Commit 194f8231 authored by Jérome Perrin's avatar Jérome Perrin

Protect convert method by Access Content Information, and document in the

interface that this method may raise ConversionError if conversion is not
allowed, or Unauthorized if conversion is not permitted.
Review by Nicolas



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@32359 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent bb2164de
...@@ -1104,7 +1104,7 @@ class Document(PermanentURLMixIn, XMLObject, UrlMixIn, CachedConvertableMixin, S ...@@ -1104,7 +1104,7 @@ class Document(PermanentURLMixIn, XMLObject, UrlMixIn, CachedConvertableMixin, S
return method() return method()
# Conversion methods # Conversion methods
security.declareProtected(Permissions.ModifyPortalContent, 'convert') security.declareProtected(Permissions.AccessContentsInformation, 'convert')
def convert(self, format, **kw): def convert(self, format, **kw):
""" """
Main content conversion function, returns result which should Main content conversion function, returns result which should
...@@ -1278,7 +1278,7 @@ class Document(PermanentURLMixIn, XMLObject, UrlMixIn, CachedConvertableMixin, S ...@@ -1278,7 +1278,7 @@ class Document(PermanentURLMixIn, XMLObject, UrlMixIn, CachedConvertableMixin, S
""" """
if getattr(self, 'hasData', None) is not None and not self.hasData(): if getattr(self, 'hasData', None) is not None and not self.hasData():
# Empty document cannot be converted # Empty document cannot be converted
return #'Document is empty' return
try: try:
message = self._convertToBaseFormat() # Call implemetation method message = self._convertToBaseFormat() # Call implemetation method
self.clearConversionCache() # Conversion cache is now invalid self.clearConversionCache() # Conversion cache is now invalid
......
...@@ -325,7 +325,7 @@ class Image(File, OFSImage): ...@@ -325,7 +325,7 @@ class Image(File, OFSImage):
return mime_type, result return mime_type, result
# Conversion API # Conversion API
security.declareProtected(Permissions.ModifyPortalContent, 'convert') security.declareProtected(Permissions.AccessContentsInformation, 'convert')
def convert(self, format, display=None, quality=75, resolution=None, frame=None, **kw): def convert(self, format, display=None, quality=75, resolution=None, frame=None, **kw):
""" """
Implementation of conversion for Image files Implementation of conversion for Image files
......
...@@ -101,7 +101,7 @@ class PDFDocument(Image, CachedConvertableMixin): ...@@ -101,7 +101,7 @@ class PDFDocument(Image, CachedConvertableMixin):
resolution=resolution, frame=frame) resolution=resolution, frame=frame)
# Conversion API # Conversion API
security.declareProtected(Permissions.ModifyPortalContent, 'convert') security.declareProtected(Permissions.AccessContentsInformation, 'convert')
def convert(self, format, **kw): def convert(self, format, **kw):
""" """
Implementation of conversion for PDF files Implementation of conversion for PDF files
......
...@@ -195,7 +195,7 @@ class TextDocument(Document, TextContent): ...@@ -195,7 +195,7 @@ class TextDocument(Document, TextContent):
substitution_method_parameter_dict = {} substitution_method_parameter_dict = {}
return self._substituteTextContent(subject, **substitution_method_parameter_dict) return self._substituteTextContent(subject, **substitution_method_parameter_dict)
security.declareProtected(Permissions.View, 'convert') security.declareProtected(Permissions.AccessContentsInformation, 'convert')
def convert(self, format, substitution_method_parameter_dict=None, **kw): def convert(self, format, substitution_method_parameter_dict=None, **kw):
""" """
Convert text using portal_transforms or oood Convert text using portal_transforms or oood
......
...@@ -46,6 +46,10 @@ class IConvertable(Interface): ...@@ -46,6 +46,10 @@ class IConvertable(Interface):
returns a tuple of two values: a mime type string and returns a tuple of two values: a mime type string and
the converted data. the converted data.
This methods raises a ConversionError if the target format
is not allowed, or an Unauthorized error if the target format
is not permitted.
format -- the target conversion format specified either as an format -- the target conversion format specified either as an
extension (ex. 'png') or as a mime type extension (ex. 'png') or as a mime type
string (ex. 'text/plain') string (ex. 'text/plain')
......
...@@ -353,7 +353,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin): ...@@ -353,7 +353,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
return response_dict['mime'], Pdata(dec(response_dict['data'])) return response_dict['mime'], Pdata(dec(response_dict['data']))
# Conversion API # Conversion API
security.declareProtected(Permissions.View, 'convert') security.declareProtected(Permissions.AccessContentsInformation, 'convert')
def convert(self, format, display=None, **kw): def convert(self, format, display=None, **kw):
"""Convert the document to the given format. """Convert the document to the given format.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment