Security changes

cef26e14 · 1159afcd · cef26e14 · cef26e14 · cef26e14 · cef26e14
Commit cef26e14 authored Dec 31, 1997 by
4 changed files
--- a/lib/python/OFS/Document.py
+++ b/lib/python/OFS/Document.py
 """Document object"""

-__version__='$Revision: 1.35 $'[11:-2]
+__version__='$Revision: 1.36 $'[11:-2]

 from Globals import HTML, HTMLFile
 from string import join,split,strip,rfind,atoi
@@ -73,8 +73,8 @@ class Document(HTML, RoleManager, SimpleItem.Item_w__name__,
    manage_uploadForm=HTMLFile('documentUpload', globals())
    manage=manage_main=manage_editDocument=manage_editForm

-    def manage_edit(self,data,title,acl_type='A',acl_roles=[],SUBMIT='Change',
-		    dtpref_cols='50',dtpref_rows='20',REQUEST=None):
+    def manage_edit(self,data,title,SUBMIT='Change',dtpref_cols='50',
+		    dtpref_rows='20',REQUEST=None):
 	"""Edit method"""
        if SUBMIT=='Smaller':
            rows=atoi(dtpref_rows)-5
@@ -98,7 +98,6 @@ class Document(HTML, RoleManager, SimpleItem.Item_w__name__,
 					dtpref_cols=cols,dtpref_rows=rows)

 	self.title=title
-	self._setRoles(acl_type,acl_roles)
 	self.munge(data)
 	if REQUEST: return self.manage_editedDialog(REQUEST)

@@ -110,7 +109,6 @@ class Document(HTML, RoleManager, SimpleItem.Item_w__name__,
    def validRoles(self):
 	return self.aq_parent.validRoles()

-    PUT__roles__='manage',
    def PUT(self, BODY, REQUEST):
 	'handle PUT requests'
 	self.munge(BODY)
@@ -130,13 +128,11 @@ class DocumentHandler:

    manage_addDocumentForm=HTMLFile('documentAdd', globals())

-    def manage_addDocument(self,id,title='',file='',
-			   acl_type='A',acl_roles=[],REQUEST=None):
+    def manage_addDocument(self,id,title='',file='',REQUEST=None):
 	"""Add a new Document object"""
 	if not file: file=default_html
        i=Document(file, __name__=id)
 	i.title=title
-	i._setRoles(acl_type,acl_roles)
 	self._setObject(id,i)
 	if REQUEST: return self.manage_main(self,REQUEST)


--- a/lib/python/OFS/Folder.py
+++ b/lib/python/OFS/Folder.py

 """Folder object

-$Id: Folder.py,v 1.29 1997/12/31 16:43:29 brian Exp $"""
+$Id: Folder.py,v 1.30 1997/12/31 17:13:23 brian Exp $"""

-__version__='$Revision: 1.29 $'[11:-2]
+__version__='$Revision: 1.30 $'[11:-2]


 from Globals import HTMLFile
@@ -29,13 +29,12 @@ class FolderHandler:
 	return Folder
 	return self.__class__

-    def manage_addFolder(self,id,title='',acl_type='A',acl_roles=[],
-			 createPublic=0, createUserF=0,REQUEST=None):
+    def manage_addFolder(self,id,title='',createPublic=0,createUserF=0,
+			 REQUEST=None):
 	"""Add a new Folder object"""
 	i=self.folderClass()()
 	i.id=id
 	i.title=title
-	i._setRoles(acl_type,acl_roles)
 	self._setObject(id,i)

 	if createUserF: i.manage_addUserFolder()
@@ -184,7 +183,6 @@ class PUTer:
 	else: i=Image.File()
 	i._init(name, BODY, type)
 	i.title=''
-	i._setRoles('A',[])
 	self._parent._setObject(name,i)
 	return 'OK'


--- a/lib/python/OFS/Image.py
+++ b/lib/python/OFS/Image.py
 """Image object"""

-__version__='$Revision: 1.19 $'[11:-2]
+__version__='$Revision: 1.20 $'[11:-2]

 from Persistence import Persistent
 from Globals import HTMLFile
@@ -47,13 +47,10 @@ class File(Persistent,RoleManager,SimpleItem.Item_w__name__,
 		  ('View Access', ['View',]),
 		 )

-    def manage_edit(self,title,content_type,
-		    acl_type='A',acl_roles=[], REQUEST=None):
+    def manage_edit(self,title,content_type,REQUEST=None):
 	""" """
 	self.title=title
 	self.content_type=content_type
-	self.title=title
-	self._setRoles(acl_type,acl_roles)
 	if REQUEST: return self.manage_editedDialog(REQUEST)

    def manage_upload(self,file='', REQUEST=None):
@@ -120,23 +117,19 @@ class ImageHandler:
    manage_addFileForm=HTMLFile('imageAdd', globals(),  Kind='File', kind='file')
    manage_addImageForm=HTMLFile('imageAdd', globals(), Kind='Image', kind='image')

-    def manage_addImage(self,id,file,title='',acl_type='A',acl_roles=[],
-			REQUEST=None):
+    def manage_addImage(self,id,file,title='',REQUEST=None):
 	"""Add a new Image object"""
 	i=Image()
 	i._init(id,file)
 	i.title=title
-	i._setRoles(acl_type,acl_roles)
 	self._setObject(id,i)
 	return self.manage_main(self,REQUEST)

-    def manage_addFile(self,id,file,title='',acl_type='A',acl_roles=[],
-			REQUEST=None):
+    def manage_addFile(self,id,file,title='',REQUEST=None):
 	"""Add a new Image object"""
 	i=File()
 	i._init(id,file)
 	i.title=title
-	i._setRoles(acl_type,acl_roles)
 	self._setObject(id,i)
 	return self.manage_main(self,REQUEST)


--- a/lib/python/OFS/Session.py
+++ b/lib/python/OFS/Session.py
@@ -12,7 +12,7 @@ __doc__='''A drop-in object that represents a session.



-$Id: Session.py,v 1.9 1997/12/31 16:53:42 brian Exp $'''
+$Id: Session.py,v 1.10 1997/12/31 17:13:25 brian Exp $'''

 import time, SimpleItem, AccessControl.Role, Persistence, Acquisition, Globals
 from string import rfind
@@ -20,20 +20,12 @@ from ImageFile import ImageFile

 _addForm=Globals.HTMLFile('sessionAdd', globals())
 def addForm(realself, self, REQUEST, **ignored):
-    return _addForm(self, REQUEST,
-		    selectedRoles=map(
-			lambda i:
-			('<OPTION VALUE="%s"%s>%s' %
-			 (i, i=='manage' and ' SELECTED' or '', i))
-			, self.validRoles()),
-		    aclEChecked=' CHECKED', aclAChecked='', aclPChecked=''
-		    )
-
-def add(self, id, title, acl_type='A',acl_roles=[], REQUEST=None):
+    return _addForm(self, REQUEST)
+
+def add(self, id, title, REQUEST=None):
    'Add a session'
    i=Session()
    i._init(id, title, REQUEST)
-    i._setRoles(acl_type,acl_roles)
    self._setObject(id,i)
    return self.manage_main(self,REQUEST)

@@ -68,7 +60,7 @@ class Session(Persistence.Persistent,
    ('View management screens', ['manage','manage_tabs','index_html']),
    ('Change permissions', ['manage_access']),
    ('Edit session', ['manage_edit']),
-    ('Join/leave session' ['enter','leave','leave_another']),
+    ('Join/leave session', ['enter','leave','leave_another']),
    ('Save/discard session', ['save','discard']),
    )
   
@@ -91,11 +83,9 @@ class Session(Persistence.Persistent,
 	if Globals.SessionBase[self.cookie].nonempty(): return '%s *' % r
 	return r

-    def manage_edit(self, title, acl_type='A',acl_roles=[], REQUEST=None):
+    def manage_edit(self, title, REQUEST=None):
 	'Modify a session'
-	self._setRoles(acl_type,acl_roles)
-	self.title=title
-	
+	self.title=title	
 	if REQUEST is not None: return self.manage_editedDialog(REQUEST)

    def enter(self, REQUEST, RESPONSE):
@@ -136,7 +126,7 @@ class Session(Persistence.Persistent,
 	
    def nonempty(self): return Globals.SessionBase[self.cookie].nonempty()

-__version__='$Revision: 1.9 $'[11:-2]
+__version__='$Revision: 1.10 $'[11:-2]



@@ -144,6 +134,9 @@ __version__='$Revision: 1.9 $'[11:-2]
 ############################################################################## 
 #
 # $Log: Session.py,v $
+# Revision 1.10  1997/12/31 17:13:25  brian
+# Security changes
+#
 # Revision 1.9  1997/12/31 16:53:42  brian
 # Added security info
 #