_expr, expr_globals), md, md._push, md._pop)
base=obj base=obj
...@@ -633,8 +629,10 @@ def absattr(attr): ...@@ -633,8 +629,10 @@ def absattr(attr):
return attr return attr
class td(TemplateDict, cDocument): class td(TemplateDict):
pass
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
def expr_match(ob, ed, c=InstanceDict, r=0): def expr_match(ob, ed, c=InstanceDict, r=0):
e, md, push, pop=ed e, md, push, pop=ed
......
lib/python/Shared/DC/ZRDB/Connection.py
View file @ 12bb20e5
...@@ -84,9 +84,8 @@ ...@@ -84,9 +84,8 @@
############################################################################## ##############################################################################
__doc__='''Generic Database Connection Support __doc__='''Generic Database Connection Support
$Id: Connection.py,v 1.23 2000/05/11 18:54:16 jim Exp $'''
$Id: Connection.py,v 1.22 2000/05/04 13:32:06 shane Exp $''' __version__='$Revision: 1.23 $'[11:-2]
__version__='$Revision: 1.22 $'[11:-2]
import Globals, OFS.SimpleItem, AccessControl.Role, Acquisition, sys import Globals, OFS.SimpleItem, AccessControl.Role, Acquisition, sys
from DateTime import DateTime from DateTime import DateTime
...@@ -106,10 +105,13 @@ class Connection( ...@@ -106,10 +105,13 @@ class Connection(
# Specify definitions for tabs: # Specify definitions for tabs:
manage_options=( manage_options=(
(
{'label':'Status', 'action':'manage_main'}, {'label':'Status', 'action':'manage_main'},
{'label':'Properties', 'action':'manage_properties'}, {'label':'Properties', 'action':'manage_properties'},
{'label':'Test', 'action':'manage_testForm'}, {'label':'Test', 'action':'manage_testForm'},
{'label':'Security', 'action':'manage_access'}, )
+OFS.SimpleItem.Item.manage_options
+AccessControl.Role.RoleManager.manage_options
) )
# Specify how individual operations add up to "permissions": # Specify how individual operations add up to "permissions":
......
lib/python/Shared/DC/ZRDB/DA.py
View file @ 12bb20e5
...@@ -85,8 +85,8 @@ ...@@ -85,8 +85,8 @@
__doc__='''Generic Database adapter __doc__='''Generic Database adapter
$Id: DA.py,v 1.81 2000/04/19 17:50:43 jeffrey Exp $''' $Id: DA.py,v 1.82 2000/05/11 18:54:16 jim Exp $'''
__version__='$Revision: 1.81 $'[11:-2] __version__='$Revision: 1.82 $'[11:-2]
import OFS.SimpleItem, Aqueduct, RDB import OFS.SimpleItem, Aqueduct, RDB
import DocumentTemplate, marshal, md5, base64, Acquisition, os import DocumentTemplate, marshal, md5, base64, Acquisition, os
...@@ -97,7 +97,6 @@ from cStringIO import StringIO ...@@ -97,7 +97,6 @@ from cStringIO import StringIO
import sys, Globals, OFS.SimpleItem, AccessControl.Role import sys, Globals, OFS.SimpleItem, AccessControl.Role
from string import atoi, find, join, split from string import atoi, find, join, split
import DocumentTemplate, sqlvar, sqltest, sqlgroup import DocumentTemplate, sqlvar, sqltest, sqlgroup
from AccessControl.User import verify_watermark
from DocumentTemplate.DT_Util import cDocument from DocumentTemplate.DT_Util import cDocument
from time import time from time import time
from zlib import compress, decompress from zlib import compress, decompress
...@@ -108,6 +107,7 @@ import DocumentTemplate.DT_Util ...@@ -108,6 +107,7 @@ import DocumentTemplate.DT_Util
from cPickle import dumps, loads from cPickle import dumps, loads
from Results import Results from Results import Results
from App.Extensions import getBrain from App.Extensions import getBrain
from AccessControl import getSecurityManager
try: from IOBTree import Bucket try: from IOBTree import Bucket
except: Bucket=lambda:{} except: Bucket=lambda:{}
...@@ -147,14 +147,16 @@ class DA( ...@@ -147,14 +147,16 @@ class DA(
template_class=SQL template_class=SQL
manage_options=( manage_options=(
(
{'label':'Edit', 'action':'manage_main', {'label':'Edit', 'action':'manage_main',
'help':('ZSQLMethods','Z-SQL-Method_Edit.dtml')}, 'help':('ZSQLMethods','Z-SQL-Method_Edit.dtml')},
{'label':'Test', 'action':'manage_testForm', {'label':'Test', 'action':'manage_testForm',
'help':('ZSQLMethods','Z-SQL-Method_Test.dtml')}, 'help':('ZSQLMethods','Z-SQL-Method_Test.dtml')},
{'label':'Advanced', 'action':'manage_advancedForm', {'label':'Advanced', 'action':'manage_advancedForm',
'help':('ZSQLMethods','Z-SQL-Method_Advanced.dtml')}, 'help':('ZSQLMethods','Z-SQL-Method_Advanced.dtml')},
{'label':'Security', 'action':'manage_access', )
'help':('ZSQLMethods','Z-SQL-Method_Security.dtml')}, +OFS.SimpleItem.Item.manage_options
+AccessControl.Role.RoleManager.manage_options
) )
# Specify how individual operations add up to "permissions": # Specify how individual operations add up to "permissions":
...@@ -425,19 +427,10 @@ class DA( ...@@ -425,19 +427,10 @@ class DA(
argdata['sql_delimiter']='\0' argdata['sql_delimiter']='\0'
argdata['sql_quote__']=dbc.sql_quote__ argdata['sql_quote__']=dbc.sql_quote__
# Also need the authenticated user. security=getSecurityManager()
auth_user=REQUEST.get('AUTHENTICATED_USER', None) security.addContext(self)
if auth_user is None: try: query=apply(self.template, (p, argdata))
auth_user=getattr(self, 'REQUEST', None) finally: security.removeContext(self)
if auth_user is not None:
try: auth_user=auth_user.get('AUTHENTICATED_USER', None)
except: auth_user=None
if auth_user is not None:
verify_watermark(auth_user)
argdata['AUTHENTICATED_USER']=auth_user
query=apply(self.template, (p, argdata))
if src__: return query if src__: return query
......
lib/python/ZPublisher/BaseRequest.py
View file @ 12bb20e5
...@@ -82,7 +82,7 @@ ...@@ -82,7 +82,7 @@
# attributions are listed in the accompanying credits file. # attributions are listed in the accompanying credits file.
# #
############################################################################## ##############################################################################
__version__='$Revision: 1.25 $'[11:-2] __version__='$Revision: 1.26 $'[11:-2]
from string import join, split, find, rfind, lower, upper from string import join, split, find, rfind, lower, upper
from urllib import quote from urllib import quote
...@@ -124,6 +124,9 @@ class BaseRequest: ...@@ -124,6 +124,9 @@ class BaseRequest:
_auth=None _auth=None
_held=() _held=()
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __init__(self, other=None, **kw): def __init__(self, other=None, **kw):
"""The constructor is not allowed to raise errors """The constructor is not allowed to raise errors
""" """
...@@ -218,7 +221,7 @@ class BaseRequest: ...@@ -218,7 +221,7 @@ class BaseRequest:
__repr__=__str__ __repr__=__str__
def traverse(self, path, response=None): def traverse(self, path, response=None, validated_hook=None):
"""Traverse the object space """Traverse the object space
The REQUEST must already have a PARENTS item with at least one The REQUEST must already have a PARENTS item with at least one
...@@ -264,8 +267,7 @@ class BaseRequest: ...@@ -264,8 +267,7 @@ class BaseRequest:
try: try:
# We build parents in the wrong order, so we # We build parents in the wrong order, so we
# need to make sure we reverse it when we're doe. # need to make sure we reverse it when we're doe.
if hasattr(object,'__roles__'): roles=object.__roles__ roles=getattr(object,'__roles__', UNSPECIFIED_ROLES)
else: roles=UNSPECIFIED_ROLES
# if the top object has a __bobo_traverse__ method, then use it # if the top object has a __bobo_traverse__ method, then use it
# to possibly traverse to an alternate top-level object. # to possibly traverse to an alternate top-level object.
...@@ -296,9 +298,12 @@ class BaseRequest: ...@@ -296,9 +298,12 @@ class BaseRequest:
steps=self.steps steps=self.steps
path.reverse() path.reverse()
pop=path.pop
# request['path']=path
while path: while path:
entry_name=path[-1] entry_name=pop()
del path[-1]
URL="%s/%s" % (URL,quote(entry_name)) URL="%s/%s" % (URL,quote(entry_name))
got=0 # Can't find it? XXX got=0 # Can't find it? XXX
if entry_name: if entry_name:
...@@ -356,13 +361,11 @@ class BaseRequest: ...@@ -356,13 +361,11 @@ class BaseRequest:
"Missing doc string at: %s" % URL) "Missing doc string at: %s" % URL)
else: return response.notFoundError("%s" % (URL)) else: return response.notFoundError("%s" % (URL))
if hasattr(subobject,'__roles__'): r=getattr(subobject, '__roles__', UNSPECIFIED_ROLES)
roles=subobject.__roles__ if r is not UNSPECIFIED_ROLES:
else: roles=r
if not got: elif not got:
roleshack=entry_name+'__roles__' roles=getattr(subobject, entry_name+'__roles__', roles)
if hasattr(object, roleshack):
roles=getattr(object, roleshack)
# Promote subobject to object # Promote subobject to object
parents.append(object) parents.append(object)
...@@ -377,7 +380,7 @@ class BaseRequest: ...@@ -377,7 +380,7 @@ class BaseRequest:
and getattr(object, method) is not None and getattr(object, method) is not None
): ):
request._hacked_path=1 request._hacked_path=1
path=[method] path.append(method)
else: else:
if (hasattr(object, '__call__') and if (hasattr(object, '__call__') and
hasattr(object.__call__,'__roles__')): hasattr(object.__call__,'__roles__')):
...@@ -458,8 +461,7 @@ class BaseRequest: ...@@ -458,8 +461,7 @@ class BaseRequest:
steps=join(steps[:-i],'/') steps=join(steps[:-i],'/')
if user is not None: if user is not None:
# Try to set a watermark on the user object. if validated_hook is not None: validated_hook(self, user)
user._v__marker__=_marker
request['AUTHENTICATED_USER']=user request['AUTHENTICATED_USER']=user
request['AUTHENTICATION_PATH']=steps request['AUTHENTICATION_PATH']=steps
......
lib/python/ZPublisher/BaseResponse.py
View file @ 12bb20e5
...@@ -84,8 +84,8 @@ ...@@ -84,8 +84,8 @@
############################################################################## ##############################################################################
'''CGI Response Output formatter '''CGI Response Output formatter
$Id: BaseResponse.py,v 1.5 1999/09/23 21:55:12 jim Exp $''' $Id: BaseResponse.py,v 1.6 2000/05/11 18:54:17 jim Exp $'''
__version__='$Revision: 1.5 $'[11:-2] __version__='$Revision: 1.6 $'[11:-2]
import string, types, sys, regex import string, types, sys, regex
from string import find, rfind, lower, upper, strip, split, join, translate from string import find, rfind, lower, upper, strip, split, join, translate
...@@ -100,6 +100,9 @@ class BaseResponse: ...@@ -100,6 +100,9 @@ class BaseResponse:
_auth=None _auth=None
_error_format='text/plain' _error_format='text/plain'
# Allow (reluctantly) access to unprotected attributes
__allow_access_to_unprotected_subobjects__=1
def __init__(self, stdout, stderr, def __init__(self, stdout, stderr,
body='', headers=None, status=None, cookies=None): body='', headers=None, status=None, cookies=None):
self.stdout=stdout self.stdout=stdout
......
lib/python/ZPublisher/Publish.py
View file @ 12bb20e5
...@@ -84,8 +84,8 @@ ...@@ -84,8 +84,8 @@
############################################################################## ##############################################################################
__doc__="""Python Object Publisher -- Publish Python objects on web servers __doc__="""Python Object Publisher -- Publish Python objects on web servers
$Id: Publish.py,v 1.145 2000/05/09 19:20:28 jim Exp $""" $Id: Publish.py,v 1.146 2000/05/11 18:54:17 jim Exp $"""
__version__='$Revision: 1.145 $'[11:-2] __version__='$Revision: 1.146 $'[11:-2]
import sys, os import sys, os
from string import lower, atoi, rfind, strip from string import lower, atoi, rfind, strip
...@@ -128,7 +128,7 @@ def publish(request, module_name, after_list, debug=0, ...@@ -128,7 +128,7 @@ def publish(request, module_name, after_list, debug=0,
): ):
(bobo_before, bobo_after, object, realm, debug_mode, err_hook, (bobo_before, bobo_after, object, realm, debug_mode, err_hook,
have_transactions)= get_module_info(module_name) validated_hook, have_transactions)= get_module_info(module_name)
parents=None parents=None
...@@ -158,7 +158,7 @@ def publish(request, module_name, after_list, debug=0, ...@@ -158,7 +158,7 @@ def publish(request, module_name, after_list, debug=0,
if have_transactions: get_transaction().begin() if have_transactions: get_transaction().begin()
object=request.traverse(path) object=request.traverse(path, validated_hook=validated_hook)
# Record transaction meta-data # Record transaction meta-data
if have_transactions: if have_transactions:
...@@ -312,13 +312,14 @@ def get_module_info(module_name, modules={}, ...@@ -312,13 +312,14 @@ def get_module_info(module_name, modules={},
else: object=module else: object=module
error_hook=getattr(module,'zpublisher_exception_hook', None) error_hook=getattr(module,'zpublisher_exception_hook', None)
validated_hook=getattr(module,'zpublisher_validated_hook', None)
try: get_transaction() try: get_transaction()
except: have_transactions=0 except: have_transactions=0
else: have_transactions=1 else: have_transactions=1
info= (bobo_before, bobo_after, object, realm, debug_mode, info= (bobo_before, bobo_after, object, realm, debug_mode,
error_hook, have_transactions) error_hook, validated_hook, have_transactions)
modules[module_name]=modules[module_name+'.cgi']=info modules[module_name]=modules[module_name+'.cgi']=info
......
lib/python/Zope/__init__.py
View file @ 12bb20e5
...@@ -93,6 +93,7 @@ sys.path.insert(0, os.path.join(SOFTWARE_HOME, 'ZopeZODB3')) ...@@ -93,6 +93,7 @@ sys.path.insert(0, os.path.join(SOFTWARE_HOME, 'ZopeZODB3'))
import ZODB, ZODB.ZApplication, imp import ZODB, ZODB.ZApplication, imp
import Globals, OFS.Application, sys import Globals, OFS.Application, sys
import AccessControl.SecurityManagement, AccessControl.User
Globals.BobobaseName = '%s/Data.fs' % Globals.data_dir Globals.BobobaseName = '%s/Data.fs' % Globals.data_dir
Globals.DatabaseVersion='3' Globals.DatabaseVersion='3'
...@@ -128,6 +129,10 @@ Globals.opened.append(DB) ...@@ -128,6 +129,10 @@ Globals.opened.append(DB)
import ClassFactory import ClassFactory
DB.setClassFactory(ClassFactory.ClassFactory) DB.setClassFactory(ClassFactory.ClassFactory)
# "Log on" as system user
AccessControl.SecurityManagement.newSecurityManager(
None, AccessControl.User.system)
# Set up the "application" object that automagically opens # Set up the "application" object that automagically opens
# connections # connections
app=bobo_application=ZODB.ZApplication.ZApplicationWrapper( app=bobo_application=ZODB.ZApplication.ZApplicationWrapper(
...@@ -140,10 +145,14 @@ OFS.Application.initialize(c) ...@@ -140,10 +145,14 @@ OFS.Application.initialize(c)
c._p_jar.close() c._p_jar.close()
del c del c
# "Log off" as system user
AccessControl.SecurityManagement.noSecurityManager()
# This is sneaky, but we don't want to play with Main: # This is sneaky, but we don't want to play with Main:
sys.modules['Main']=sys.modules['Zope'] sys.modules['Main']=sys.modules['Zope']
import ZODB.POSException, ZPublisher, string, ZPublisher, AccessControl.User import ZODB.POSException, ZPublisher, string, ZPublisher
import ExtensionClass import ExtensionClass
from zLOG import LOG, INFO from zLOG import LOG, INFO
...@@ -212,3 +221,7 @@ def zpublisher_exception_hook( ...@@ -212,3 +221,7 @@ def zpublisher_exception_hook(
f(client, REQUEST, t, v, traceback) f(client, REQUEST, t, v, traceback)
finally: traceback=None finally: traceback=None
zpublisher_validated_hook=AccessControl.SecurityManagement.newSecurityManager
__bobo_before__=AccessControl.SecurityManagement.noSecurityManager
lib/python/webdav/Resource.py
View file @ 12bb20e5
...@@ -85,7 +85,7 @@ ...@@ -85,7 +85,7 @@
"""WebDAV support - resource objects.""" """WebDAV support - resource objects."""
__version__='$Revision: 1.28 $'[11:-2] __version__='$Revision: 1.29 $'[11:-2]
import sys, os, string, mimetypes, davcmds, ExtensionClass import sys, os, string, mimetypes, davcmds, ExtensionClass
from common import absattr, aq_base, urlfix, rfc1123_date from common import absattr, aq_base, urlfix, rfc1123_date
...@@ -129,13 +129,11 @@ class Resource(ExtensionClass.Base): ...@@ -129,13 +129,11 @@ class Resource(ExtensionClass.Base):
else: else:
try: method=object.aq_acquire(methodname) try: method=object.aq_acquire(methodname)
except: method=None except: method=None
if (method is not None) and hasattr(method, '__roles__'):
roles=method.__roles__ if method is not None:
user=REQUEST.get('AUTHENTICATED_USER', None) try: return getSecurityManager().validateValue(method)
__traceback_info__=methodname, str(roles), user except: pass
if (not hasattr(user, 'hasRole') or not user.hasRole(None, roles)):
raise 'Unauthorized', msg
return 1
raise 'Unauthorized', msg raise 'Unauthorized', msg
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7