Commit 1392709e authored by Yoshinori Okuji's avatar Yoshinori Okuji

Use the permission ManagePortal rather than View for showDict, for

possible information leaks.

Add a new debugging method, showPermissions. This code was copied from
BusinessTemplate, so it might be better to use this method in
BusinessTemplate rather than duplicating the code.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4075 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 3f6d94b7
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
import ExtensionClass import ExtensionClass
from Globals import InitializeClass, DTMLFile, PersistentMapping from Globals import InitializeClass, DTMLFile, PersistentMapping
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.Permission import pname from AccessControl.Permission import pname, Permission
from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain from Acquisition import aq_base, aq_inner, aq_acquire, aq_chain
from Products.CMFCore.PortalContent import PortalContent from Products.CMFCore.PortalContent import PortalContent
...@@ -1151,7 +1151,7 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ): ...@@ -1151,7 +1151,7 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ):
pass pass
# For Debugging # For Debugging
security.declareProtected( Permissions.View, 'showDict' ) security.declareProtected( Permissions.ManagePortal, 'showDict' )
def showDict(self): def showDict(self):
""" """
Returns the dictionnary of the object Returns the dictionnary of the object
...@@ -1159,6 +1159,20 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ): ...@@ -1159,6 +1159,20 @@ class Base( CopyContainer, PortalContent, ActiveObject, ERP5PropertyManager ):
""" """
return self.__dict__ return self.__dict__
security.declareProtected( Permissions.ManagePortal, 'showPermissions' )
def showPermissions(self, all=1):
"""
Return the tuple of permissions
Only for debugging
"""
permission_list = []
for permission in self.ac_inherited_permissions(all=all):
name, value = permission[:2]
role_list = Permission(name, value, self).getRoles(default=[])
permission_list.append((name, role_list))
return tuple(permission_list)
# Private accessors for the implementation of relations based on # Private accessors for the implementation of relations based on
# categories # categories
security.declareProtected( Permissions.ModifyPortalContent, '_setValue' ) security.declareProtected( Permissions.ModifyPortalContent, '_setValue' )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment