Commit f84e2f62 by Kazuhiko Shiozaki

Add more security declarations.

1 parent 175d43ad
Showing 117 changed files with 462 additions and 139 deletions
......@@ -74,6 +74,14 @@ if len(delivery_solve_property_dict) or len(divergence_to_accept_list) \\\n
<value> <string>state_change</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Delivery_solveDivergence</string> </value>
</item>
......
......@@ -58,6 +58,8 @@ class CredentialRecovery(Ticket, EncryptedPasswordMixin):
, PropertySheet.Url
)
security.declareProtected(Permissions.AccessContentsInformation,
'isAnswerCorrect')
def isAnswerCorrect(self):
'''
Check if the given answer match the real answer
......
......@@ -77,6 +77,14 @@ return \'Done.\'\n
<value> <string>count = 1000</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Zuite_waitForActivities</string> </value>
</item>
......
......@@ -31,6 +31,7 @@ import warnings
from contextlib import contextmanager
from AccessControl import ClassSecurityInfo
from Acquisition import aq_base
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
from ActivityRuntimeEnvironment import getActivityRuntimeEnvironment
from AccessControl import Unauthorized
......@@ -58,6 +59,7 @@ class ActiveObject(ExtensionClass.Base):
security = ClassSecurityInfo()
security.declarePublic('activate')
def activate(self, activity=DEFAULT_ACTIVITY, active_process=None,
activate_kw=None, REQUEST=None, **kw):
"""Returns an active wrapper for this object.
......@@ -207,3 +209,5 @@ class ActiveObject(ExtensionClass.Base):
def getActivityRuntimeEnvironment(self):
return getActivityRuntimeEnvironment()
InitializeClass(ActiveObject)
......@@ -808,6 +808,7 @@ class ActivityTool (Folder, UniqueObject):
self.subscribe()
Folder.inheritedAttribute('manage_afterAdd')(self, item, container)
security.declareProtected(CMFCorePermissions.ManagePortal, 'getServerAddress')
def getServerAddress(self):
"""
Backward-compatibility code only.
......@@ -828,6 +829,7 @@ class ActivityTool (Folder, UniqueObject):
_server_address = '%s:%s' %(ip, port)
return _server_address
security.declareProtected(CMFCorePermissions.ManagePortal, 'getCurrentNode')
def getCurrentNode(self):
""" Return current node identifier """
global currentNode
......@@ -848,7 +850,7 @@ class ActivityTool (Folder, UniqueObject):
currentNode = self.getServerAddress()
return currentNode
security.declarePublic('getDistributingNode')
security.declareProtected(CMFCorePermissions.ManagePortal, 'getDistributingNode')
def getDistributingNode(self):
""" Return the distributingNode """
return self.distributingNode
......@@ -977,6 +979,7 @@ class ActivityTool (Folder, UniqueObject):
'/manageLoadBalancing?manage_tabs_message=' +
urllib.quote(message))
security.declarePrivate('process_shutdown')
def process_shutdown(self, phase, time_in_phase):
"""
Prevent shutdown from happening while an activity queue is
......@@ -989,6 +992,7 @@ class ActivityTool (Folder, UniqueObject):
is_running_lock.acquire()
LOG('CMFActivity', INFO, "Shutdown: Activities finished.")
security.declareProtected(CMFCorePermissions.ManagePortal, 'process_timer')
def process_timer(self, tick, interval, prev="", next=""):
"""
Call distribute() if we are the Distributing Node and call tic()
......@@ -1112,6 +1116,7 @@ class ActivityTool (Folder, UniqueObject):
return True
return False
security.declarePrivate('getActivityBuffer')
def getActivityBuffer(self, create_if_not_found=True):
"""
Get activtity buffer for this thread for this activity tool.
......
......@@ -452,6 +452,8 @@ class Category(Folder):
display_id='logical_path',
base=base, **kw)
security.declareProtected(Permissions.AccessContentsInformation,
'getCategoryChildTranslatedLogicalPathItemList')
def getCategoryChildTranslatedLogicalPathItemList(self,
recursive=1, base=0, **kw):
"""
......@@ -652,6 +654,7 @@ class Category(Folder):
# Predicate interface
_operators = []
security.declareProtected(Permissions.AccessContentsInformation, 'test')
def test(self, context):
"""
A Predicate can be tested on a given context
......@@ -799,10 +802,12 @@ class BaseCategory(Category):
# BBB: Required to start instance with old
# version of erp5_property_sheets BT.
related_locally_indexed = False
security.declarePrivate('isRelatedLocallyIndexed')
def isRelatedLocallyIndexed(self):
"""Determines if related values should be indexed on target documents"""
return self.related_locally_indexed
security.declareProtected(Permissions.AccessContentsInformation, 'asSQLExpression')
def asSQLExpression(self, strict_membership=0, table='category', base_category=None):
"""
A Predicate can be rendered as an sql expression. This
......
......@@ -65,7 +65,8 @@ class Agent(Folder, Image):
security.declareProtected(Permissions.AccessContentsInformation, 'viewImage')
viewImage = Image.index_html
security.declareProtected(Permissions.ModifyPortalContent, 'importSignature')
def importSignature(self, import_file=None, form_id=None, REQUEST=None, **kw):
"""
Imports a scan of a signature.
......@@ -89,4 +90,3 @@ class Agent(Folder, Image):
ret_url = self.absolute_url() + '/' + REQUEST.get('form_id', 'view')
REQUEST.RESPONSE.redirect("%s?portal_status_message=Signature+Imported+Successfully"
% ret_url)
......@@ -57,6 +57,8 @@ class BaseCategory(CMFBaseCategory, XMLObject):
, PropertySheet.Predicate)
# Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self):
from zLOG import LOG
LOG("BaseCategory listDAVObjects" ,0, "listDAVObjects")
......
......@@ -56,7 +56,9 @@ class BudgetModel(Predicate):
# Declarative security
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""Return the cell range to use for the budget.
"""
......@@ -74,6 +76,8 @@ class BudgetModel(Predicate):
cell_range.extend(variation_cell_range)
return cell_range
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""Return the cell range to use for the budget consumption.
......@@ -94,6 +98,8 @@ class BudgetModel(Predicate):
cell_range.extend(variation_cell_range)
return cell_range
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell):
"""Returns the query dict to pass to simulation query for a budget cell
"""
......@@ -112,6 +118,8 @@ class BudgetModel(Predicate):
query_dict.setdefault('at_date', start_date_range_max.latestTime())
return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line
"""
......@@ -154,7 +162,9 @@ class BudgetModel(Predicate):
if key:
cell_key += (key,)
return cell_key
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self):
" "
# XXX predicate for line / cell ?
......
......@@ -121,6 +121,8 @@ class BusinessLink(Path, Predicate):
method = getattr(movement, method_id) # We wish to raise if it does not exist
return method()
security.declareProtected(Permissions.AccessContentsInformation,
'getCompletionDate')
def getCompletionDate(self, explanation):
"""Returns the date of completion of business path in the
context of the explanation. The completion date of the Business
......@@ -220,6 +222,7 @@ class BusinessLink(Path, Predicate):
return False
return True
security.declareProtected(Permissions.AccessContentsInformation, 'isDelivered')
def isDelivered(self, explanation):
"""Returns True is all simulation movements related to this
Business Link in the context of given explanation are built
......
......@@ -4804,6 +4804,8 @@ Business Template is a set of definitions, such as skins, portal types and categ
self.workflow_history[
'business_template_installation_workflow'] = None
security.declareProtected(Permissions.AccessContentsInformation,
'getShortRevision')
def getShortRevision(self):
"""Returned a shortened revision"""
r = self.getRevision()
......@@ -4962,12 +4964,14 @@ Business Template is a set of definitions, such as skins, portal types and categ
return self.portal_templates.publish(self, url, username=username,
password=password)
security.declareProtected(Permissions.ManagePortal, 'update')
def update(self):
"""
Update template: download new template definition
"""
return self.portal_templates.update(self)
security.declareProtected(Permissions.ManagePortal, 'isCatalogUpdatable')
def isCatalogUpdatable(self):
"""
Return if catalog will be updated or not by business template installation
......@@ -4985,6 +4989,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
return True
return False
security.declareProtected(Permissions.ManagePortal, 'preinstall')
def preinstall(self, check_dependencies=1, **kw):
"""
Return the list of modified/new/removed object between a Business Template
......@@ -5243,6 +5248,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
result = tuple(result)
return result
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateCatalogMethodIdList')
def getTemplateCatalogMethodIdList(self):
"""
We have to set this method because we want an
......@@ -5250,6 +5256,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_catalog_method_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateBaseCategoryList')
def getTemplateBaseCategoryList(self):
"""
We have to set this method because we want an
......@@ -5257,6 +5264,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_base_category')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateWorkflowIdList')
def getTemplateWorkflowIdList(self):
"""
We have to set this method because we want an
......@@ -5264,6 +5272,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_workflow_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeIdList')
def getTemplatePortalTypeIdList(self):
"""
We have to set this method because we want an
......@@ -5271,6 +5280,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeWorkflowChainList')
def getTemplatePortalTypeWorkflowChainList(self):
"""
We have to set this method because we want an
......@@ -5278,6 +5288,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_workflow_chain')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePathList')
def getTemplatePathList(self):
"""
We have to set this method because we want an
......@@ -5285,6 +5296,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_path')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePreferenceList')
def getTemplatePreferenceList(self):
"""
We have to set this method because we want an
......@@ -5292,6 +5304,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_preference')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeAllowedContentTypeList')
def getTemplatePortalTypeAllowedContentTypeList(self):
"""
We have to set this method because we want an
......@@ -5299,6 +5312,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_allowed_content_type')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeHiddenContentTypeList')
def getTemplatePortalTypeHiddenContentTypeList(self):
"""
We have to set this method because we want an
......@@ -5306,6 +5320,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_hidden_content_type')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypePropertySheetList')
def getTemplatePortalTypePropertySheetList(self):
"""
We have to set this method because we want an
......@@ -5313,6 +5328,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_property_sheet')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeBaseCategoryList')
def getTemplatePortalTypeBaseCategoryList(self):
"""
We have to set this method because we want an
......@@ -5320,6 +5336,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_base_category')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateActionPathList')
def getTemplateActionPathList(self):
"""
We have to set this method because we want an
......@@ -5327,6 +5344,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_action_path')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplatePortalTypeRoleList')
def getTemplatePortalTypeRoleList(self):
"""
We have to set this method because we want an
......@@ -5334,6 +5352,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_portal_type_role')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateLocalRoleList')
def getTemplateLocalRoleList(self):
"""
We have to set this method because we want an
......@@ -5341,6 +5360,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_local_role')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateSkinIdList')
def getTemplateSkinIdList(self):
"""
We have to set this method because we want an
......@@ -5348,6 +5368,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_skin_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateRegisteredSkinSelectionList')
def getTemplateRegisteredSkinSelectionList(self):
"""
We have to set this method because we want an
......@@ -5355,6 +5376,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_registered_skin_selection')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateRegisteredVersionPrioritySelectionList')
def getTemplateRegisteredVersionPrioritySelectionList(self):
"""
We have to set this method because we want an
......@@ -5367,6 +5389,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
except AttributeError:
return ()
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateModuleIdList')
def getTemplateModuleIdList(self):
"""
We have to set this method because we want an
......@@ -5374,6 +5397,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_module_id')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateMessageTranslationList')
def getTemplateMessageTranslationList(self):
"""
We have to set this method because we want an
......@@ -5381,6 +5405,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return self._getOrderedList('template_message_translation')
security.declareProtected(Permissions.AccessContentsInformation, 'getTemplateToolIdList')
def getTemplateToolIdList(self):
"""
We have to set this method because we want an
......@@ -5399,18 +5424,21 @@ Business Template is a set of definitions, such as skins, portal types and categ
return True
return False
security.declarePrivate('isKeepObject')
def isKeepObject(self, path):
"""
Return True if path is included in keep object list.
"""
return self._isInKeepList(self.getTemplateKeepPathList(), path)
security.declarePrivate('isKeepWorkflowObject')
def isKeepWorkflowObject(self, path):
"""
Return True if path is included in keep workflow object list.
"""
return self._isInKeepList(self.getTemplateKeepWorkflowPathList(), path)
security.declarePrivate('isKeepWorkflowObjectLastHistoryOnly')
def isKeepWorkflowObjectLastHistoryOnly(self, path):
"""
Return True if path is included in keep workflow last state only list
......@@ -5418,6 +5446,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
return self._isInKeepList(self.getTemplateKeepLastWorkflowHistoryOnlyPathList(),
path)
security.declarePrivate('getExportPath')
def getExportPath(self):
preferences = self.getPortalObject().portal_preferences
bt_name = self.getTitle()
......@@ -5565,6 +5594,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
self._setRevision(bta.getRevision())
security.declareProtected(Permissions.AccessContentsInformation, 'getItemsList')
def getItemsList(self):
"""Return list of items in business template
"""
......@@ -5575,6 +5605,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
items_list.extend(item.getKeys())
return items_list
security.declareProtected(Permissions.ManagePortal, 'checkDependencies')
def checkDependencies(self):
"""
Check if all the dependencies of the business template
......@@ -5587,6 +5618,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
'Impossible to install %s, please install the following dependencies before: %s' \
%(self.getTitle(), repr(missing_dep_list))
security.declareProtected(Permissions.ManagePortal, 'getMissingDependencyList')
def getMissingDependencyList(self):
"""
Retuns a list of missing dependencies.
......@@ -5613,6 +5645,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
missing_dep_list.append((dependency, version_restriction or ''))
return [' '.join([y for y in x if y]) for x in missing_dep_list]
security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
def diffObjectAsHTML(self, REQUEST, **kw):
"""
Convert diff into a HTML format before reply
......@@ -5621,6 +5654,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
"""
return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()
security.declareProtected(Permissions.ManagePortal, 'diffObject')
def diffObject(self, REQUEST, **kw):
"""
Make a diff between an object in the Business Template
......@@ -5812,6 +5846,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
return diff_msg
security.declareProtected(Permissions.AccessContentsInformation, 'getPortalTypesProperties')
def getPortalTypesProperties(self, **kw):
"""
Fill field about properties for each portal type
......@@ -5902,6 +5937,8 @@ Business Template is a set of definitions, such as skins, portal types and categ
self.setTemplateActionPathList(bt_action_list)
security.declareProtected(Permissions.AccessContentsInformation,
'guessPortalTypes')
def guessPortalTypes(self, **kw):
"""
This method guesses portal types based on modules define in the Business Template
......@@ -5972,6 +6009,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
setattr(self, 'template_portal_type_id', bt_portal_types_id_list)
return
security.declarePrivate('clearPortalTypes')
def clearPortalTypes(self, **kw):
"""
clear id list register for portal types
......
......@@ -145,6 +145,8 @@ class Category(CMFCategory, Predicate, MetaNode, MetaResource):
return None
# Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self):
"""
"""
......
......@@ -56,10 +56,14 @@ class CategoryBudgetVariation(BudgetVariation):
# zope.interface.implements(BudgetVariation, )
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self):
"""This budget variation in a predicate
"""
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""The cell range added by this variation
"""
......@@ -69,6 +73,8 @@ class CategoryBudgetVariation(BudgetVariation):
return [[(i[1], i[0]) for i in item_list if i[1] in variation_category_list]]
return [[i[1] for i in item_list if i[1] in variation_category_list]]
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""The cell range added by this variation for consumption
"""
......@@ -101,6 +107,8 @@ class CategoryBudgetVariation(BudgetVariation):
return [[(i[1], i[0]) for i in item_list if i[0] in used_node_item_set]]
return [[i[1] for i in item_list if i[1] in used_node_item_set]]
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell):
""" Query dict to pass to simulation query
"""
......@@ -144,6 +152,8 @@ class CategoryBudgetVariation(BudgetVariation):
return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line
"""
......@@ -195,6 +205,8 @@ class CategoryBudgetVariation(BudgetVariation):
return query_dict
return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetVariationRangeCategoryList')
def getBudgetVariationRangeCategoryList(self, context):
"""Returns the Variation Range Category List that can be applied to this
budget.
......@@ -216,6 +228,8 @@ class CategoryBudgetVariation(BudgetVariation):
checked_permission='View')
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetLineVariationRangeCategoryList')
def getBudgetLineVariationRangeCategoryList(self, budget_line):
"""Returns the Variation Range Category List that can be applied to this
budget line.
......@@ -246,6 +260,8 @@ class CategoryBudgetVariation(BudgetVariation):
return getattr(portal.portal_categories.unrestrictedTraverse(base_category),
item_list_method)(**item_list_method_parameter_dict)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudgetLine')
def initializeBudgetLine(self, budget_line):
"""Initialize a budget line
"""
......@@ -263,6 +279,8 @@ class CategoryBudgetVariation(BudgetVariation):
budget_line.setMembershipCriterionBaseCategoryList(
budget_line_membership_criterion_base_category_list)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudget')
def initializeBudget(self, budget):
"""Initialize a budget.
"""
......
......@@ -108,6 +108,8 @@ class Container(Movement, XMLObject):
"""
return False
security.declareProtected(Permissions.AccessContentsInformation,
'getContainerText')
def getContainerText(self):
"""
Creates a unique string which allows to compare/hash two containers
......
......@@ -339,6 +339,7 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
divergence_list.extend(simulation_movement.getDivergenceList())
return divergence_list
security.declareProtected(Permissions.AccessContentsInformation, 'updateCausalityState')
@UnrestrictedMethod
def updateCausalityState(self, solve_automatically=True, **kw):
"""
......@@ -369,6 +370,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
if kw:
super(Delivery, self).updateSimulation(**kw)
security.declareProtected(Permissions.AccessContentsInformation,
'splitAndDeferMovementList')
def splitAndDeferMovementList(self, start_date=None, stop_date=None,
movement_uid_list=[], delivery_solver=None,
target_solver='CopyToTarget', delivery_builder=None):
......@@ -757,6 +760,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
"""
pass
security.declareProtected(Permissions.AccessContentsInformation,
'getBuilderList')
def getBuilderList(self):
"""Returns appropriate builder list."""
return self._getTypeBasedMethod('getBuilderList')()
......@@ -832,6 +837,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
result += movement.getDeliveryRelatedValueList()
return result
security.declareProtected(Permissions.AccessContentsInformation,
'getDivergentTesterAndSimulationMovementList')
def getDivergentTesterAndSimulationMovementList(self):
"""
This method returns a list of (tester, simulation_movement) for each divergence.
......
......@@ -465,6 +465,7 @@ class DeliveryLine(Movement, XMLMatrix, ImmobilisationMovement):
delivery_ratio = 1.0 / len(s_m_list_per_movement)
s_m.edit(delivery_ratio=delivery_ratio)
security.declareProtected(Permissions.ModifyPortalContent, 'solve')
def solve(self, decision_list):
"""Solves line according to decision list
"""
......
......@@ -313,7 +313,7 @@ class Document(DocumentExtensibleTraversableMixin, XMLObject, UrlMixin,
text = self.getSearchableText() # XXX getSearchableText or asText ?
return self._getSearchableReferenceList(text)
security.declareProtected(Permissions.AccessContentsInformation, 'getSearchableReferenceList')
security.declareProtected(Permissions.AccessContentsInformation, 'isSearchableReference')
def isSearchableReference(self):
"""
Determine if current document's reference can be used for searching - i.e. follows
......
......@@ -120,6 +120,8 @@ class Domain(Predicate, MetaNode, MetaResource):
domain = self.newContent(id=id, portal_type='Domain', temp_object=1)
return domain.__of__(self)
security.declareProtected(Permissions.AccessContentsInformation,
'getChildDomainValueList')
def getChildDomainValueList(self, parent = None, **kw):
"""
Return child domain objects already present or me may generate
......@@ -130,6 +132,8 @@ class Domain(Predicate, MetaNode, MetaResource):
return self.portal_domains.getChildDomainValueList(parent, **kw)
# Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self):
result = self.objectValues(portal_type = self.getPortalType())
result.extend(self.portal_catalog(selection_domain = self))
......
......@@ -30,6 +30,7 @@ from AccessControl import ClassSecurityInfo
from Products.ERP5Type import Permissions, PropertySheet
from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5.Document.Movement import Movement
from Products.ERP5.Document.EmailDocument import EmailDocument
......@@ -60,6 +61,8 @@ class AcknowledgeableMixin:
return method(**kw)
return None
security.declareProtected(Permissions.AccessContentsInformation,
'hasAcknowledgementActivity')
def hasAcknowledgementActivity(self, user_name=None):
"""
We will check if there is some current activities running or not
......@@ -88,6 +91,8 @@ class AcknowledgeableMixin:
result = True
return result
InitializeClass(AcknowledgeableMixin)
class Event(Movement, EmailDocument, AcknowledgeableMixin):
"""
Event is the base class for all events in ERP5.
......
......@@ -57,6 +57,7 @@ class FIFODeliverySolver(XMLObject):
zope.interface.implements(interfaces.IDeliverySolver,)
# IDeliverySolver Implementation
security.declareProtected(Permissions.AccessContentsInformation, 'getTotalQuantity')
def getTotalQuantity(self):
"""
Move this to mixin
......@@ -66,6 +67,7 @@ class FIFODeliverySolver(XMLObject):
total_quantity += movement.getQuantity()
return total_quantity
security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
def setTotalQuantity(self, new_quantity, activate_kw=None):
"""
"""
......
......@@ -120,12 +120,14 @@ class File(Document, CMFFile):
security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
edit = WorkflowMethod( _edit )
security.declareProtected(Permissions.View, 'get_size')
def get_size(self):
"""
has to be overwritten here, otherwise WebDAV fails
"""
return self.getSize()
security.declareProtected(Permissions.View, 'getcontentlength')
getcontentlength = get_size
def _get_content_type(*args, **kw):
......
......@@ -438,6 +438,7 @@ class Image(TextConvertableMixin, File, OFSImage):
File.PUT(self, REQUEST, RESPONSE)
self._update_image_info()
security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultImageQuality')
def getDefaultImageQuality(self, format=None):
"""
Get default image quality for a format.
......
......@@ -70,6 +70,7 @@ class Item(XMLObject, Amount):
"""
return XMLObject.generateNewId(self, id_group=id_group, default=default, method=method)
security.declareProtected(Permissions.AccessContentsInformation, 'getPrice')
def getPrice(self,context=None,**kw):
"""
Get the Price in the context.
......@@ -84,16 +85,15 @@ class Item(XMLObject, Amount):
if resource is not None:
local_price = resource.getPrice(self.asContext( context=context, **kw))
return local_price
security.declareProtected(Permissions.ModifyPortalContent, 'getRemainingQuantity')
security.declareProtected(Permissions.AccessContentsInformation,
'getRemainingQuantity')
def getRemainingQuantity(self):
"""
Computes the quantity of an item minus quantity of all sub_items
"""
sub_quantity = 0
sub_item_list = [document
for document in self.objectValues()
if document.isItem()]
for sub_item in sub_item_list :
sub_quantity += sub_item.getQuantity()
for sub_item in self.objectValues():
if sub_item.isItem():
sub_quantity += sub_item.getQuantity()
return self.getQuantity() - sub_quantity
......@@ -57,6 +57,7 @@ class MinimisePriceDeliverySolver(FIFODeliverySolver):
zope.interface.implements(interfaces.IDeliverySolver,)
# IDeliverySolver Implementation
security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
def setTotalQuantity(self, new_quantity, activate_kw=None):
"""
"""
......
......@@ -512,6 +512,8 @@ class Movement(XMLObject, Amount, CompositionMixin, AmountGeneratorMixin):
return True
return False
security.declareProtected(Permissions.AccessContentsInformation,
'getDivergenceList')
def getDivergenceList(self):
"""
Return a list of messages that contains the divergences
......
......@@ -45,6 +45,8 @@ class NetConvertedQuantityEquivalenceTester(FloatEquivalenceTester):
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
"""
Returns a list of properties to update on decision_movement
......
......@@ -61,6 +61,8 @@ class NodeBudgetVariation(BudgetVariation):
# zope.interface.implements(BudgetVariation, )
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self):
"""This budget variation in a predicate
"""
......@@ -87,6 +89,8 @@ class NodeBudgetVariation(BudgetVariation):
node_title_method_id = self.getProperty('node_title_method_id', 'getTitle')
return guarded_getattr(node, node_title_method_id)()
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""The cell range added by this variation
"""
......@@ -103,6 +107,8 @@ class NodeBudgetVariation(BudgetVariation):
return [[i for i in node_item_list if i[0] in variation_category_list]]
return [[i[0] for i in node_item_list if i[0] in variation_category_list]]
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""The cell range added by this variation for consumption
"""
......@@ -136,6 +142,8 @@ class NodeBudgetVariation(BudgetVariation):
return [[i for i in node_item_list if i[0] in used_node_item_set]]
return [[i[0] for i in node_item_list if i[0] in used_node_item_set]]
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell):
""" Query dict to pass to simulation query
"""
......@@ -218,6 +226,8 @@ class NodeBudgetVariation(BudgetVariation):
return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line
"""
......@@ -309,6 +319,8 @@ class NodeBudgetVariation(BudgetVariation):
self.getProperty('variation_base_category'),)
return key
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetLineVariationRangeCategoryList')
def getBudgetLineVariationRangeCategoryList(self, budget_line):
"""Returns the Variation Range Category List that can be applied to this
budget line.
......@@ -320,6 +332,8 @@ class NodeBudgetVariation(BudgetVariation):
return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
for node in self._getNodeList(budget_line)]
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetVariationRangeCategoryList')
def getBudgetVariationRangeCategoryList(self, budget):