Protect convert method by Access Content Information, and document in the

interface that this method may raise ConversionError if conversion is not
allowed, or Unauthorized if conversion is not permitted.
Review by Nicolas



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@32359 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5/Document/Document.py

@@ -1104,7 +1104,7 @@ class Document(PermanentURLMixIn, XMLObject, UrlMixIn, CachedConvertableMixin, S
     return method()
 
   # Conversion methods
-  security.declareProtected(Permissions.ModifyPortalContent, 'convert')
+  security.declareProtected(Permissions.AccessContentsInformation, 'convert')
   def convert(self, format, **kw):
     """
       Main content conversion function, returns result which should
@@ -1278,7 +1278,7 @@ class Document(PermanentURLMixIn, XMLObject, UrlMixIn, CachedConvertableMixin, S
     """
     if getattr(self, 'hasData', None) is not None and not self.hasData():
       # Empty document cannot be converted
-      return #'Document is empty'
+      return
     try:
       message = self._convertToBaseFormat() # Call implemetation method
       self.clearConversionCache() # Conversion cache is now invalid

product/ERP5/Document/Image.py

@@ -325,7 +325,7 @@ class Image(File, OFSImage):
     return mime_type, result
 
   # Conversion API
-  security.declareProtected(Permissions.ModifyPortalContent, 'convert')
+  security.declareProtected(Permissions.AccessContentsInformation, 'convert')
   def convert(self, format, display=None, quality=75, resolution=None, frame=None, **kw):
     """
     Implementation of conversion for Image files

product/ERP5/Document/PDFDocument.py

@@ -101,7 +101,7 @@ class PDFDocument(Image, CachedConvertableMixin):
                             resolution=resolution, frame=frame)
 
   # Conversion API
-  security.declareProtected(Permissions.ModifyPortalContent, 'convert')
+  security.declareProtected(Permissions.AccessContentsInformation, 'convert')
   def convert(self, format, **kw):
     """
     Implementation of conversion for PDF files

product/ERP5/Document/TextDocument.py

@@ -195,7 +195,7 @@ class TextDocument(Document, TextContent):
         substitution_method_parameter_dict = {}
       return self._substituteTextContent(subject, **substitution_method_parameter_dict)
 
-    security.declareProtected(Permissions.View, 'convert')
+    security.declareProtected(Permissions.AccessContentsInformation, 'convert')
     def convert(self, format, substitution_method_parameter_dict=None, **kw):
       """
         Convert text using portal_transforms or oood

product/ERP5/interfaces/convertable.py

@@ -45,6 +45,10 @@ class IConvertable(Interface):
     taking into account optional parameters. This method
     returns a tuple of two values: a mime type string and
     the converted data.
+    
+    This methods raises a ConversionError if the target format
+    is not allowed, or an Unauthorized error if the target format
+    is not permitted.
 
     format -- the target conversion format specified either as an
               extension (ex. 'png') or as a mime type
@@ -104,4 +108,4 @@ class IConvertable(Interface):
     Returns the list of acceptable formats for conversion
     where format is an extension (ex. 'png') which can be 
     passed to IConvertable.convert or to IDownloadable.index_html
-    """
\ No newline at end of file
+    """

product/ERP5OOo/Document/OOoDocument.py

@@ -353,7 +353,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
     return response_dict['mime'], Pdata(dec(response_dict['data']))
 
   # Conversion API
-  security.declareProtected(Permissions.View, 'convert')
+  security.declareProtected(Permissions.AccessContentsInformation, 'convert')
   def convert(self, format, display=None, **kw):
     """Convert the document to the given format.