Added the possibility to filter which skins and scripts from the portal_skins

folder can be applied on each portal type. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@3206 20353a03-c40f-0410-a6d1-a30d3c3de9de

Added the possibility to filter which skins and scripts from the portal_skins
folder can be applied on each portal type. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@3206 20353a03-c40f-0410-a6d1-a30d3c3de9de
480a9fec · Alexandre Boeglin · 456ab1c3 · 480a9fec · 480a9fec
Commit 480a9fec authored Jun 07, 2005 by Alexandre Boeglin
Show whitespace changes
Inline Side-by-side

Showing with 127 additions and 47 deletions

product/ERP5Type/ERP5Type.py product/ERP5Type/ERP5Type.py +48 -13

product/ERP5Type/ZopePatch.py product/ERP5Type/ZopePatch.py +79 -34

No files found.
--- a/product/ERP5Type/ERP5Type.py
+++ b/product/ERP5Type/ERP5Type.py
@@ -39,6 +39,9 @@ from RoleInformation import ori

 from zLOG import LOG

+import re
+action_basename_re = re.compile("\/([^\/\?]+)(\?.+)?$")
+
 ERP5TYPE_ROLE_INIT_SCRIPT = 'ERP5Type_initLocalRoleMapping'

 class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
@@ -96,6 +99,13 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
         , 'label':'Base Categories'
         , 'select_variable':'getBaseCategoryList'
         },
+        {'id':'filter_actions', 'type': 'boolean', 'mode':'w',
+         'label':'Filter actions?'},
+        {'id':'allowed_action_list'
+         , 'type': 'lines'
+         , 'mode':'w'
+         , 'label':'Allowed actions'
+         },
        ))

    property_sheet_list = ()
@@ -104,6 +114,8 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
    product = 'ERP5Type'
    immediate_view = 'view'
    hidden_content_type_list = ()
+    filter_actions = 0
+    allowed_action_list = []

    #
    #   Acquisition editing interface
@@ -164,6 +176,29 @@ class ERP5TypeInformation( FactoryTypeInformation, RoleProviderBase ):
        """
        return self.hidden_content_type_list

+    security.declareProtected(ERP5Permissions.AccessContentsInformation, 'isActionAllowed')
+    def isActionAllowed( self, action=None ):
+        """
+            Return list of allowed actions.
+
+            You can define a 'allowed_action_list' property (as lines) on the portal_types object
+            to define actions that will be available for all portal types.
+        """
+        if not self.filter_actions :
+          return 1 # everything is allowed
+
+        global_allowed_action_list = list(self.portal_types.getProperty('allowed_action_list', []))
+        action_list = list(self.allowed_action_list) + global_allowed_action_list
+        for ob_action in self._actions :
+          action_basename = action_basename_re.search(ob_action.action.text).group(1)
+          if len(action_basename) :
+            action_list.append(action_basename_re.search(ob_action.action.text).group(1))
+
+        LOG('isActionAllowed for %s :' % self.title_or_id(), 0, 'looking for %s in %s : %s' % (action, action_list, action in action_list))
+        if action in action_list :
+          return 1
+        return 0
+
    security.declareProtected(ERP5Permissions.AccessContentsInformation, 'getBaseCategoryList')
    def getBaseCategoryList( self ):
        result = self.portal_categories.getBaseCategoryList()

--- a/product/ERP5Type/ZopePatch.py
+++ b/product/ERP5Type/ZopePatch.py
@@ -1848,3 +1848,48 @@ def reindexObject(self, idxs=[], *args, **kw):
        catalog.reindexObject(self, idxs=idxs, *args, **kw)

 CMFCatalogAware.reindexObject = reindexObject
+
+
+##########################################
+# ERP5TypeInformation filtered actions
+
+from ZPublisher.BaseRequest import BaseRequest
+
+BaseRequest.old_traverse = BaseRequest.traverse
+def new_traverse(self, path, response=None, validated_hook=None) :
+  import time
+  start_time = time.time()
+  object = self.old_traverse(path, response=response, validated_hook=validated_hook)
+  object_id_getter = getattr(object, 'getId', None)
+  if response is None: response=self.response
+
+  LOG('My Traverse absolute_url', 0, path )
+
+  if hasattr(object, 'unrestrictedTraverse') :
+    portal_skins = aq_base(object.unrestrictedTraverse('portal_skins', default=None))
+    if portal_skins is not None :
+      skin_list = []
+      for skin_folder in portal_skins.getSkinPath(portal_skins.getDefaultSkin()).split(',') :
+        skin_folder_object = getattr(portal_skins, skin_folder, None)
+        if skin_folder_object is not None :
+          for skin in skin_folder_object._objects :
+            skin_list.append(skin['id'])
+
+      if object_id_getter is not None :
+        object_id = object_id_getter()
+        if object_id in skin_list :
+          parent = object.aq_parent
+          portal_type_getter = getattr(parent, 'getPortalType', None)
+          if portal_type_getter is not None :
+            portal_type_object = getattr(object.portal_types, portal_type_getter(), None)
+            if portal_type_object is not None :
+              allowed = portal_type_object.isActionAllowed(action=object_id)
+              LOG('My Traverse allowed', 0, repr(( path, object, allowed )))
+              if allowed == 0 :
+                LOG('My Traverse failed after TIMEEEEEEEEEEE', 0, time.time() - start_time)
+                response.unauthorized()
+
+  LOG('My Traverse succeded after TIMEEEEEEEEEEE', 0, time.time() - start_time)
+  return object
+
+BaseRequest.traverse = new_traverse