Commit f21eb128 authored by Yoshinori Okuji's avatar Yoshinori Okuji

Fix security declarations.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@390 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 4b0a3bbd
...@@ -192,7 +192,7 @@ workflow and provide a translation to an existing document in a portal'""" ...@@ -192,7 +192,7 @@ workflow and provide a translation to an existing document in a portal'"""
return md.manage_export('locale.pt') return md.manage_export('locale.pt')
# Implementation with Message Catalogs # Implementation with Message Catalogs
security.declareProtected(CMFCorePermissions.View, 'messageCatalog') security.declareProtected(CMFCorePermissions.View, 'getMessageCatalog')
def getMessageCatalog(self): def getMessageCatalog(self):
return self.messageCatalog return self.messageCatalog
......
...@@ -59,7 +59,7 @@ class ActiveObject(ExtensionClass.Base): ...@@ -59,7 +59,7 @@ class ActiveObject(ExtensionClass.Base):
if passive_commit: get_transaction().commit() if passive_commit: get_transaction().commit()
return self return self
security.declareProtected( CMFCorePermissions.ModifyPortalContent, 'hasActivity' ) security.declareProtected( CMFCorePermissions.ModifyPortalContent, 'flushActivity' )
def flushActivity(self, invoke=0, **kw): def flushActivity(self, invoke=0, **kw):
activity_tool = getattr(self, 'portal_activities', None) activity_tool = getattr(self, 'portal_activities', None)
if activity_tool is None: return # Do nothing if no portal_activities if activity_tool is None: return # Do nothing if no portal_activities
...@@ -72,7 +72,7 @@ class ActiveObject(ExtensionClass.Base): ...@@ -72,7 +72,7 @@ class ActiveObject(ExtensionClass.Base):
# # nothing to do # # nothing to do
# pass # pass
security.declareProtected( CMFCorePermissions.ModifyPortalContent, 'hasActivity' ) security.declareProtected( CMFCorePermissions.ModifyPortalContent, 'recursiveFlushActivity' )
def recursiveFlushActivity(self, invoke=0, **kw): def recursiveFlushActivity(self, invoke=0, **kw):
# flush all activities related to this object # flush all activities related to this object
self.flushActivity(invoke=invoke, **kw) self.flushActivity(invoke=invoke, **kw)
...@@ -95,7 +95,7 @@ class ActiveObject(ExtensionClass.Base): ...@@ -95,7 +95,7 @@ class ActiveObject(ExtensionClass.Base):
# there can not be any activity # there can not be any activity
return 0 return 0
security.declareProtected( CMFCorePermissions.View, 'hasActivity' ) security.declareProtected( CMFCorePermissions.View, 'getActiveProcess' )
def getActiveProcess(self): def getActiveProcess(self):
activity_tool = getattr(self, 'portal_activities', None) activity_tool = getattr(self, 'portal_activities', None)
if activity_tool is None: return None # Do nothing if no portal_activities if activity_tool is None: return None # Do nothing if no portal_activities
......
...@@ -125,7 +125,7 @@ An ERP5 Rule...""" ...@@ -125,7 +125,7 @@ An ERP5 Rule..."""
) )
} }
security.declareProtected(Permissions.AccessContentsInformation, 'getCausalitySate') security.declareProtected(Permissions.AccessContentsInformation, 'getCausalityState')
def getCausalityState(self, id_only=1): def getCausalityState(self, id_only=1):
""" """
Returns the current state in causality Returns the current state in causality
...@@ -272,7 +272,7 @@ An ERP5 Rule...""" ...@@ -272,7 +272,7 @@ An ERP5 Rule..."""
else: else:
self.getRootAppliedRule().reindexObject() # Reindex the whole applied rule self.getRootAppliedRule().reindexObject() # Reindex the whole applied rule
security.declareProtected(Permissions.View, 'reindexObject') security.declareProtected(Permissions.View, 'hasActivity')
def hasActivity(self, **kw): def hasActivity(self, **kw):
""" """
We reindex the whole applied rule We reindex the whole applied rule
...@@ -282,7 +282,7 @@ An ERP5 Rule...""" ...@@ -282,7 +282,7 @@ An ERP5 Rule..."""
else: else:
self.getRootAppliedRule().hasActivity(**kw) # Reindex the whole applied rule self.getRootAppliedRule().hasActivity(**kw) # Reindex the whole applied rule
security.declareProtected(Permissions.View, 'getMovementIndex') security.declareProtected(Permissions.View, 'isRootAppliedRule')
def isRootAppliedRule(self): def isRootAppliedRule(self):
""" """
Returns 1 is this is a root applied rule Returns 1 is this is a root applied rule
......
...@@ -261,7 +261,7 @@ une liste de mouvements...""" ...@@ -261,7 +261,7 @@ une liste de mouvements..."""
# wf = portal_workflow.getWorkflowById('causality_workflow') # wf = portal_workflow.getWorkflowById('causality_workflow')
# return wf._getWorkflowStateOf(self, id_only=id_only) # return wf._getWorkflowStateOf(self, id_only=id_only)
security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationSate') security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationState')
def getSimulationState(self, id_only=1): def getSimulationState(self, id_only=1):
""" """
Returns the current state in simulation Returns the current state in simulation
...@@ -392,7 +392,7 @@ une liste de mouvements...""" ...@@ -392,7 +392,7 @@ une liste de mouvements..."""
# """ # """
# return self._getTotalPrice(self.asContext(context=context, REQUEST=REQUEST, **kw)) # return self._getTotalPrice(self.asContext(context=context, REQUEST=REQUEST, **kw))
security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultTotalprice') security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultTotalPrice')
def getDefaultTotalPrice(self, context=None, REQUEST=None, **kw): def getDefaultTotalPrice(self, context=None, REQUEST=None, **kw):
""" """
""" """
......
...@@ -123,7 +123,7 @@ une liste de mouvements...""" ...@@ -123,7 +123,7 @@ une liste de mouvements..."""
""" """
return 1 return 1
security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationSate') security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationState')
def getSimulationState(self, id_only=1): def getSimulationState(self, id_only=1):
""" """
Returns the current state in simulation Returns the current state in simulation
......
...@@ -127,7 +127,7 @@ An order...""" ...@@ -127,7 +127,7 @@ An order..."""
# Nothing to do # Nothing to do
self._createOrderRule() self._createOrderRule()
security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationSate') security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationState')
def getSimulationState(self, id_only=1): def getSimulationState(self, id_only=1):
""" """
Returns the current state in simulation Returns the current state in simulation
......
...@@ -60,6 +60,6 @@ class Predicate: ...@@ -60,6 +60,6 @@ class Predicate:
return "%s %s %s" % (self.predicate_property, self.predicate_operator, self.predicate_value) return "%s %s %s" % (self.predicate_property, self.predicate_operator, self.predicate_value)
# Compatibility # Compatibility
security.declareProtected( Permissions.View, 'getTitle' ) security.declareProtected( Permissions.View, 'getPredicateAttribute' )
def getPredicateAttribute(self): def getPredicateAttribute(self):
return self.getPredicateProperty() return self.getPredicateProperty()
...@@ -164,7 +164,7 @@ a service in a public administration).""" ...@@ -164,7 +164,7 @@ a service in a public administration)."""
""" """
return self._baseGetPrice() # Call the price method return self._baseGetPrice() # Call the price method
security.declareProtected(Permissions.AccessContentsInformation, 'getCausalitySate') security.declareProtected(Permissions.AccessContentsInformation, 'getCausalityState')
def getCausalityState(self): def getCausalityState(self):
""" """
Returns the current state in causality Returns the current state in causality
...@@ -177,7 +177,7 @@ a service in a public administration).""" ...@@ -177,7 +177,7 @@ a service in a public administration)."""
""" """
self.causality_state = value self.causality_state = value
security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationSate') security.declareProtected(Permissions.AccessContentsInformation, 'getSimulationState')
def getSimulationState(self, id_only=1): def getSimulationState(self, id_only=1):
""" """
Returns the current state in simulation Returns the current state in simulation
...@@ -341,7 +341,7 @@ a service in a public administration).""" ...@@ -341,7 +341,7 @@ a service in a public administration)."""
result.extend(m.getMovementIndex()) result.extend(m.getMovementIndex())
return result return result
security.declareProtected(Permissions.View, 'reindexObject') security.declareProtected(Permissions.View, 'hasActivity')
def hasActivity(self, **kw): def hasActivity(self, **kw):
""" """
We reindex the whole applied rule We reindex the whole applied rule
......
...@@ -220,7 +220,7 @@ Une ligne tarifaire.""" ...@@ -220,7 +220,7 @@ Une ligne tarifaire."""
# """ # """
# return self._getTotalPrice(self.asContext(context=context, REQUEST=REQUEST, **kw)) # return self._getTotalPrice(self.asContext(context=context, REQUEST=REQUEST, **kw))
security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultTotalprice') security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultTotalPrice')
def getDefaultTotalPrice(self, context=None, REQUEST=None, **kw): def getDefaultTotalPrice(self, context=None, REQUEST=None, **kw):
""" """
""" """
......
...@@ -91,7 +91,7 @@ class ERP5Site ( CMFSite, FolderMixIn ): ...@@ -91,7 +91,7 @@ class ERP5Site ( CMFSite, FolderMixIn ):
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.View) security.declareObjectProtected(Permissions.View)
security.declareProtected(Permissions.View, 'getUid') security.declareProtected(Permissions.View, 'view')
def view(self): def view(self):
""" """
Returns the default view. Returns the default view.
...@@ -125,7 +125,7 @@ class ERP5Site ( CMFSite, FolderMixIn ): ...@@ -125,7 +125,7 @@ class ERP5Site ( CMFSite, FolderMixIn ):
return None return None
# Required to allow content creation outside folders # Required to allow content creation outside folders
security.declareProtected(Permissions.View, 'getIdGroup') security.declareProtected(Permissions.View, 'setLastId')
def setLastId(self, id): def setLastId(self, id):
self.last_id = id self.last_id = id
...@@ -164,7 +164,7 @@ class ERP5Site ( CMFSite, FolderMixIn ): ...@@ -164,7 +164,7 @@ class ERP5Site ( CMFSite, FolderMixIn ):
""" """
return ERP5Globals.movement_type_list return ERP5Globals.movement_type_list
security.declarePublic('getOrderedGlobalActionList') security.declarePublic('getModuleList')
def getModuleList(self): def getModuleList(self):
""" """
Return a list of modules - result dependent on user - result is translated and cached Return a list of modules - result dependent on user - result is translated and cached
......
...@@ -194,7 +194,7 @@ Un tissu est une resource variantable en couleur.""" ...@@ -194,7 +194,7 @@ Un tissu est une resource variantable en couleur."""
self._country , self._country ,
self._eu_vat ))) self._eu_vat )))
security.declareProtected(Permissions.View, 'Description') security.declareProtected(Permissions.View, 'TranslatedTitle')
def TranslatedTitle(self): def TranslatedTitle(self):
""" """
Return a translated title Return a translated title
...@@ -211,7 +211,7 @@ Un tissu est une resource variantable en couleur.""" ...@@ -211,7 +211,7 @@ Un tissu est une resource variantable en couleur."""
# Do nothing # Do nothing
return return
security.declareProtected(Permissions.ManageProperties, 'addProductToOrder') security.declareProtected(Permissions.ManageProperties, 'addLineToOrder')
def addLineToOrder(self, title, description, price, quantity, producturl=None, def addLineToOrder(self, title, description, price, quantity, producturl=None,
variation_value=None): variation_value=None):
""" """
......
...@@ -218,6 +218,6 @@ Un tissu est une resource variantable en couleur.""" ...@@ -218,6 +218,6 @@ Un tissu est une resource variantable en couleur."""
def getProductPath(self, REQUEST=None): def getProductPath(self, REQUEST=None):
return self.getRelativeUrl() return self.getRelativeUrl()
security.declareProtected(Permissions.View, 'getProductPath') security.declareProtected(Permissions.View, 'getOptionValues')
def getOptionValues(self, REQUEST=None): def getOptionValues(self, REQUEST=None):
return () return ()
...@@ -492,7 +492,7 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana ...@@ -492,7 +492,7 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana
""" """
self._getCategoryTool().updateRelatedContent(self, previous_category_url, new_category_url) self._getCategoryTool().updateRelatedContent(self, previous_category_url, new_category_url)
security.declareProtected( Permissions.ModifyPortalContent, 'getObject' ) security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
def edit(self, REQUEST=None, force_update = 0, **kw): def edit(self, REQUEST=None, force_update = 0, **kw):
return self._edit(REQUEST=REQUEST, force_update=force_update, **kw) return self._edit(REQUEST=REQUEST, force_update=force_update, **kw)
edit = WorkflowMethod( edit ) edit = WorkflowMethod( edit )
...@@ -588,7 +588,7 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana ...@@ -588,7 +588,7 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana
return self.portal_workflow.getWorkflowIds() return self.portal_workflow.getWorkflowIds()
# Object Database Management # Object Database Management
security.declareProtected( Permissions.ManagePortal, 'Upgrade' ) security.declareProtected( Permissions.ManagePortal, 'upgrade' )
def upgrade(self, REQUEST=None): def upgrade(self, REQUEST=None):
""" """
Upgrade an object and do whatever necessary Upgrade an object and do whatever necessary
...@@ -749,7 +749,7 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana ...@@ -749,7 +749,7 @@ class Base( CopyContainer, PortalContent, Base18, ActiveObject, ERP5PropertyMana
def _delValue(self, id, value, spec=(), filter=None, portal_type=()): def _delValue(self, id, value, spec=(), filter=None, portal_type=()):
pass pass
security.declareProtected( Permissions.ModifyPortalContent, '_delValue' ) security.declareProtected( Permissions.ModifyPortalContent, 'updateRelation' )
def updateRelation(self, key, value, REQUEST): def updateRelation(self, key, value, REQUEST):
return REQUEST return REQUEST
......
...@@ -243,7 +243,9 @@ be a problem).""" ...@@ -243,7 +243,9 @@ be a problem)."""
} }
# Class inheritance fixes # Class inheritance fixes
security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
edit = Base.edit edit = Base.edit
security.declareProtected( Permissions.ModifyPortalContent, '_edit' )
_edit = Base._edit _edit = Base._edit
# Implementation # Implementation
......
...@@ -68,11 +68,6 @@ class ERP5TypeInformation( ScriptableTypeInformation, ERP5AcquisitionType ): ...@@ -68,11 +68,6 @@ class ERP5TypeInformation( ScriptableTypeInformation, ERP5AcquisitionType ):
ScriptableTypeInformation.manage_options[2:]) ScriptableTypeInformation.manage_options[2:])
security = ClassSecurityInfo()
security.declareProtected(ERP5Permissions.ManagePortal, 'manage_editAcquisitionForm')
# #
# Acquisition editing interface # Acquisition editing interface
# #
......
...@@ -372,8 +372,6 @@ class ComputerProduct( ShopProduct, Document18 ): ...@@ -372,8 +372,6 @@ class ComputerProduct( ShopProduct, Document18 ):
return self.newVariationValue(variant=variant).asString() return self.newVariationValue(variant=variant).asString()
return "%s/%s/%s/%s/%s" % (variant[0],variant[1],variant[2],variant[3],variant[5]) return "%s/%s/%s/%s/%s" % (variant[0],variant[1],variant[2],variant[3],variant[5])
shortVariation = shortVariant
security.declareProtected(View, 'shortVariation')
def addComputerProduct(self, id, title='', REQUEST=None): def addComputerProduct(self, id, title='', REQUEST=None):
ob=ComputerProduct(id,title) ob=ComputerProduct(id,title)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment