Skip to content

erp5
erp5
Commit ee355421 authored by Yoshinori Okuji's avatar Yoshinori Okuji
Browse files
Options

Fix security declarations. Especially, methods which may modify data in a... 

Fix security declarations. Especially, methods which may modify data in a portal are now protected by Manage portal. Also, remove some unused imports, and add a missing import.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@28231 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent be2164cf
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 20 deletions
product/ERP5/Document/Alarm.py
View file @ ee355421
############################################################################## ##############################################################################
# #
# Copyright (c) 2004, 2007 Nexedi SARL and Contributors. All Rights Reserved. # Copyright (c) 2004,2007,2009 Nexedi SA and Contributors. All Rights Reserved.
# Sebastien Robin <seb@nexedi.com> # Sebastien Robin <seb@nexedi.com>
# #
# WARNING: This program as such is intended to be used by professional # WARNING: This program as such is intended to be used by professional
...@@ -31,16 +31,13 @@ import types ...@@ -31,16 +31,13 @@ import types
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Products.CMFCore.utils import getToolByName from Products.CMFCore.utils import getToolByName
from Products.ERP5Type import Permissions, PropertySheet, Constraint, interfaces from Products.ERP5Type import Permissions, PropertySheet
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Type.Base import WorkflowMethod from Acquisition import aq_base
from Acquisition import aq_base, aq_parent, aq_inner, aq_acquire
from Products.CMFCore.utils import getToolByName
from DateTime import DateTime from DateTime import DateTime
from Products.ERP5Type.Message import Message from Products.ERP5Type.Message import Message
from Products.ERP5Type.DateUtils import addToDate from Products.ERP5Type.DateUtils import addToDate
from Products.CMFCore.PortalContent import _getViewFor
from zLOG import LOG
class PeriodicityMixin: class PeriodicityMixin:
""" """
...@@ -132,6 +129,7 @@ class PeriodicityMixin: ...@@ -132,6 +129,7 @@ class PeriodicityMixin:
elif len(periodicity_month_list) > 0: elif len(periodicity_month_list) > 0:
return date.month() in periodicity_month_list return date.month() in periodicity_month_list
security.declareProtected(Permissions.AccessContentsInformation, 'getNextPeriodicalDate')
def getNextPeriodicalDate(self, current_date, next_start_date=None): def getNextPeriodicalDate(self, current_date, next_start_date=None):
""" """
Get the next date where this periodic event should start. Get the next date where this periodic event should start.
...@@ -192,14 +190,14 @@ class PeriodicityMixin: ...@@ -192,14 +190,14 @@ class PeriodicityMixin:
return next_start_date return next_start_date
# XXX May be we should create a Date class for following methods ??? # XXX May be we should create a Date class for following methods ???
security.declareProtected(Permissions.View, 'getWeekDayList') security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayList')
def getWeekDayList(self): def getWeekDayList(self):
""" """
returns something like ['Sunday','Monday',...] returns something like ['Sunday','Monday',...]
""" """
return DateTime._days return DateTime._days
security.declareProtected(Permissions.View, 'getWeekDayItemList') security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayItemList')
def getWeekDayItemList(self): def getWeekDayItemList(self):
""" """
returns something like [('Sunday', 'Sunday'), ('Monday', 'Monday'),...] returns something like [('Sunday', 'Sunday'), ('Monday', 'Monday'),...]
...@@ -207,7 +205,7 @@ class PeriodicityMixin: ...@@ -207,7 +205,7 @@ class PeriodicityMixin:
return [(Message(domain='erp5_ui', message=x), x) \ return [(Message(domain='erp5_ui', message=x), x) \
for x in self.getWeekDayList()] for x in self.getWeekDayList()]
security.declareProtected(Permissions.View, 'getWeekDayItemList') security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayItemList')
def getMonthItemList(self): def getMonthItemList(self):
""" """
returns something like [('January', 1), ('February', 2),...] returns something like [('January', 1), ('February', 2),...]
...@@ -216,7 +214,7 @@ class PeriodicityMixin: ...@@ -216,7 +214,7 @@ class PeriodicityMixin:
return [(Message(domain='erp5_ui', message=DateTime._months[i]), i) \ return [(Message(domain='erp5_ui', message=DateTime._months[i]), i) \
for i in range(1, len(DateTime._months))] for i in range(1, len(DateTime._months))]
security.declareProtected(Permissions.View,'getPeriodicityWeekDayList') security.declareProtected(Permissions.AccessContentsInformation,'getPeriodicityWeekDayList')
def getPeriodicityWeekDayList(self): def getPeriodicityWeekDayList(self):
""" """
Make sure that the list of days is ordered Make sure that the list of days is ordered
...@@ -272,7 +270,7 @@ class Alarm(XMLObject, PeriodicityMixin): ...@@ -272,7 +270,7 @@ class Alarm(XMLObject, PeriodicityMixin):
, PropertySheet.Alarm , PropertySheet.Alarm
) )
security.declareProtected(Permissions.View, 'isActive') security.declareProtected(Permissions.AccessContentsInformation, 'isActive')
def isActive(self): def isActive(self):
""" """
This method returns only True or False. This method returns only True or False.
...@@ -284,7 +282,7 @@ class Alarm(XMLObject, PeriodicityMixin): ...@@ -284,7 +282,7 @@ class Alarm(XMLObject, PeriodicityMixin):
""" """
return self.hasActivity(only_valid=1) return self.hasActivity(only_valid=1)
security.declareProtected(Permissions.ModifyPortalContent, 'activeSense') security.declareProtected(Permissions.ManagePortal, 'activeSense')
def activeSense(self, fixit=0): def activeSense(self, fixit=0):
""" """
This method launches the sensing process as activities. This method launches the sensing process as activities.
...@@ -325,7 +323,7 @@ class Alarm(XMLObject, PeriodicityMixin): ...@@ -325,7 +323,7 @@ class Alarm(XMLObject, PeriodicityMixin):
if self.isAlarmNotificationMode(): if self.isAlarmNotificationMode():
self.activate(after_tag=tag).notify(include_active=True) self.activate(after_tag=tag).notify(include_active=True)
security.declareProtected(Permissions.ModifyPortalContent, 'sense') security.declareProtected(Permissions.ManagePortal, 'sense')
def sense(self, process=None): def sense(self, process=None):
""" """
This method returns True or False. False for no problem, True for problem. This method returns True or False. False for no problem, True for problem.
...@@ -413,7 +411,7 @@ class Alarm(XMLObject, PeriodicityMixin): ...@@ -413,7 +411,7 @@ class Alarm(XMLObject, PeriodicityMixin):
else: else:
return list_action(process=process, reset=reset) return list_action(process=process, reset=reset)
security.declareProtected(Permissions.ModifyPortalContent, 'solve') security.declareProtected(Permissions.ManagePortal, 'solve')
def solve(self): def solve(self):
""" """
This method tries resolve a problems detected by an Alarm This method tries resolve a problems detected by an Alarm
...@@ -429,7 +427,7 @@ class Alarm(XMLObject, PeriodicityMixin): ...@@ -429,7 +427,7 @@ class Alarm(XMLObject, PeriodicityMixin):
return method() return method()
return self.activeSense(fixit=1) return self.activeSense(fixit=1)
security.declareProtected(Permissions.ModifyPortalContent, 'notify') security.declareProtected(Permissions.ManagePortal, 'notify')
def notify(self, include_active=False): def notify(self, include_active=False):
""" """
This method is called to notify people that some alarm has This method is called to notify people that some alarm has
...@@ -483,7 +481,7 @@ Alarm URL: %s ...@@ -483,7 +481,7 @@ Alarm URL: %s
""" % (self.getTitle(), self.getDescription(), self.absolute_url()), """ % (self.getTitle(), self.getDescription(), self.absolute_url()),
attachment_list=attachment_list) attachment_list=attachment_list)
security.declareProtected(Permissions.View, 'getLastActiveProcess') security.declareProtected(Permissions.ManagePortal, 'getLastActiveProcess')
def getLastActiveProcess(self, include_active=False): def getLastActiveProcess(self, include_active=False):
""" """
This returns the last active process finished. So it will This returns the last active process finished. So it will
...@@ -503,7 +501,7 @@ Alarm URL: %s ...@@ -503,7 +501,7 @@ Alarm URL: %s
process = active_process_list[-1].getObject() process = active_process_list[-1].getObject()
return process return process
security.declareProtected(Permissions.ModifyPortalContent, security.declareProtected(Permissions.ManagePortal,
'newActiveProcess') 'newActiveProcess')
def newActiveProcess(self, **kw): def newActiveProcess(self, **kw):
""" """
...@@ -522,7 +520,7 @@ Alarm URL: %s ...@@ -522,7 +520,7 @@ Alarm URL: %s
**kw) **kw)
return active_process return active_process
security.declareProtected(Permissions.View, 'setNextAlarmDate') security.declareProtected(Permissions.ModifyPortalContent, 'setNextAlarmDate')
def setNextAlarmDate(self, current_date=None): def setNextAlarmDate(self, current_date=None):
""" """
Save the next alarm date Save the next alarm date
...@@ -541,7 +539,7 @@ Alarm URL: %s ...@@ -541,7 +539,7 @@ Alarm URL: %s
self.Alarm_zUpdateAlarmDate(uid=self.getUid(), self.Alarm_zUpdateAlarmDate(uid=self.getUid(),
alarm_date=next_start_date) alarm_date=next_start_date)
security.declareProtected(Permissions.View, 'getAlarmDate') security.declareProtected(Permissions.AccessContentsInformation, 'getAlarmDate')
def getAlarmDate(self): def getAlarmDate(self):
""" """
returns something like ['Sunday','Monday',...] returns something like ['Sunday','Monday',...]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7