Commit f84e2f62 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Add more security declarations.

parent 175d43ad
...@@ -73,6 +73,14 @@ if len(delivery_solve_property_dict) or len(divergence_to_accept_list) \\\n ...@@ -73,6 +73,14 @@ if len(delivery_solve_property_dict) or len(divergence_to_accept_list) \\\n
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>state_change</string> </value> <value> <string>state_change</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>Delivery_solveDivergence</string> </value> <value> <string>Delivery_solveDivergence</string> </value>
......
...@@ -58,6 +58,8 @@ class CredentialRecovery(Ticket, EncryptedPasswordMixin): ...@@ -58,6 +58,8 @@ class CredentialRecovery(Ticket, EncryptedPasswordMixin):
, PropertySheet.Url , PropertySheet.Url
) )
security.declareProtected(Permissions.AccessContentsInformation,
'isAnswerCorrect')
def isAnswerCorrect(self): def isAnswerCorrect(self):
''' '''
Check if the given answer match the real answer Check if the given answer match the real answer
......
...@@ -76,6 +76,14 @@ return \'Done.\'\n ...@@ -76,6 +76,14 @@ return \'Done.\'\n
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>count = 1000</string> </value> <value> <string>count = 1000</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>Zuite_waitForActivities</string> </value> <value> <string>Zuite_waitForActivities</string> </value>
......
...@@ -31,6 +31,7 @@ import warnings ...@@ -31,6 +31,7 @@ import warnings
from contextlib import contextmanager from contextlib import contextmanager
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
from ActivityRuntimeEnvironment import getActivityRuntimeEnvironment from ActivityRuntimeEnvironment import getActivityRuntimeEnvironment
from AccessControl import Unauthorized from AccessControl import Unauthorized
...@@ -58,6 +59,7 @@ class ActiveObject(ExtensionClass.Base): ...@@ -58,6 +59,7 @@ class ActiveObject(ExtensionClass.Base):
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declarePublic('activate')
def activate(self, activity=DEFAULT_ACTIVITY, active_process=None, def activate(self, activity=DEFAULT_ACTIVITY, active_process=None,
activate_kw=None, REQUEST=None, **kw): activate_kw=None, REQUEST=None, **kw):
"""Returns an active wrapper for this object. """Returns an active wrapper for this object.
...@@ -207,3 +209,5 @@ class ActiveObject(ExtensionClass.Base): ...@@ -207,3 +209,5 @@ class ActiveObject(ExtensionClass.Base):
def getActivityRuntimeEnvironment(self): def getActivityRuntimeEnvironment(self):
return getActivityRuntimeEnvironment() return getActivityRuntimeEnvironment()
InitializeClass(ActiveObject)
...@@ -808,6 +808,7 @@ class ActivityTool (Folder, UniqueObject): ...@@ -808,6 +808,7 @@ class ActivityTool (Folder, UniqueObject):
self.subscribe() self.subscribe()
Folder.inheritedAttribute('manage_afterAdd')(self, item, container) Folder.inheritedAttribute('manage_afterAdd')(self, item, container)
security.declareProtected(CMFCorePermissions.ManagePortal, 'getServerAddress')
def getServerAddress(self): def getServerAddress(self):
""" """
Backward-compatibility code only. Backward-compatibility code only.
...@@ -828,6 +829,7 @@ class ActivityTool (Folder, UniqueObject): ...@@ -828,6 +829,7 @@ class ActivityTool (Folder, UniqueObject):
_server_address = '%s:%s' %(ip, port) _server_address = '%s:%s' %(ip, port)
return _server_address return _server_address
security.declareProtected(CMFCorePermissions.ManagePortal, 'getCurrentNode')
def getCurrentNode(self): def getCurrentNode(self):
""" Return current node identifier """ """ Return current node identifier """
global currentNode global currentNode
...@@ -848,7 +850,7 @@ class ActivityTool (Folder, UniqueObject): ...@@ -848,7 +850,7 @@ class ActivityTool (Folder, UniqueObject):
currentNode = self.getServerAddress() currentNode = self.getServerAddress()
return currentNode return currentNode
security.declarePublic('getDistributingNode') security.declareProtected(CMFCorePermissions.ManagePortal, 'getDistributingNode')
def getDistributingNode(self): def getDistributingNode(self):
""" Return the distributingNode """ """ Return the distributingNode """
return self.distributingNode return self.distributingNode
...@@ -977,6 +979,7 @@ class ActivityTool (Folder, UniqueObject): ...@@ -977,6 +979,7 @@ class ActivityTool (Folder, UniqueObject):
'/manageLoadBalancing?manage_tabs_message=' + '/manageLoadBalancing?manage_tabs_message=' +
urllib.quote(message)) urllib.quote(message))
security.declarePrivate('process_shutdown')
def process_shutdown(self, phase, time_in_phase): def process_shutdown(self, phase, time_in_phase):
""" """
Prevent shutdown from happening while an activity queue is Prevent shutdown from happening while an activity queue is
...@@ -989,6 +992,7 @@ class ActivityTool (Folder, UniqueObject): ...@@ -989,6 +992,7 @@ class ActivityTool (Folder, UniqueObject):
is_running_lock.acquire() is_running_lock.acquire()
LOG('CMFActivity', INFO, "Shutdown: Activities finished.") LOG('CMFActivity', INFO, "Shutdown: Activities finished.")
security.declareProtected(CMFCorePermissions.ManagePortal, 'process_timer')
def process_timer(self, tick, interval, prev="", next=""): def process_timer(self, tick, interval, prev="", next=""):
""" """
Call distribute() if we are the Distributing Node and call tic() Call distribute() if we are the Distributing Node and call tic()
...@@ -1112,6 +1116,7 @@ class ActivityTool (Folder, UniqueObject): ...@@ -1112,6 +1116,7 @@ class ActivityTool (Folder, UniqueObject):
return True return True
return False return False
security.declarePrivate('getActivityBuffer')
def getActivityBuffer(self, create_if_not_found=True): def getActivityBuffer(self, create_if_not_found=True):
""" """
Get activtity buffer for this thread for this activity tool. Get activtity buffer for this thread for this activity tool.
......
...@@ -452,6 +452,8 @@ class Category(Folder): ...@@ -452,6 +452,8 @@ class Category(Folder):
display_id='logical_path', display_id='logical_path',
base=base, **kw) base=base, **kw)
security.declareProtected(Permissions.AccessContentsInformation,
'getCategoryChildTranslatedLogicalPathItemList')
def getCategoryChildTranslatedLogicalPathItemList(self, def getCategoryChildTranslatedLogicalPathItemList(self,
recursive=1, base=0, **kw): recursive=1, base=0, **kw):
""" """
...@@ -652,6 +654,7 @@ class Category(Folder): ...@@ -652,6 +654,7 @@ class Category(Folder):
# Predicate interface # Predicate interface
_operators = [] _operators = []
security.declareProtected(Permissions.AccessContentsInformation, 'test')
def test(self, context): def test(self, context):
""" """
A Predicate can be tested on a given context A Predicate can be tested on a given context
...@@ -799,10 +802,12 @@ class BaseCategory(Category): ...@@ -799,10 +802,12 @@ class BaseCategory(Category):
# BBB: Required to start instance with old # BBB: Required to start instance with old
# version of erp5_property_sheets BT. # version of erp5_property_sheets BT.
related_locally_indexed = False related_locally_indexed = False
security.declarePrivate('isRelatedLocallyIndexed')
def isRelatedLocallyIndexed(self): def isRelatedLocallyIndexed(self):
"""Determines if related values should be indexed on target documents""" """Determines if related values should be indexed on target documents"""
return self.related_locally_indexed return self.related_locally_indexed
security.declareProtected(Permissions.AccessContentsInformation, 'asSQLExpression')
def asSQLExpression(self, strict_membership=0, table='category', base_category=None): def asSQLExpression(self, strict_membership=0, table='category', base_category=None):
""" """
A Predicate can be rendered as an sql expression. This A Predicate can be rendered as an sql expression. This
......
...@@ -66,6 +66,7 @@ class Agent(Folder, Image): ...@@ -66,6 +66,7 @@ class Agent(Folder, Image):
security.declareProtected(Permissions.AccessContentsInformation, 'viewImage') security.declareProtected(Permissions.AccessContentsInformation, 'viewImage')
viewImage = Image.index_html viewImage = Image.index_html
security.declareProtected(Permissions.ModifyPortalContent, 'importSignature')
def importSignature(self, import_file=None, form_id=None, REQUEST=None, **kw): def importSignature(self, import_file=None, form_id=None, REQUEST=None, **kw):
""" """
Imports a scan of a signature. Imports a scan of a signature.
...@@ -89,4 +90,3 @@ class Agent(Folder, Image): ...@@ -89,4 +90,3 @@ class Agent(Folder, Image):
ret_url = self.absolute_url() + '/' + REQUEST.get('form_id', 'view') ret_url = self.absolute_url() + '/' + REQUEST.get('form_id', 'view')
REQUEST.RESPONSE.redirect("%s?portal_status_message=Signature+Imported+Successfully" REQUEST.RESPONSE.redirect("%s?portal_status_message=Signature+Imported+Successfully"
% ret_url) % ret_url)
...@@ -57,6 +57,8 @@ class BaseCategory(CMFBaseCategory, XMLObject): ...@@ -57,6 +57,8 @@ class BaseCategory(CMFBaseCategory, XMLObject):
, PropertySheet.Predicate) , PropertySheet.Predicate)
# Experimental - WebDAV browsing support - ask JPS # Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self): def experimental_listDAVObjects(self):
from zLOG import LOG from zLOG import LOG
LOG("BaseCategory listDAVObjects" ,0, "listDAVObjects") LOG("BaseCategory listDAVObjects" ,0, "listDAVObjects")
......
...@@ -57,6 +57,8 @@ class BudgetModel(Predicate): ...@@ -57,6 +57,8 @@ class BudgetModel(Predicate):
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation) security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0): def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""Return the cell range to use for the budget. """Return the cell range to use for the budget.
""" """
...@@ -74,6 +76,8 @@ class BudgetModel(Predicate): ...@@ -74,6 +76,8 @@ class BudgetModel(Predicate):
cell_range.extend(variation_cell_range) cell_range.extend(variation_cell_range)
return cell_range return cell_range
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False): def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""Return the cell range to use for the budget consumption. """Return the cell range to use for the budget consumption.
...@@ -94,6 +98,8 @@ class BudgetModel(Predicate): ...@@ -94,6 +98,8 @@ class BudgetModel(Predicate):
cell_range.extend(variation_cell_range) cell_range.extend(variation_cell_range)
return cell_range return cell_range
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell): def getInventoryQueryDict(self, budget_cell):
"""Returns the query dict to pass to simulation query for a budget cell """Returns the query dict to pass to simulation query for a budget cell
""" """
...@@ -112,6 +118,8 @@ class BudgetModel(Predicate): ...@@ -112,6 +118,8 @@ class BudgetModel(Predicate):
query_dict.setdefault('at_date', start_date_range_max.latestTime()) query_dict.setdefault('at_date', start_date_range_max.latestTime())
return query_dict return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line): def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line """Returns the query dict to pass to simulation query for a budget line
""" """
...@@ -155,6 +163,8 @@ class BudgetModel(Predicate): ...@@ -155,6 +163,8 @@ class BudgetModel(Predicate):
cell_key += (key,) cell_key += (key,)
return cell_key return cell_key
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self): def asBudgetPredicate(self):
" " " "
# XXX predicate for line / cell ? # XXX predicate for line / cell ?
......
...@@ -121,6 +121,8 @@ class BusinessLink(Path, Predicate): ...@@ -121,6 +121,8 @@ class BusinessLink(Path, Predicate):
method = getattr(movement, method_id) # We wish to raise if it does not exist method = getattr(movement, method_id) # We wish to raise if it does not exist
return method() return method()
security.declareProtected(Permissions.AccessContentsInformation,
'getCompletionDate')
def getCompletionDate(self, explanation): def getCompletionDate(self, explanation):
"""Returns the date of completion of business path in the """Returns the date of completion of business path in the
context of the explanation. The completion date of the Business context of the explanation. The completion date of the Business
...@@ -220,6 +222,7 @@ class BusinessLink(Path, Predicate): ...@@ -220,6 +222,7 @@ class BusinessLink(Path, Predicate):
return False return False
return True return True
security.declareProtected(Permissions.AccessContentsInformation, 'isDelivered')
def isDelivered(self, explanation): def isDelivered(self, explanation):
"""Returns True is all simulation movements related to this """Returns True is all simulation movements related to this
Business Link in the context of given explanation are built Business Link in the context of given explanation are built
......
This diff is collapsed.
...@@ -145,6 +145,8 @@ class Category(CMFCategory, Predicate, MetaNode, MetaResource): ...@@ -145,6 +145,8 @@ class Category(CMFCategory, Predicate, MetaNode, MetaResource):
return None return None
# Experimental - WebDAV browsing support - ask JPS # Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self): def experimental_listDAVObjects(self):
""" """
""" """
......
...@@ -56,10 +56,14 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -56,10 +56,14 @@ class CategoryBudgetVariation(BudgetVariation):
# zope.interface.implements(BudgetVariation, ) # zope.interface.implements(BudgetVariation, )
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self): def asBudgetPredicate(self):
"""This budget variation in a predicate """This budget variation in a predicate
""" """
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0): def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""The cell range added by this variation """The cell range added by this variation
""" """
...@@ -69,6 +73,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -69,6 +73,8 @@ class CategoryBudgetVariation(BudgetVariation):
return [[(i[1], i[0]) for i in item_list if i[1] in variation_category_list]] return [[(i[1], i[0]) for i in item_list if i[1] in variation_category_list]]
return [[i[1] for i in item_list if i[1] in variation_category_list]] return [[i[1] for i in item_list if i[1] in variation_category_list]]
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False): def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""The cell range added by this variation for consumption """The cell range added by this variation for consumption
""" """
...@@ -101,6 +107,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -101,6 +107,8 @@ class CategoryBudgetVariation(BudgetVariation):
return [[(i[1], i[0]) for i in item_list if i[0] in used_node_item_set]] return [[(i[1], i[0]) for i in item_list if i[0] in used_node_item_set]]
return [[i[1] for i in item_list if i[1] in used_node_item_set]] return [[i[1] for i in item_list if i[1] in used_node_item_set]]
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell): def getInventoryQueryDict(self, budget_cell):
""" Query dict to pass to simulation query """ Query dict to pass to simulation query
""" """
...@@ -144,6 +152,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -144,6 +152,8 @@ class CategoryBudgetVariation(BudgetVariation):
return query_dict return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line): def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line """Returns the query dict to pass to simulation query for a budget line
""" """
...@@ -195,6 +205,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -195,6 +205,8 @@ class CategoryBudgetVariation(BudgetVariation):
return query_dict return query_dict
return {} return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetVariationRangeCategoryList')
def getBudgetVariationRangeCategoryList(self, context): def getBudgetVariationRangeCategoryList(self, context):
"""Returns the Variation Range Category List that can be applied to this """Returns the Variation Range Category List that can be applied to this
budget. budget.
...@@ -216,6 +228,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -216,6 +228,8 @@ class CategoryBudgetVariation(BudgetVariation):
checked_permission='View') checked_permission='View')
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetLineVariationRangeCategoryList')
def getBudgetLineVariationRangeCategoryList(self, budget_line): def getBudgetLineVariationRangeCategoryList(self, budget_line):
"""Returns the Variation Range Category List that can be applied to this """Returns the Variation Range Category List that can be applied to this
budget line. budget line.
...@@ -246,6 +260,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -246,6 +260,8 @@ class CategoryBudgetVariation(BudgetVariation):
return getattr(portal.portal_categories.unrestrictedTraverse(base_category), return getattr(portal.portal_categories.unrestrictedTraverse(base_category),
item_list_method)(**item_list_method_parameter_dict) item_list_method)(**item_list_method_parameter_dict)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudgetLine')
def initializeBudgetLine(self, budget_line): def initializeBudgetLine(self, budget_line):
"""Initialize a budget line """Initialize a budget line
""" """
...@@ -263,6 +279,8 @@ class CategoryBudgetVariation(BudgetVariation): ...@@ -263,6 +279,8 @@ class CategoryBudgetVariation(BudgetVariation):
budget_line.setMembershipCriterionBaseCategoryList( budget_line.setMembershipCriterionBaseCategoryList(
budget_line_membership_criterion_base_category_list) budget_line_membership_criterion_base_category_list)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudget')
def initializeBudget(self, budget): def initializeBudget(self, budget):
"""Initialize a budget. """Initialize a budget.
""" """
......
...@@ -108,6 +108,8 @@ class Container(Movement, XMLObject): ...@@ -108,6 +108,8 @@ class Container(Movement, XMLObject):
""" """
return False return False
security.declareProtected(Permissions.AccessContentsInformation,
'getContainerText')
def getContainerText(self): def getContainerText(self):
""" """
Creates a unique string which allows to compare/hash two containers Creates a unique string which allows to compare/hash two containers
......
...@@ -339,6 +339,7 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin, ...@@ -339,6 +339,7 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
divergence_list.extend(simulation_movement.getDivergenceList()) divergence_list.extend(simulation_movement.getDivergenceList())
return divergence_list return divergence_list
security.declareProtected(Permissions.AccessContentsInformation, 'updateCausalityState')
@UnrestrictedMethod @UnrestrictedMethod
def updateCausalityState(self, solve_automatically=True, **kw): def updateCausalityState(self, solve_automatically=True, **kw):
""" """
...@@ -369,6 +370,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin, ...@@ -369,6 +370,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
if kw: if kw:
super(Delivery, self).updateSimulation(**kw) super(Delivery, self).updateSimulation(**kw)
security.declareProtected(Permissions.AccessContentsInformation,
'splitAndDeferMovementList')
def splitAndDeferMovementList(self, start_date=None, stop_date=None, def splitAndDeferMovementList(self, start_date=None, stop_date=None,
movement_uid_list=[], delivery_solver=None, movement_uid_list=[], delivery_solver=None,
target_solver='CopyToTarget', delivery_builder=None): target_solver='CopyToTarget', delivery_builder=None):
...@@ -757,6 +760,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin, ...@@ -757,6 +760,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
""" """
pass pass
security.declareProtected(Permissions.AccessContentsInformation,
'getBuilderList')
def getBuilderList(self): def getBuilderList(self):
"""Returns appropriate builder list.""" """Returns appropriate builder list."""
return self._getTypeBasedMethod('getBuilderList')() return self._getTypeBasedMethod('getBuilderList')()
...@@ -832,6 +837,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin, ...@@ -832,6 +837,8 @@ class Delivery(XMLObject, ImmobilisationDelivery, SimulableMixin,
result += movement.getDeliveryRelatedValueList() result += movement.getDeliveryRelatedValueList()
return result return result
security.declareProtected(Permissions.AccessContentsInformation,
'getDivergentTesterAndSimulationMovementList')
def getDivergentTesterAndSimulationMovementList(self): def getDivergentTesterAndSimulationMovementList(self):
""" """
This method returns a list of (tester, simulation_movement) for each divergence. This method returns a list of (tester, simulation_movement) for each divergence.
......
...@@ -465,6 +465,7 @@ class DeliveryLine(Movement, XMLMatrix, ImmobilisationMovement): ...@@ -465,6 +465,7 @@ class DeliveryLine(Movement, XMLMatrix, ImmobilisationMovement):
delivery_ratio = 1.0 / len(s_m_list_per_movement) delivery_ratio = 1.0 / len(s_m_list_per_movement)
s_m.edit(delivery_ratio=delivery_ratio) s_m.edit(delivery_ratio=delivery_ratio)
security.declareProtected(Permissions.ModifyPortalContent, 'solve')
def solve(self, decision_list): def solve(self, decision_list):
"""Solves line according to decision list """Solves line according to decision list
""" """
......
...@@ -313,7 +313,7 @@ class Document(DocumentExtensibleTraversableMixin, XMLObject, UrlMixin, ...@@ -313,7 +313,7 @@ class Document(DocumentExtensibleTraversableMixin, XMLObject, UrlMixin,
text = self.getSearchableText() # XXX getSearchableText or asText ? text = self.getSearchableText() # XXX getSearchableText or asText ?
return self._getSearchableReferenceList(text) return self._getSearchableReferenceList(text)
security.declareProtected(Permissions.AccessContentsInformation, 'getSearchableReferenceList') security.declareProtected(Permissions.AccessContentsInformation, 'isSearchableReference')
def isSearchableReference(self): def isSearchableReference(self):
""" """
Determine if current document's reference can be used for searching - i.e. follows Determine if current document's reference can be used for searching - i.e. follows
......
...@@ -120,6 +120,8 @@ class Domain(Predicate, MetaNode, MetaResource): ...@@ -120,6 +120,8 @@ class Domain(Predicate, MetaNode, MetaResource):
domain = self.newContent(id=id, portal_type='Domain', temp_object=1) domain = self.newContent(id=id, portal_type='Domain', temp_object=1)
return domain.__of__(self) return domain.__of__(self)
security.declareProtected(Permissions.AccessContentsInformation,
'getChildDomainValueList')
def getChildDomainValueList(self, parent = None, **kw): def getChildDomainValueList(self, parent = None, **kw):
""" """
Return child domain objects already present or me may generate Return child domain objects already present or me may generate
...@@ -130,6 +132,8 @@ class Domain(Predicate, MetaNode, MetaResource): ...@@ -130,6 +132,8 @@ class Domain(Predicate, MetaNode, MetaResource):
return self.portal_domains.getChildDomainValueList(parent, **kw) return self.portal_domains.getChildDomainValueList(parent, **kw)
# Experimental - WebDAV browsing support - ask JPS # Experimental - WebDAV browsing support - ask JPS
security.declareProtected(Permissions.AccessContentsInformation,
'experimental_listDAVObjects')
def experimental_listDAVObjects(self): def experimental_listDAVObjects(self):
result = self.objectValues(portal_type = self.getPortalType()) result = self.objectValues(portal_type = self.getPortalType())
result.extend(self.portal_catalog(selection_domain = self)) result.extend(self.portal_catalog(selection_domain = self))
......
...@@ -30,6 +30,7 @@ from AccessControl import ClassSecurityInfo ...@@ -30,6 +30,7 @@ from AccessControl import ClassSecurityInfo
from Products.ERP5Type import Permissions, PropertySheet from Products.ERP5Type import Permissions, PropertySheet
from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5.Document.Movement import Movement from Products.ERP5.Document.Movement import Movement
from Products.ERP5.Document.EmailDocument import EmailDocument from Products.ERP5.Document.EmailDocument import EmailDocument
...@@ -60,6 +61,8 @@ class AcknowledgeableMixin: ...@@ -60,6 +61,8 @@ class AcknowledgeableMixin:
return method(**kw) return method(**kw)
return None return None
security.declareProtected(Permissions.AccessContentsInformation,
'hasAcknowledgementActivity')
def hasAcknowledgementActivity(self, user_name=None): def hasAcknowledgementActivity(self, user_name=None):
""" """
We will check if there is some current activities running or not We will check if there is some current activities running or not
...@@ -88,6 +91,8 @@ class AcknowledgeableMixin: ...@@ -88,6 +91,8 @@ class AcknowledgeableMixin:
result = True result = True
return result return result
InitializeClass(AcknowledgeableMixin)
class Event(Movement, EmailDocument, AcknowledgeableMixin): class Event(Movement, EmailDocument, AcknowledgeableMixin):
""" """
Event is the base class for all events in ERP5. Event is the base class for all events in ERP5.
......
...@@ -57,6 +57,7 @@ class FIFODeliverySolver(XMLObject): ...@@ -57,6 +57,7 @@ class FIFODeliverySolver(XMLObject):
zope.interface.implements(interfaces.IDeliverySolver,) zope.interface.implements(interfaces.IDeliverySolver,)
# IDeliverySolver Implementation # IDeliverySolver Implementation
security.declareProtected(Permissions.AccessContentsInformation, 'getTotalQuantity')
def getTotalQuantity(self): def getTotalQuantity(self):
""" """
Move this to mixin Move this to mixin
...@@ -66,6 +67,7 @@ class FIFODeliverySolver(XMLObject): ...@@ -66,6 +67,7 @@ class FIFODeliverySolver(XMLObject):
total_quantity += movement.getQuantity() total_quantity += movement.getQuantity()
return total_quantity return total_quantity
security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
def setTotalQuantity(self, new_quantity, activate_kw=None): def setTotalQuantity(self, new_quantity, activate_kw=None):
""" """
""" """
......
...@@ -120,12 +120,14 @@ class File(Document, CMFFile): ...@@ -120,12 +120,14 @@ class File(Document, CMFFile):
security.declareProtected( Permissions.ModifyPortalContent, 'edit' ) security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
edit = WorkflowMethod( _edit ) edit = WorkflowMethod( _edit )
security.declareProtected(Permissions.View, 'get_size')
def get_size(self): def get_size(self):
""" """
has to be overwritten here, otherwise WebDAV fails has to be overwritten here, otherwise WebDAV fails
""" """
return self.getSize() return self.getSize()
security.declareProtected(Permissions.View, 'getcontentlength')
getcontentlength = get_size getcontentlength = get_size
def _get_content_type(*args, **kw): def _get_content_type(*args, **kw):
......
...@@ -438,6 +438,7 @@ class Image(TextConvertableMixin, File, OFSImage): ...@@ -438,6 +438,7 @@ class Image(TextConvertableMixin, File, OFSImage):
File.PUT(self, REQUEST, RESPONSE) File.PUT(self, REQUEST, RESPONSE)
self._update_image_info() self._update_image_info()
security.declareProtected(Permissions.AccessContentsInformation, 'getDefaultImageQuality')
def getDefaultImageQuality(self, format=None): def getDefaultImageQuality(self, format=None):
""" """
Get default image quality for a format. Get default image quality for a format.
......
...@@ -70,6 +70,7 @@ class Item(XMLObject, Amount): ...@@ -70,6 +70,7 @@ class Item(XMLObject, Amount):
""" """
return XMLObject.generateNewId(self, id_group=id_group, default=default, method=method) return XMLObject.generateNewId(self, id_group=id_group, default=default, method=method)
security.declareProtected(Permissions.AccessContentsInformation, 'getPrice')
def getPrice(self,context=None,**kw): def getPrice(self,context=None,**kw):
""" """
Get the Price in the context. Get the Price in the context.
...@@ -85,15 +86,14 @@ class Item(XMLObject, Amount): ...@@ -85,15 +86,14 @@ class Item(XMLObject, Amount):
local_price = resource.getPrice(self.asContext( context=context, **kw)) local_price = resource.getPrice(self.asContext( context=context, **kw))
return local_price return local_price
security.declareProtected(Permissions.ModifyPortalContent, 'getRemainingQuantity') security.declareProtected(Permissions.AccessContentsInformation,
'getRemainingQuantity')
def getRemainingQuantity(self): def getRemainingQuantity(self):
""" """
Computes the quantity of an item minus quantity of all sub_items Computes the quantity of an item minus quantity of all sub_items
""" """
sub_quantity = 0 sub_quantity = 0
sub_item_list = [document for sub_item in self.objectValues():
for document in self.objectValues() if sub_item.isItem():
if document.isItem()]
for sub_item in sub_item_list :
sub_quantity += sub_item.getQuantity() sub_quantity += sub_item.getQuantity()
return self.getQuantity() - sub_quantity return self.getQuantity() - sub_quantity
...@@ -57,6 +57,7 @@ class MinimisePriceDeliverySolver(FIFODeliverySolver): ...@@ -57,6 +57,7 @@ class MinimisePriceDeliverySolver(FIFODeliverySolver):
zope.interface.implements(interfaces.IDeliverySolver,) zope.interface.implements(interfaces.IDeliverySolver,)
# IDeliverySolver Implementation # IDeliverySolver Implementation
security.declareProtected(Permissions.ModifyPortalContent, 'setTotalQuantity')
def setTotalQuantity(self, new_quantity, activate_kw=None): def setTotalQuantity(self, new_quantity, activate_kw=None):
""" """
""" """
......
...@@ -512,6 +512,8 @@ class Movement(XMLObject, Amount, CompositionMixin, AmountGeneratorMixin): ...@@ -512,6 +512,8 @@ class Movement(XMLObject, Amount, CompositionMixin, AmountGeneratorMixin):
return True return True
return False return False
security.declareProtected(Permissions.AccessContentsInformation,
'getDivergenceList')
def getDivergenceList(self): def getDivergenceList(self):
""" """
Return a list of messages that contains the divergences Return a list of messages that contains the divergences
......
...@@ -45,6 +45,8 @@ class NetConvertedQuantityEquivalenceTester(FloatEquivalenceTester): ...@@ -45,6 +45,8 @@ class NetConvertedQuantityEquivalenceTester(FloatEquivalenceTester):
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation) security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement): def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
""" """
Returns a list of properties to update on decision_movement Returns a list of properties to update on decision_movement
......
...@@ -61,6 +61,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -61,6 +61,8 @@ class NodeBudgetVariation(BudgetVariation):
# zope.interface.implements(BudgetVariation, ) # zope.interface.implements(BudgetVariation, )
security.declareProtected(Permissions.AccessContentsInformation,
'asBudgetPredicate')
def asBudgetPredicate(self): def asBudgetPredicate(self):
"""This budget variation in a predicate """This budget variation in a predicate
""" """
...@@ -87,6 +89,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -87,6 +89,8 @@ class NodeBudgetVariation(BudgetVariation):
node_title_method_id = self.getProperty('node_title_method_id', 'getTitle') node_title_method_id = self.getProperty('node_title_method_id', 'getTitle')
return guarded_getattr(node, node_title_method_id)() return guarded_getattr(node, node_title_method_id)()
security.declareProtected(Permissions.AccessContentsInformation,
'getCellRangeForBudgetLine')
def getCellRangeForBudgetLine(self, budget_line, matrixbox=0): def getCellRangeForBudgetLine(self, budget_line, matrixbox=0):
"""The cell range added by this variation """The cell range added by this variation
""" """
...@@ -103,6 +107,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -103,6 +107,8 @@ class NodeBudgetVariation(BudgetVariation):
return [[i for i in node_item_list if i[0] in variation_category_list]] return [[i for i in node_item_list if i[0] in variation_category_list]]
return [[i[0] for i in node_item_list if i[0] in variation_category_list]] return [[i[0] for i in node_item_list if i[0] in variation_category_list]]
security.declareProtected(Permissions.AccessContentsInformation,
'getConsumptionCellRangeForBudgetLine')
def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False): def getConsumptionCellRangeForBudgetLine(self, budget_line, matrixbox=0, engaged_budget=False):
"""The cell range added by this variation for consumption """The cell range added by this variation for consumption
""" """
...@@ -136,6 +142,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -136,6 +142,8 @@ class NodeBudgetVariation(BudgetVariation):
return [[i for i in node_item_list if i[0] in used_node_item_set]] return [[i for i in node_item_list if i[0] in used_node_item_set]]
return [[i[0] for i in node_item_list if i[0] in used_node_item_set]] return [[i[0] for i in node_item_list if i[0] in used_node_item_set]]
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryQueryDict')
def getInventoryQueryDict(self, budget_cell): def getInventoryQueryDict(self, budget_cell):
""" Query dict to pass to simulation query """ Query dict to pass to simulation query
""" """
...@@ -218,6 +226,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -218,6 +226,8 @@ class NodeBudgetVariation(BudgetVariation):
return query_dict return query_dict
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryListQueryDict')
def getInventoryListQueryDict(self, budget_line): def getInventoryListQueryDict(self, budget_line):
"""Returns the query dict to pass to simulation query for a budget line """Returns the query dict to pass to simulation query for a budget line
""" """
...@@ -309,6 +319,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -309,6 +319,8 @@ class NodeBudgetVariation(BudgetVariation):
self.getProperty('variation_base_category'),) self.getProperty('variation_base_category'),)
return key return key
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetLineVariationRangeCategoryList')
def getBudgetLineVariationRangeCategoryList(self, budget_line): def getBudgetLineVariationRangeCategoryList(self, budget_line):
"""Returns the Variation Range Category List that can be applied to this """Returns the Variation Range Category List that can be applied to this
budget line. budget line.
...@@ -320,6 +332,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -320,6 +332,8 @@ class NodeBudgetVariation(BudgetVariation):
return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl())) return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
for node in self._getNodeList(budget_line)] for node in self._getNodeList(budget_line)]
security.declareProtected(Permissions.AccessContentsInformation,
'getBudgetVariationRangeCategoryList')
def getBudgetVariationRangeCategoryList(self, budget): def getBudgetVariationRangeCategoryList(self, budget):
"""Returns the Variation Range Category List that can be applied to this """Returns the Variation Range Category List that can be applied to this
budget. budget.
...@@ -331,6 +345,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -331,6 +345,8 @@ class NodeBudgetVariation(BudgetVariation):
return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl())) return [(self._getNodeTitle(node), '%s%s' % (prefix, node.getRelativeUrl()))
for node in self._getNodeList(budget)] for node in self._getNodeList(budget)]
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudgetLine')
def initializeBudgetLine(self, budget_line): def initializeBudgetLine(self, budget_line):
"""Initialize a budget line """Initialize a budget line
""" """
...@@ -348,6 +364,8 @@ class NodeBudgetVariation(BudgetVariation): ...@@ -348,6 +364,8 @@ class NodeBudgetVariation(BudgetVariation):
budget_line.setMembershipCriterionBaseCategoryList( budget_line.setMembershipCriterionBaseCategoryList(
budget_line_membership_criterion_base_category_list) budget_line_membership_criterion_base_category_list)
security.declareProtected(Permissions.ModifyPortalContent,
'initializeBudget')
def initializeBudget(self, budget): def initializeBudget(self, budget):
"""Initialize a budget. """Initialize a budget.
""" """
......
...@@ -67,6 +67,8 @@ class QuantityUnitConversionDefinition(XMLObject): ...@@ -67,6 +67,8 @@ class QuantityUnitConversionDefinition(XMLObject):
return default_title return default_title
security.declareProtected(Permissions.AccessContentsInformation,
'getConversionRatio')
def getConversionRatio(self): def getConversionRatio(self):
""" """
Compute conversion ratio associated with this definition Compute conversion ratio associated with this definition
......
...@@ -1007,6 +1007,8 @@ class Resource(XMLObject, XMLMatrix, VariatedMixin): ...@@ -1007,6 +1007,8 @@ class Resource(XMLObject, XMLMatrix, VariatedMixin):
return insert_list return insert_list
security.declareProtected(Permissions.AccessContentsInformation,
'getQuantityUnitDefinitionRatio')
def getQuantityUnitDefinitionRatio(self, quantity_unit_value): def getQuantityUnitDefinitionRatio(self, quantity_unit_value):
""" """
get the ratio used to define the quantity unit quantity_unit_value. get the ratio used to define the quantity unit quantity_unit_value.
......
...@@ -93,6 +93,7 @@ class SimulatedDeliveryBuilder(BuilderMixin): ...@@ -93,6 +93,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
, PropertySheet.DeliveryBuilder , PropertySheet.DeliveryBuilder
) )
security.declarePrivate('callBeforeBuildingScript')
def callBeforeBuildingScript(self): # XXX-JPS def callBeforeBuildingScript(self): # XXX-JPS
""" """
Redefine this method, because it seems nothing interesting can be Redefine this method, because it seems nothing interesting can be
...@@ -100,6 +101,7 @@ class SimulatedDeliveryBuilder(BuilderMixin): ...@@ -100,6 +101,7 @@ class SimulatedDeliveryBuilder(BuilderMixin):
""" """
pass pass
security.declarePrivate('searchMovementList')
@UnrestrictedMethod @UnrestrictedMethod
def searchMovementList(self, applied_rule_uid=None, **kw): def searchMovementList(self, applied_rule_uid=None, **kw):
""" """
...@@ -189,6 +191,8 @@ class SimulatedDeliveryBuilder(BuilderMixin): ...@@ -189,6 +191,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
delivery_relative_url, delivery_relative_url,
divergence_to_adopt_list=divergence_to_adopt_list) divergence_to_adopt_list=divergence_to_adopt_list)
security.declareProtected(Permissions.ModifyPortalContent,
'solveDeliveryGroupDivergence')
@UnrestrictedMethod @UnrestrictedMethod
def solveDeliveryGroupDivergence(self, delivery_relative_url, def solveDeliveryGroupDivergence(self, delivery_relative_url,
property_dict=None): property_dict=None):
...@@ -333,6 +337,8 @@ class SimulatedDeliveryBuilder(BuilderMixin): ...@@ -333,6 +337,8 @@ class SimulatedDeliveryBuilder(BuilderMixin):
return delivery_list return delivery_list
security.declareProtected(Permissions.ModifyPortalContent,
'solveDivergence')
solveDivergence = UnrestrictedMethod(_solveDivergence) solveDivergence = UnrestrictedMethod(_solveDivergence)
def _createDelivery(self, delivery_module, movement_list, activate_kw): def _createDelivery(self, delivery_module, movement_list, activate_kw):
......
...@@ -722,6 +722,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin): ...@@ -722,6 +722,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
return True return True
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverProcessValueList')
def getSolverProcessValueList(self, movement=None, validation_state=None): def getSolverProcessValueList(self, movement=None, validation_state=None):
""" """
Returns the list of solver processes which are Returns the list of solver processes which are
...@@ -736,6 +738,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin): ...@@ -736,6 +738,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
""" """
raise NotImplementedError raise NotImplementedError
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverDecisionValueList')
def getSolverDecisionValueList(self, movement=None, validation_state=None): def getSolverDecisionValueList(self, movement=None, validation_state=None):
""" """
Returns the list of solver decisions which apply Returns the list of solver decisions which apply
...@@ -748,6 +752,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin): ...@@ -748,6 +752,8 @@ class SimulationMovement(PropertyRecordableMixin, Movement, ExplainableMixin):
""" """
raise NotImplementedError raise NotImplementedError
security.declareProtected(Permissions.AccessContentsInformation,
'getSolvedPropertyApplicationValueList')
def getSolvedPropertyApplicationValueList(self, movement=None, divergence_tester=None): def getSolvedPropertyApplicationValueList(self, movement=None, divergence_tester=None):
""" """
Returns the list of documents at which a given divergence resolution Returns the list of documents at which a given divergence resolution
......
...@@ -80,6 +80,8 @@ class SolverDecision(ConfigurableMixin, XMLObject): ...@@ -80,6 +80,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
zope.interface.implements(interfaces.IConfigurable, zope.interface.implements(interfaces.IConfigurable,
) )
security.declareProtected(Permissions.AccessContentsInformation,
'getDefaultConfigurationPropertyDict')
def getDefaultConfigurationPropertyDict(self): def getDefaultConfigurationPropertyDict(self):
""" """
Returns a dictionary of default properties for specified Returns a dictionary of default properties for specified
...@@ -92,6 +94,8 @@ class SolverDecision(ConfigurableMixin, XMLObject): ...@@ -92,6 +94,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
else: else:
return solver_type.getDefaultConfigurationPropertyDict(self) return solver_type.getDefaultConfigurationPropertyDict(self)
security.declareProtected(Permissions.AccessContentsInformation,
'getConfigurationPropertyListDict')
def getConfigurationPropertyListDict(self): def getConfigurationPropertyListDict(self):
""" """
Returns a dictionary of possible values for specified Returns a dictionary of possible values for specified
...@@ -104,6 +108,8 @@ class SolverDecision(ConfigurableMixin, XMLObject): ...@@ -104,6 +108,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
else: else:
return solver_type.getConfigurationPropertyListDict(self) return solver_type.getConfigurationPropertyListDict(self)
security.declareProtected(Permissions.AccessContentsInformation,
'searchDeliverySolverList')
def searchDeliverySolverList(self, **kw): def searchDeliverySolverList(self, **kw):
""" """
this method returns a list of delivery solvers, as predicates against this method returns a list of delivery solvers, as predicates against
...@@ -115,6 +121,8 @@ class SolverDecision(ConfigurableMixin, XMLObject): ...@@ -115,6 +121,8 @@ class SolverDecision(ConfigurableMixin, XMLObject):
solver_list = target_solver_type.getDeliverySolverValueList() solver_list = target_solver_type.getDeliverySolverValueList()
return filter(lambda x:x.test(self), solver_list) return filter(lambda x:x.test(self), solver_list)
security.declareProtected(Permissions.AccessContentsInformation,
'getExplanationMessage')
def getExplanationMessage(self, all=False): def getExplanationMessage(self, all=False):
""" """
Returns the HTML message that describes the detail of divergences to Returns the HTML message that describes the detail of divergences to
......
...@@ -78,6 +78,7 @@ class SolverProcess(XMLObject, ActiveProcess): ...@@ -78,6 +78,7 @@ class SolverProcess(XMLObject, ActiveProcess):
) )
# Implementation # Implementation
security.declareProtected(Permissions.ModifyPortalContent, 'buildTargetSolverList')
@UnrestrictedMethod @UnrestrictedMethod
def buildTargetSolverList(self): def buildTargetSolverList(self):
""" """
...@@ -176,6 +177,7 @@ class SolverProcess(XMLObject, ActiveProcess): ...@@ -176,6 +177,7 @@ class SolverProcess(XMLObject, ActiveProcess):
# ISolver implementation # ISolver implementation
# Solver Process Workflow Interface # Solver Process Workflow Interface
# NOTE: how can we consider that a workflow defines or provides an interface ? # NOTE: how can we consider that a workflow defines or provides an interface ?
security.declareProtected(Permissions.ModifyPortalContent, 'solve')
def solve(self, activate_kw=None): def solve(self, activate_kw=None):
""" """
Start solving Start solving
...@@ -200,6 +202,8 @@ class SolverProcess(XMLObject, ActiveProcess): ...@@ -200,6 +202,8 @@ class SolverProcess(XMLObject, ActiveProcess):
activate_kw=activate_kw) activate_kw=activate_kw)
# API # API
security.declareProtected(Permissions.AccessContentsInformation,
'isSolverDecisionListConsistent')
def isSolverDecisionListConsistent(self): def isSolverDecisionListConsistent(self):
""" """
Returns True is the Solver Process decisions do not Returns True is the Solver Process decisions do not
...@@ -208,6 +212,8 @@ class SolverProcess(XMLObject, ActiveProcess): ...@@ -208,6 +212,8 @@ class SolverProcess(XMLObject, ActiveProcess):
this helps reducing CPU time. this helps reducing CPU time.
""" """
security.declareProtected(Permissions.ModifyPortalContent,
'buildSolverDecisionList')
def buildSolverDecisionList(self, delivery_or_movement=None): def buildSolverDecisionList(self, delivery_or_movement=None):
""" """
Build (or rebuild) the solver decisions in the solver process Build (or rebuild) the solver decisions in the solver process
......
...@@ -51,6 +51,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation): ...@@ -51,6 +51,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
, PropertySheet.Configurable , PropertySheet.Configurable
) )
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverConflictMessageList')
def getSolverConflictMessageList(self, movement, configuration_mapping, solver_dict, movement_dict): def getSolverConflictMessageList(self, movement, configuration_mapping, solver_dict, movement_dict):
""" """
Returns the list of conflictings messgaes if the solver and configuration_mapping Returns the list of conflictings messgaes if the solver and configuration_mapping
...@@ -89,6 +91,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation): ...@@ -89,6 +91,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
# Return emtpty message list # Return emtpty message list
return () return ()
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverProcessGroupingKey')
def getSolverProcessGroupingKey(self, movement, configuration_mapping, solver_dict, movement_dict): def getSolverProcessGroupingKey(self, movement, configuration_mapping, solver_dict, movement_dict):
""" """
Returns a key which can be used to group solvers during the Returns a key which can be used to group solvers during the
...@@ -140,6 +144,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation): ...@@ -140,6 +144,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
return movement.getRelativeUrl() return movement.getRelativeUrl()
security.declareProtected(Permissions.AccessContentsInformation,
'getDefaultConfigurationPropertyDict')
def getDefaultConfigurationPropertyDict(self, configurable): def getDefaultConfigurationPropertyDict(self, configurable):
""" """
Returns a dictionary of default properties for specified Returns a dictionary of default properties for specified
...@@ -155,6 +161,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation): ...@@ -155,6 +161,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
else: else:
return {} return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getDefaultConfigurationProperty')
def getDefaultConfigurationProperty(self, property, configurable): def getDefaultConfigurationProperty(self, property, configurable):
""" """
Returns the default value for a given property Returns the default value for a given property
...@@ -167,6 +175,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation): ...@@ -167,6 +175,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
""" """
return self.getDefaultConfigurationPropertyDict().get(property, None) return self.getDefaultConfigurationPropertyDict().get(property, None)
security.declareProtected(Permissions.AccessContentsInformation,
'getConfigurationPropertyListDict')
def getConfigurationPropertyListDict(self, configurable): def getConfigurationPropertyListDict(self, configurable):
""" """
Returns a dictionary of possible values for specified Returns a dictionary of possible values for specified
...@@ -182,6 +192,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation): ...@@ -182,6 +192,8 @@ class SolverTypeInformation(Predicate, ERP5TypeInformation):
else: else:
return {} return {}
security.declareProtected(Permissions.AccessContentsInformation,
'getConfigurationPropertyList')
def getConfigurationPropertyList(self, property, configurable): def getConfigurationPropertyList(self, property, configurable):
""" """
Returns a list of possible values for a given property Returns a list of possible values for a given property
......
...@@ -104,6 +104,8 @@ class TradeCondition(MappedValue, AmountGeneratorMixin, VariatedMixin): ...@@ -104,6 +104,8 @@ class TradeCondition(MappedValue, AmountGeneratorMixin, VariatedMixin):
return [x for x in context._findEffectiveSpecialiseValueList() return [x for x in context._findEffectiveSpecialiseValueList()
if x.getPortalType() in portal_type_set] if x.getPortalType() in portal_type_set]
security.declareProtected(Permissions.AccessContentsInformation,
'getAggregatedAmountList')
def getAggregatedAmountList(self, *args, **kw): def getAggregatedAmountList(self, *args, **kw):
""" """
""" """
......
...@@ -68,6 +68,8 @@ class TradeModelCell(TradeModelLine): ...@@ -68,6 +68,8 @@ class TradeModelCell(TradeModelLine):
""" """
return 0 return 0
security.declareProtected(Permissions.AccessContentsInformation,
'getQuantity')
def getQuantity(self): def getQuantity(self):
"""Overridden getter to return None instead 0 if undefined""" """Overridden getter to return None instead 0 if undefined"""
return self._baseGetQuantity(None) return self._baseGetQuantity(None)
......
...@@ -101,11 +101,15 @@ class TransformedResource(AmountGeneratorLine): ...@@ -101,11 +101,15 @@ class TransformedResource(AmountGeneratorLine):
value += delivery_amount.getConvertedQuantity() value += delivery_amount.getConvertedQuantity()
return value return value
security.declareProtected(Permissions.AccessContentsInformation,
'getBaseApplication')
def getBaseApplication(self): def getBaseApplication(self):
""" """
""" """
return self.getBaseApplicationList()[0] return self.getBaseApplicationList()[0]
security.declareProtected(Permissions.AccessContentsInformation,
'getBaseApplicationList')
def getBaseApplicationList(self): def getBaseApplicationList(self):
""" """
""" """
......
...@@ -90,6 +90,8 @@ class Url(Coordinate, UrlMixin): ...@@ -90,6 +90,8 @@ class Url(Coordinate, UrlMixin):
return ("http://www.erp5.org", "mailto:info@erp5.org") return ("http://www.erp5.org", "mailto:info@erp5.org")
security.declareProtected(Permissions.AccessContentsInformation,
'getUrlString')
def getUrlString(self, default=_marker): def getUrlString(self, default=_marker):
"""Fallback on coordinate_text """Fallback on coordinate_text
""" """
......
...@@ -85,6 +85,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin): ...@@ -85,6 +85,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
dict(property_name=tested_property)) dict(property_name=tested_property))
return None return None
security.declareProtected(Permissions.AccessContentsInformation,
'generateHashKey')
def generateHashKey(self, movement): def generateHashKey(self, movement):
""" """
Returns a hash key which can be used to optimise the Returns a hash key which can be used to optimise the
...@@ -106,6 +108,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin): ...@@ -106,6 +108,8 @@ class VariationEquivalenceTester(Predicate, EquivalenceTesterMixin):
tested_property)) tested_property))
return 'variation/%r' % (value_list) return 'variation/%r' % (value_list)
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement): def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
""" """
Returns a list of properties to update on decision_movement Returns a list of properties to update on decision_movement
......
...@@ -85,6 +85,7 @@ class CategoryTool(CopyContainer, CMFCategoryTool, BaseTool): ...@@ -85,6 +85,7 @@ class CategoryTool(CopyContainer, CMFCategoryTool, BaseTool):
def hasContent(self,id): def hasContent(self,id):
return id in self.objectIds() return id in self.objectIds()
security.declareProtected(Permissions.AccessContentsInformation, 'getBaseCategoryDict')
@caching_instance_method( @caching_instance_method(
id='portal_categories.getBaseCategoryDict', id='portal_categories.getBaseCategoryDict',
cache_factory='erp5_content_long', cache_factory='erp5_content_long',
......
...@@ -359,6 +359,8 @@ class DomainTool(BaseTool): ...@@ -359,6 +359,8 @@ class DomainTool(BaseTool):
return mapped_value return mapped_value
security.declareProtected(Permissions.AccessContentsInformation,
'getChildDomainValueList')
def getChildDomainValueList(self, parent, **kw): def getChildDomainValueList(self, parent, **kw):
""" """
Return child domain objects already present adn thois generetaded dynamically Return child domain objects already present adn thois generetaded dynamically
...@@ -370,6 +372,8 @@ class DomainTool(BaseTool): ...@@ -370,6 +372,8 @@ class DomainTool(BaseTool):
return object_list return object_list
security.declareProtected(Permissions.AccessContentsInformation,
'getDomainByPath')
def getDomainByPath(self, path, default=_MARKER): def getDomainByPath(self, path, default=_MARKER):
""" """
Return the domain object for a given path Return the domain object for a given path
......
...@@ -279,6 +279,8 @@ class IdTool(BaseTool): ...@@ -279,6 +279,8 @@ class IdTool(BaseTool):
## XXX Old API deprecated ## XXX Old API deprecated
#backward compatibility #backward compatibility
security.declareProtected(Permissions.AccessContentsInformation,
'generateNewLengthIdList')
generateNewLengthIdList = generateNewIdList generateNewLengthIdList = generateNewIdList
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
......
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
# XXX This Mixin is not finished yet. Added as a reference for the # XXX This Mixin is not finished yet. Added as a reference for the
...@@ -86,3 +87,5 @@ class LogMixin: ...@@ -86,3 +87,5 @@ class LogMixin:
""" """
method = self.getTypeBasedMethod('parseLogLine') method = self.getTypeBasedMethod('parseLogLine')
return method(log_name, log_line) return method(log_name, log_line)
InitializeClass(LogMixin)
...@@ -110,7 +110,7 @@ class PasswordTool(BaseTool): ...@@ -110,7 +110,7 @@ class PasswordTool(BaseTool):
def getExpirationDateForKey(self, key=None): def getExpirationDateForKey(self, key=None):
return self._password_request_dict[key][1] return self._password_request_dict[key][1]
security.declarePublic('mailPasswordResetRequest')
def mailPasswordResetRequest(self, user_login=None, REQUEST=None, def mailPasswordResetRequest(self, user_login=None, REQUEST=None,
notification_message=None, sender=None, notification_message=None, sender=None,
store_as_event=False, store_as_event=False,
...@@ -227,33 +227,7 @@ class PasswordTool(BaseTool): ...@@ -227,33 +227,7 @@ class PasswordTool(BaseTool):
data = ' '.join((str(t), str(r), str(a), str(args))) data = ' '.join((str(t), str(r), str(a), str(args)))
return md5(data).hexdigest() return md5(data).hexdigest()
def resetPassword(self, reset_key=None, REQUEST=None): security.declareProtected(Permissions.ModifyPortalContent, 'removeExpiredRequests')
"""
"""
# XXX-Aurel : is it used ?
if REQUEST is None:
REQUEST = get_request()
user_login, expiration_date = self._password_request_dict.get(reset_key, (None, None))
site_url = self.getPortalObject().absolute_url()
if REQUEST and 'came_from' in REQUEST:
site_url = REQUEST.came_from
if reset_key is None or user_login is None:
ret_url = '%s/login_form' % site_url
return REQUEST.RESPONSE.redirect( ret_url )
# check date
current_date = DateTime()
if current_date > expiration_date:
msg = translateString("Date has expire.")
parameter = urlencode(dict(portal_status_message=msg))
ret_url = '%s/login_form?%s' % (site_url, parameter)
return REQUEST.RESPONSE.redirect( ret_url )
# redirect to form as all is ok
REQUEST.set("password_key", reset_key)
return self.reset_password_form(REQUEST=REQUEST)
def removeExpiredRequests(self): def removeExpiredRequests(self):
""" """
Browse dict and remove expired request Browse dict and remove expired request
...@@ -264,6 +238,7 @@ class PasswordTool(BaseTool): ...@@ -264,6 +238,7 @@ class PasswordTool(BaseTool):
if date < current_date: if date < current_date:
del password_request_dict[key] del password_request_dict[key]
security.declarePublic('changeUserPassword')
def changeUserPassword(self, password, password_key, password_confirm=None, def changeUserPassword(self, password, password_key, password_confirm=None,
user_login=None, REQUEST=None, **kw): user_login=None, REQUEST=None, **kw):
""" """
......
...@@ -126,18 +126,26 @@ class SimulationTool(BaseTool): ...@@ -126,18 +126,26 @@ class SimulationTool(BaseTool):
['Manager',]) ['Manager',])
BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container) BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
security.declareProtected(Permissions.AccessContentsInformation,
'solveDelivery')
def solveDelivery(self, delivery, delivery_solver_name, target_solver_name, def solveDelivery(self, delivery, delivery_solver_name, target_solver_name,
additional_parameters=None, **kw): additional_parameters=None, **kw):
""" """
XXX obsoleted API
Solves a delivery by calling first DeliverySolver, then TargetSolver Solves a delivery by calling first DeliverySolver, then TargetSolver
""" """
return self._solveMovementOrDelivery(delivery, delivery_solver_name, return self._solveMovementOrDelivery(delivery, delivery_solver_name,
target_solver_name, delivery=1, target_solver_name, delivery=1,
additional_parameters=additional_parameters, **kw) additional_parameters=additional_parameters, **kw)
security.declareProtected(Permissions.AccessContentsInformation,
'solveMovement')
def solveMovement(self, movement, delivery_solver_name, target_solver_name, def solveMovement(self, movement, delivery_solver_name, target_solver_name,
additional_parameters=None, **kw): additional_parameters=None, **kw):
""" """
XXX obsoleted API
Solves a movement by calling first DeliverySolver, then TargetSolver Solves a movement by calling first DeliverySolver, then TargetSolver
""" """
return self._solveMovementOrDelivery(movement, delivery_solver_name, return self._solveMovementOrDelivery(movement, delivery_solver_name,
...@@ -1396,6 +1404,8 @@ class SimulationTool(BaseTool): ...@@ -1396,6 +1404,8 @@ class SimulationTool(BaseTool):
result = delta_result result = delta_result
return result return result
security.declareProtected(Permissions.AccessContentsInformation,
'getInventoryCacheLag')
def getInventoryCacheLag(self): def getInventoryCacheLag(self):
""" """
Returns a duration, in days, for stock cache management. Returns a duration, in days, for stock cache management.
......
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import DTMLFile from Products.ERP5Type.Globals import DTMLFile
from Products.ERP5Type.Tool.BaseTool import BaseTool from Products.ERP5Type.Tool.BaseTool import BaseTool
...@@ -58,6 +59,8 @@ class SolverProcessTool(BaseTool): ...@@ -58,6 +59,8 @@ class SolverProcessTool(BaseTool):
manage_overview = DTMLFile( 'explainSolverTool', _dtmldir ) manage_overview = DTMLFile( 'explainSolverTool', _dtmldir )
# IDivergenceController implementation # IDivergenceController implementation
security.declareProtected(Permissions.AccessContentsInformation,
'isDivergent')
def isDivergent(self, delivery_or_movement=None): def isDivergent(self, delivery_or_movement=None):
""" """
Returns True if any of the movements provided Returns True if any of the movements provided
...@@ -73,6 +76,8 @@ class SolverProcessTool(BaseTool): ...@@ -73,6 +76,8 @@ class SolverProcessTool(BaseTool):
return True return True
return False return False
security.declareProtected(Permissions.AddPortalContent,
'newSolverProcess')
@UnrestrictedMethod @UnrestrictedMethod
def newSolverProcess(self, delivery_or_movement=None, temp_object=False): def newSolverProcess(self, delivery_or_movement=None, temp_object=False):
""" """
...@@ -107,3 +112,5 @@ class SolverProcessTool(BaseTool): ...@@ -107,3 +112,5 @@ class SolverProcessTool(BaseTool):
delivery.setSolverValueList(solver_list) delivery.setSolverValueList(solver_list)
return new_solver return new_solver
InitializeClass(SolverProcessTool)
...@@ -31,6 +31,7 @@ import zope.interface ...@@ -31,6 +31,7 @@ import zope.interface
import re import re
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Tool.TypesTool import TypeProvider from Products.ERP5Type.Tool.TypesTool import TypeProvider
from Products.ERP5 import DeliverySolver from Products.ERP5 import DeliverySolver
...@@ -55,6 +56,8 @@ class SolverTool(TypeProvider): ...@@ -55,6 +56,8 @@ class SolverTool(TypeProvider):
zope.interface.implements(interfaces.IDeliverySolverFactory,) zope.interface.implements(interfaces.IDeliverySolverFactory,)
# IDeliverySolverFactory implementation # IDeliverySolverFactory implementation
security.declareProtected(Permissions.AccessContentsInformation,
'newDeliverySolver')
def newDeliverySolver(self, portal_type, movement_list): def newDeliverySolver(self, portal_type, movement_list):
""" """
Return a new instance of delivery solver of the given Return a new instance of delivery solver of the given
...@@ -73,6 +76,8 @@ class SolverTool(TypeProvider): ...@@ -73,6 +76,8 @@ class SolverTool(TypeProvider):
tmp_solver.setDeliveryValueList(movement_list) tmp_solver.setDeliveryValueList(movement_list)
return tmp_solver return tmp_solver
security.declareProtected(Permissions.AccessContentsInformation,
'getDeliverySolverTranslatedItemList')
def getDeliverySolverTranslatedItemList(self, portal_type_list=None): def getDeliverySolverTranslatedItemList(self, portal_type_list=None):
""" """
""" """
...@@ -81,6 +86,8 @@ class SolverTool(TypeProvider): ...@@ -81,6 +86,8 @@ class SolverTool(TypeProvider):
if portal_type_list is None or x in portal_type_list], if portal_type_list is None or x in portal_type_list],
key=lambda x:str(x[0])) key=lambda x:str(x[0]))
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverProcessValueList')
def getSolverProcessValueList(self, delivery_or_movement=None, validation_state=None): def getSolverProcessValueList(self, delivery_or_movement=None, validation_state=None):
""" """
Returns the list of solver processes which are Returns the list of solver processes which are
...@@ -95,6 +102,8 @@ class SolverTool(TypeProvider): ...@@ -95,6 +102,8 @@ class SolverTool(TypeProvider):
to filter the result to filter the result
""" """
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverDecisionValueList')
def getSolverDecisionValueList(self, delivery_or_movement=None, validation_state=None): def getSolverDecisionValueList(self, delivery_or_movement=None, validation_state=None):
""" """
Returns the list of solver decisions which apply Returns the list of solver decisions which apply
...@@ -107,6 +116,8 @@ class SolverTool(TypeProvider): ...@@ -107,6 +116,8 @@ class SolverTool(TypeProvider):
to filter the result to filter the result
""" """
security.declareProtected(Permissions.AccessContentsInformation,
'getSolverDecisionApplicationValueList')
def getSolverDecisionApplicationValueList(self, movement, divergence_tester=None): def getSolverDecisionApplicationValueList(self, movement, divergence_tester=None):
""" """
Returns the list of documents at which a given divergence resolution Returns the list of documents at which a given divergence resolution
...@@ -190,6 +201,8 @@ class SolverTool(TypeProvider): ...@@ -190,6 +201,8 @@ class SolverTool(TypeProvider):
application_value_level[property_group.getCollectGroupOrder()] = None application_value_level[property_group.getCollectGroupOrder()] = None
# etc. same # etc. same
security.declareProtected(Permissions.AccessContentsInformation,
'searchTargetSolverList')
def searchTargetSolverList(self, divergence_tester, def searchTargetSolverList(self, divergence_tester,
simulation_movement, simulation_movement,
automatic_solver_only=False, **kw): automatic_solver_only=False, **kw):
...@@ -203,3 +216,5 @@ class SolverTool(TypeProvider): ...@@ -203,3 +216,5 @@ class SolverTool(TypeProvider):
x.test(simulation_movement, **kw)] x.test(simulation_movement, **kw)]
else: else:
return [x for x in solver_list if x.test(simulation_movement, **kw)] return [x for x in solver_list if x.test(simulation_movement, **kw)]
InitializeClass(SolverTool)
...@@ -113,6 +113,8 @@ class TemplateTool (BaseTool): ...@@ -113,6 +113,8 @@ class TemplateTool (BaseTool):
security.declareProtected(Permissions.ManagePortal, 'manage_overview') security.declareProtected(Permissions.ManagePortal, 'manage_overview')
manage_overview = DTMLFile('explainTemplateTool', _dtmldir) manage_overview = DTMLFile('explainTemplateTool', _dtmldir)
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplate')
def getInstalledBusinessTemplate(self, title, strict=False, **kw): def getInstalledBusinessTemplate(self, title, strict=False, **kw):
"""Returns an installed version of business template of a given title. """Returns an installed version of business template of a given title.
...@@ -148,6 +150,8 @@ class TemplateTool (BaseTool): ...@@ -148,6 +150,8 @@ class TemplateTool (BaseTool):
last_time = t last_time = t
return last_bt return last_bt
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplatesList')
def getInstalledBusinessTemplatesList(self): def getInstalledBusinessTemplatesList(self):
"""Deprecated. """Deprecated.
""" """
...@@ -166,16 +170,22 @@ class TemplateTool (BaseTool): ...@@ -166,16 +170,22 @@ class TemplateTool (BaseTool):
installed_bts.append(bt5) installed_bts.append(bt5)
return installed_bts return installed_bts
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplateList')
def getInstalledBusinessTemplateList(self): def getInstalledBusinessTemplateList(self):
"""Get the list of installed business templates. """Get the list of installed business templates.
""" """
return self._getInstalledBusinessTemplateList(only_title=0) return self._getInstalledBusinessTemplateList(only_title=0)
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplateTitleList')
def getInstalledBusinessTemplateTitleList(self): def getInstalledBusinessTemplateTitleList(self):
"""Get the list of installed business templates. """Get the list of installed business templates.
""" """
return self._getInstalledBusinessTemplateList(only_title=1) return self._getInstalledBusinessTemplateList(only_title=1)
security.declareProtected(Permissions.AccessContentsInformation,
'getInstalledBusinessTemplateRevision')
def getInstalledBusinessTemplateRevision(self, title, **kw): def getInstalledBusinessTemplateRevision(self, title, **kw):
""" """
Return the revision of business template installed with the title Return the revision of business template installed with the title
...@@ -186,6 +196,8 @@ class TemplateTool (BaseTool): ...@@ -186,6 +196,8 @@ class TemplateTool (BaseTool):
return bt.getRevision() return bt.getRevision()
return None return None
security.declareProtected(Permissions.AccessContentsInformation,
'getBuiltBusinessTemplateList')
def getBuiltBusinessTemplateList(self): def getBuiltBusinessTemplateList(self):
"""Get the list of built and not installed business templates. """Get the list of built and not installed business templates.
""" """
...@@ -283,6 +295,7 @@ class TemplateTool (BaseTool): ...@@ -283,6 +295,7 @@ class TemplateTool (BaseTool):
content_type='application/x-erp5-business-template') content_type='application/x-erp5-business-template')
business_template.setPublicationUrl(url) business_template.setPublicationUrl(url)
security.declareProtected(Permissions.ManagePortal, 'update')
def update(self, business_template): def update(self, business_template):
""" """
Update an existing template from its publication URL. Update an existing template from its publication URL.
...@@ -371,6 +384,7 @@ class TemplateTool (BaseTool): ...@@ -371,6 +384,7 @@ class TemplateTool (BaseTool):
bt.build(no_action=True) bt.build(no_action=True)
return bt return bt
security.declareProtected('Import/Export objects', 'importBase64EncodedText')
def importBase64EncodedText(self, file_data=None, id=None, REQUEST=None, def importBase64EncodedText(self, file_data=None, id=None, REQUEST=None,
batch_mode=False, **kw): batch_mode=False, **kw):
""" """
...@@ -380,6 +394,7 @@ class TemplateTool (BaseTool): ...@@ -380,6 +394,7 @@ class TemplateTool (BaseTool):
return self.importFile(import_file = import_file, id = id, REQUEST = REQUEST, return self.importFile(import_file = import_file, id = id, REQUEST = REQUEST,
batch_mode = batch_mode, **kw) batch_mode = batch_mode, **kw)
security.declareProtected('Import/Export objects', 'importFile')
def importFile(self, import_file=None, id=None, REQUEST=None, def importFile(self, import_file=None, id=None, REQUEST=None,
batch_mode=False, **kw): batch_mode=False, **kw):
""" """
...@@ -421,6 +436,7 @@ class TemplateTool (BaseTool): ...@@ -421,6 +436,7 @@ class TemplateTool (BaseTool):
elif batch_mode: elif batch_mode:
return bt return bt
security.declareProtected(Permissions.ManagePortal, 'getDiffFilterScriptList')
def getDiffFilterScriptList(self): def getDiffFilterScriptList(self):
""" """
Return list of scripts usable to filter diff Return list of scripts usable to filter diff
...@@ -438,12 +454,14 @@ class TemplateTool (BaseTool): ...@@ -438,12 +454,14 @@ class TemplateTool (BaseTool):
LOG("TemplateTool", WARNING, "Unable to find %r script" % script_id) LOG("TemplateTool", WARNING, "Unable to find %r script" % script_id)
return script_list return script_list
security.declareProtected(Permissions.ManagePortal, 'getFilteredDiffAsHTML')
def getFilteredDiffAsHTML(self, diff): def getFilteredDiffAsHTML(self, diff):
""" """
Return the diff filtered by python scripts into html format Return the diff filtered by python scripts into html format
""" """
return self.getFilteredDiff(diff).toHTML() return self.getFilteredDiff(diff).toHTML()
security.declareProtected(Permissions.ManagePortal, 'getFilteredDiff')
def getFilteredDiff(self, diff): def getFilteredDiff(self, diff):
""" """
Filter the diff using python scripts Filter the diff using python scripts
...@@ -461,6 +479,7 @@ class TemplateTool (BaseTool): ...@@ -461,6 +479,7 @@ class TemplateTool (BaseTool):
# DiffFile does not provide yet such feature # DiffFile does not provide yet such feature
return diff_file_object return diff_file_object
security.declareProtected(Permissions.ManagePortal, 'diffObjectAsHTML')
def diffObjectAsHTML(self, REQUEST, **kw): def diffObjectAsHTML(self, REQUEST, **kw):
""" """
Convert diff into a HTML format before reply Convert diff into a HTML format before reply
...@@ -469,6 +488,7 @@ class TemplateTool (BaseTool): ...@@ -469,6 +488,7 @@ class TemplateTool (BaseTool):
""" """
return DiffFile(self.diffObject(REQUEST, **kw)).toHTML() return DiffFile(self.diffObject(REQUEST, **kw)).toHTML()
security.declareProtected(Permissions.ManagePortal, 'diffObject')
def diffObject(self, REQUEST, **kw): def diffObject(self, REQUEST, **kw):
""" """
Make diff between two objects, whose paths are stored in values bt1 Make diff between two objects, whose paths are stored in values bt1
...@@ -612,6 +632,7 @@ class TemplateTool (BaseTool): ...@@ -612,6 +632,7 @@ class TemplateTool (BaseTool):
""" """
return b64encode(cPickle.dumps((repository, id))) return b64encode(cPickle.dumps((repository, id)))
security.declarePublic('compareVersionStrings')
def compareVersionStrings(self, version, comparing_string): def compareVersionStrings(self, version, comparing_string):
""" """
comparing_string is like "<= 0.2" | "operator version" comparing_string is like "<= 0.2" | "operator version"
...@@ -755,6 +776,8 @@ class TemplateTool (BaseTool): ...@@ -755,6 +776,8 @@ class TemplateTool (BaseTool):
raise BusinessTemplateUnknownError, 'The Business Template %s could not be found on repository %s'%(bt[1], bt[0]) raise BusinessTemplateUnknownError, 'The Business Template %s could not be found on repository %s'%(bt[1], bt[0])
return [] return []
security.declareProtected(Permissions.ManagePortal,
'findProviderInBTList')
def findProviderInBTList(self, provider_list, bt_list): def findProviderInBTList(self, provider_list, bt_list):
""" """
Find one provider in provider_list which is present in Find one provider in provider_list which is present in
...@@ -968,6 +991,7 @@ class TemplateTool (BaseTool): ...@@ -968,6 +991,7 @@ class TemplateTool (BaseTool):
#LOG('getUpdatedRepositoryBusinessTemplateList', 0, 'kw = %r' % (kw,)) #LOG('getUpdatedRepositoryBusinessTemplateList', 0, 'kw = %r' % (kw,))
return self.getRepositoryBusinessTemplateList(update_only=True, **kw) return self.getRepositoryBusinessTemplateList(update_only=True, **kw)
security.declarePublic('compareVersions')
def compareVersions(self, version1, version2): def compareVersions(self, version1, version2):
""" """
Return negative if version1 < version2, 0 if version1 == version2, Return negative if version1 < version2, 0 if version1 == version2,
......
...@@ -58,6 +58,7 @@ try: ...@@ -58,6 +58,7 @@ try:
security.declareProtected( Permissions.ManagePortal, 'manage_overview' ) security.declareProtected( Permissions.ManagePortal, 'manage_overview' )
manage_overview = DTMLFile( 'explainTestTool', _dtmldir ) manage_overview = DTMLFile( 'explainTestTool', _dtmldir )
security.declarePublic('getZeleniumVersion')
def getZeleniumVersion(self): def getZeleniumVersion(self):
"""Returns the version of the zelenium product """Returns the version of the zelenium product
""" """
......
...@@ -55,6 +55,7 @@ class TrashTool(BaseTool): ...@@ -55,6 +55,7 @@ class TrashTool(BaseTool):
security.declareProtected(Permissions.ManagePortal, 'manage_overview' ) security.declareProtected(Permissions.ManagePortal, 'manage_overview' )
manage_overview = DTMLFile( 'explainTrashTool', _dtmldir ) manage_overview = DTMLFile( 'explainTrashTool', _dtmldir )
security.declarePrivate('backupObject')
def backupObject(self, trashbin, container_path, object_id, save, **kw): def backupObject(self, trashbin, container_path, object_id, save, **kw):
""" """
Backup an object in a trash bin Backup an object in a trash bin
...@@ -159,6 +160,7 @@ class TrashTool(BaseTool): ...@@ -159,6 +160,7 @@ class TrashTool(BaseTool):
obj._cleanup() obj._cleanup()
return subobjects_dict return subobjects_dict
security.declarePrivate('newTrashBin')
def newTrashBin(self, bt_title='trash', bt=None): def newTrashBin(self, bt_title='trash', bt=None):
""" """
Create a new trash bin at upgrade of bt Create a new trash bin at upgrade of bt
...@@ -191,6 +193,7 @@ class TrashTool(BaseTool): ...@@ -191,6 +193,7 @@ class TrashTool(BaseTool):
) )
return trashbin return trashbin
security.declareProtected(Permissions.ManagePortal, 'getTrashBinObjectsList')
def getTrashBinObjectsList(self, trashbin): def getTrashBinObjectsList(self, trashbin):
""" """
Return a list of trash objects for a given trash bin Return a list of trash objects for a given trash bin
......
...@@ -154,6 +154,8 @@ class UrlRegistryTool(BaseTool): ...@@ -154,6 +154,8 @@ class UrlRegistryTool(BaseTool):
url_list.append(url) url_list.append(url)
return url_list return url_list
security.declareProtected(Permissions.ModifyPortalContent,
'updateUrlRegistryTool')
def updateUrlRegistryTool(self): def updateUrlRegistryTool(self):
""" """
Fetch all document path, then call in activities Fetch all document path, then call in activities
......
...@@ -30,7 +30,7 @@ from collections import defaultdict, deque ...@@ -30,7 +30,7 @@ from collections import defaultdict, deque
import random import random
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base, Implicit from Acquisition import aq_base, Implicit
from Products.ERP5.AggregatedAmountList import AggregatedAmountList from Products.ERP5.AggregatedAmountList import AggregatedAmountList
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from Products.CMFCore.utils import getToolByName from Products.CMFCore.utils import getToolByName
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from OFS.Image import Pdata from OFS.Image import Pdata
from cStringIO import StringIO from cStringIO import StringIO
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, PropertySheet from Products.ERP5Type import Permissions, PropertySheet
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from Products.ERP5Type.Core.Predicate import Predicate from Products.ERP5Type.Core.Predicate import Predicate
...@@ -150,6 +150,7 @@ class BuilderMixin(XMLObject, Amount, Predicate): ...@@ -150,6 +150,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
def getRelatedBusinessLinkValueList(self): def getRelatedBusinessLinkValueList(self):
return self.getDeliveryBuilderRelatedValueList(portal_type='Business Link') return self.getDeliveryBuilderRelatedValueList(portal_type='Business Link')
security.declarePrivate('callBeforeBuildingScript')
def callBeforeBuildingScript(self): def callBeforeBuildingScript(self):
""" """
Call a script on the module, for example, to remove some Call a script on the module, for example, to remove some
...@@ -284,8 +285,10 @@ class BuilderMixin(XMLObject, Amount, Predicate): ...@@ -284,8 +285,10 @@ class BuilderMixin(XMLObject, Amount, Predicate):
return movement_list return movement_list
security.declarePrivate('searchMovementList')
searchMovementList = UnrestrictedMethod(_searchMovementList) searchMovementList = UnrestrictedMethod(_searchMovementList)
security.declarePrivate('collectMovement')
def collectMovement(self, movement_list): def collectMovement(self, movement_list):
""" """
group movements in the way we want. Thanks to this method, we are able group movements in the way we want. Thanks to this method, we are able
...@@ -366,6 +369,7 @@ class BuilderMixin(XMLObject, Amount, Predicate): ...@@ -366,6 +369,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
for movement_group_node in movement_group_node_list] for movement_group_node in movement_group_node_list]
return instance, self._getSortedPropertyDict(property_dict_list) return instance, self._getSortedPropertyDict(property_dict_list)
security.declarePrivate('buildDeliveryList')
@UnrestrictedMethod @UnrestrictedMethod
def buildDeliveryList(self, movement_group_node, def buildDeliveryList(self, movement_group_node,
delivery_relative_url_list=None, delivery_relative_url_list=None,
...@@ -717,6 +721,7 @@ class BuilderMixin(XMLObject, Amount, Predicate): ...@@ -717,6 +721,7 @@ class BuilderMixin(XMLObject, Amount, Predicate):
# Update properties on object (quantity, price...) # Update properties on object (quantity, price...)
delivery_movement._edit(force_update=1, **property_dict) delivery_movement._edit(force_update=1, **property_dict)
security.declarePrivate('callAfterBuildingScript')
@UnrestrictedMethod @UnrestrictedMethod
def callAfterBuildingScript(self, delivery_list, movement_list=(), **kw): def callAfterBuildingScript(self, delivery_list, movement_list=(), **kw):
""" """
......
...@@ -33,7 +33,7 @@ import string ...@@ -33,7 +33,7 @@ import string
from Acquisition import aq_base from Acquisition import aq_base
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
from OFS.Image import Pdata, Image as OFSImage from OFS.Image import Pdata, Image as OFSImage
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Cache import transactional_cached from Products.ERP5Type.Cache import transactional_cached
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping from Products.ERP5Type.Globals import PersistentMapping
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import normaliseUrl from Products.ERP5Type.Utils import normaliseUrl
from Products.ERP5Type.DateUtils import convertDateToHour,\ from Products.ERP5Type.DateUtils import convertDateToHour,\
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo, getSecurityManager from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from ZODB.POSException import ConflictError from ZODB.POSException import ConflictError
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import convertToUpperCase from Products.ERP5Type.Utils import convertToUpperCase
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from Products.CMFCore.utils import getToolByName from Products.CMFCore.utils import getToolByName
from AccessControl import ClassSecurityInfo, Unauthorized from AccessControl import ClassSecurityInfo, Unauthorized
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from OFS.Image import Pdata from OFS.Image import Pdata
from cStringIO import StringIO from cStringIO import StringIO
...@@ -86,6 +86,7 @@ class DocumentMixin: ...@@ -86,6 +86,7 @@ class DocumentMixin:
del transaction_variable[LOCK_PERMISSION_KEY] del transaction_variable[LOCK_PERMISSION_KEY]
return result return result
security.declareProtected(Permissions.AccessContentsInformation, 'getFailsafeConversion')
def getFailsafeConversion(self, **kw): def getFailsafeConversion(self, **kw):
""" """
Return a failure resistent conversion of a document Return a failure resistent conversion of a document
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from warnings import warn from warnings import warn
...@@ -59,7 +59,7 @@ class DocumentProxyMixin: ...@@ -59,7 +59,7 @@ class DocumentProxyMixin:
return self.getProxiedDocumentValue() return self.getProxiedDocumentValue()
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getProxiedDocument' ) 'getProxiedDocumentValue')
def getProxiedDocumentValue(self): def getProxiedDocumentValue(self):
""" """
Try to retrieve the original document Try to retrieve the original document
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
# #
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo, Unauthorized from AccessControl import ClassSecurityInfo, Unauthorized
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import fill_args_from_request from Products.ERP5Type.Utils import fill_args_from_request
from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders,\ from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders,\
......
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.AuthEncoding import pw_encrypt, pw_validate from AccessControl.AuthEncoding import pw_encrypt, pw_validate
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping from Products.ERP5Type.Globals import PersistentMapping
...@@ -55,6 +55,7 @@ class EncryptedPasswordMixin: ...@@ -55,6 +55,7 @@ class EncryptedPasswordMixin:
return pw_validate(self.getPassword(), value) return pw_validate(self.getPassword(), value)
return False return False
security.declareProtected(Permissions.SetOwnPassword, 'checkPasswordValueAcceptable')
def checkPasswordValueAcceptable(self, value): def checkPasswordValueAcceptable(self, value):
""" """
Check the password. This method is defined explicitly, because: Check the password. This method is defined explicitly, because:
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.DivergenceMessage import DivergenceMessage from Products.ERP5Type.DivergenceMessage import DivergenceMessage
from Products.ERP5Type.Message import Message from Products.ERP5Type.Message import Message
...@@ -47,6 +47,7 @@ class EquivalenceTesterMixin: ...@@ -47,6 +47,7 @@ class EquivalenceTesterMixin:
zope.interface.implements(interfaces.IEquivalenceTester,) zope.interface.implements(interfaces.IEquivalenceTester,)
# Implementation of IEquivalenceTester # Implementation of IEquivalenceTester
security.declarePrivate('testEquivalence')
def testEquivalence(self, simulation_movement): def testEquivalence(self, simulation_movement):
""" """
Tests if simulation_movement is divergent. Returns False (0) Tests if simulation_movement is divergent. Returns False (0)
...@@ -59,6 +60,7 @@ class EquivalenceTesterMixin: ...@@ -59,6 +60,7 @@ class EquivalenceTesterMixin:
""" """
return self.explain(simulation_movement) is not None return self.explain(simulation_movement) is not None
security.declarePrivate('explain')
def explain(self, simulation_movement): def explain(self, simulation_movement):
""" """
Returns a single message which explain the nature of Returns a single message which explain the nature of
...@@ -99,6 +101,7 @@ class EquivalenceTesterMixin: ...@@ -99,6 +101,7 @@ class EquivalenceTesterMixin:
""" """
return movement.getProperty(property) return movement.getProperty(property)
security.declarePrivate('generateHashKey')
def generateHashKey(self, movement): def generateHashKey(self, movement):
""" """
Returns a hash key which can be used to optimise the Returns a hash key which can be used to optimise the
...@@ -117,6 +120,7 @@ class EquivalenceTesterMixin: ...@@ -117,6 +120,7 @@ class EquivalenceTesterMixin:
value = self._getTestedPropertyValue(movement, tested_property) value = self._getTestedPropertyValue(movement, tested_property)
return '%s/%r' % (tested_property, value) return '%s/%r' % (tested_property, value)
security.declarePrivate('compare')
def compare(self, prevision_movement, decision_movement): def compare(self, prevision_movement, decision_movement):
""" """
Returns True if prevision_movement and delivery_movement Returns True if prevision_movement and delivery_movement
...@@ -136,6 +140,7 @@ class EquivalenceTesterMixin: ...@@ -136,6 +140,7 @@ class EquivalenceTesterMixin:
""" """
return (self._compare(prevision_movement, decision_movement) is None) return (self._compare(prevision_movement, decision_movement) is None)
security.declarePrivate('update')
def update(self, prevision_movement, decision_movement): def update(self, prevision_movement, decision_movement):
""" """
Updates decision_movement with properties from Updates decision_movement with properties from
...@@ -164,6 +169,8 @@ class EquivalenceTesterMixin: ...@@ -164,6 +169,8 @@ class EquivalenceTesterMixin:
decision_movement.edit( decision_movement.edit(
**self.getUpdatablePropertyDict(prevision_movement, decision_movement)) **self.getUpdatablePropertyDict(prevision_movement, decision_movement))
security.declareProtected(Permissions.AccessContentsInformation,
'getExplanationMessage')
def getExplanationMessage(self, simulation_movement): def getExplanationMessage(self, simulation_movement):
""" """
Returns the HTML message that describes the detail of the Returns the HTML message that describes the detail of the
...@@ -201,6 +208,8 @@ class EquivalenceTesterMixin: ...@@ -201,6 +208,8 @@ class EquivalenceTesterMixin:
""" """
raise NotImplementedError raise NotImplementedError
security.declareProtected(Permissions.AccessContentsInformation,
'getUpdatablePropertyDict')
def getUpdatablePropertyDict(self, prevision_movement, decision_movement): def getUpdatablePropertyDict(self, prevision_movement, decision_movement):
""" """
Returns a mapping of properties to update on decision_movement so that next Returns a mapping of properties to update on decision_movement so that next
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
class ExplainableMixin: class ExplainableMixin:
......
...@@ -35,7 +35,7 @@ from Products.ERP5Type.ExtensibleTraversable import ExtensibleTraversableMixIn ...@@ -35,7 +35,7 @@ from Products.ERP5Type.ExtensibleTraversable import ExtensibleTraversableMixIn
from Products.ERP5Type.Cache import getReadOnlyTransactionCache from Products.ERP5Type.Cache import getReadOnlyTransactionCache
from AccessControl import ClassSecurityInfo, getSecurityManager from AccessControl import ClassSecurityInfo, getSecurityManager
from AccessControl.SecurityManagement import newSecurityManager, setSecurityManager from AccessControl.SecurityManagement import newSecurityManager, setSecurityManager
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders, _ViewEmulator from Products.CMFCore.utils import getToolByName, _checkConditionalGET, _setCacheHeaders, _ViewEmulator
from OFS.Image import File as OFSFile from OFS.Image import File as OFSFile
......
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from AccessControl.AuthEncoding import pw_validate from AccessControl.AuthEncoding import pw_validate
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
class LoginAccountProviderMixin: class LoginAccountProviderMixin:
""" """
...@@ -88,6 +88,7 @@ class LoginAccountProviderMixin: ...@@ -88,6 +88,7 @@ class LoginAccountProviderMixin:
return True return True
return False return False
security.declareProtected(Permissions.SetOwnPassword, 'analyzePassword')
def analyzePassword(self, password, **kw): def analyzePassword(self, password, **kw):
""" """
Analyze password validity. Analyze password validity.
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5.MovementCollectionDiff import ( from Products.ERP5.MovementCollectionDiff import (
MovementCollectionDiff, _getPropertyAndCategoryList) MovementCollectionDiff, _getPropertyAndCategoryList)
...@@ -52,6 +52,8 @@ class MovementCollectionUpdaterMixin: ...@@ -52,6 +52,8 @@ class MovementCollectionUpdaterMixin:
zope.interface.implements(interfaces.IMovementCollectionUpdater,) zope.interface.implements(interfaces.IMovementCollectionUpdater,)
# Implementation of IMovementCollectionUpdater # Implementation of IMovementCollectionUpdater
security.declareProtected(Permissions.AccessContentsInformation,
'getMovementCollectionDiff')
def getMovementCollectionDiff(self, context, rounding=False, def getMovementCollectionDiff(self, context, rounding=False,
movement_generator=None): movement_generator=None):
""" """
...@@ -147,6 +149,8 @@ class MovementCollectionUpdaterMixin: ...@@ -147,6 +149,8 @@ class MovementCollectionUpdaterMixin:
return movement_collection_diff return movement_collection_diff
security.declareProtected(Permissions.ModifyPortalContent,
'updateMovementCollection')
def updateMovementCollection(self, context, rounding=False, def updateMovementCollection(self, context, rounding=False,
movement_generator=None): movement_generator=None):
""" """
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
from DateTime import DateTime from DateTime import DateTime
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Message import Message from Products.ERP5Type.Message import Message
...@@ -237,7 +237,7 @@ class PeriodicityMixin: ...@@ -237,7 +237,7 @@ class PeriodicityMixin:
return [(Message(domain='erp5_ui', message=x), x) \ return [(Message(domain='erp5_ui', message=x), x) \
for x in self.getWeekDayList()] for x in self.getWeekDayList()]
security.declareProtected(Permissions.AccessContentsInformation, 'getWeekDayItemList') security.declareProtected(Permissions.AccessContentsInformation, 'getMonthItemList')
def getMonthItemList(self): def getMonthItemList(self):
""" """
returns something like [('January', 1), ('February', 2),...] returns something like [('January', 1), ('February', 2),...]
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Globals import PersistentMapping from Products.ERP5Type.Globals import PersistentMapping
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
import transaction import transaction
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type import Permissions, interfaces from Products.ERP5Type import Permissions, interfaces
from Products.ERP5Type.Base import Base from Products.ERP5Type.Base import Base
...@@ -158,6 +158,8 @@ class RuleMixin(Predicate): ...@@ -158,6 +158,8 @@ class RuleMixin(Predicate):
movement_type = 'Simulation Movement' movement_type = 'Simulation Movement'
# Implementation of IRule # Implementation of IRule
security.declareProtected(Permissions.ModifyPortalContent,
'constructNewAppliedRule')
def constructNewAppliedRule(self, context, **kw): def constructNewAppliedRule(self, context, **kw):
""" """
Create a new applied rule in the context. Create a new applied rule in the context.
...@@ -190,6 +192,8 @@ class RuleMixin(Predicate): ...@@ -190,6 +192,8 @@ class RuleMixin(Predicate):
return False return False
return super(RuleMixin, self).test(*args, **kw) return super(RuleMixin, self).test(*args, **kw)
security.declareProtected(Permissions.ModifyPortalContent,
'expand')
def expand(self, applied_rule, expand_policy=None, **kw): def expand(self, applied_rule, expand_policy=None, **kw):
""" """
Expand this applied rule to create new documents inside the Expand this applied rule to create new documents inside the
...@@ -473,6 +477,7 @@ class RuleMixin(Predicate): ...@@ -473,6 +477,7 @@ class RuleMixin(Predicate):
new_movement = self._newProfitAndLossMovement(prevision_movement) new_movement = self._newProfitAndLossMovement(prevision_movement)
movement_collection_diff.addNewMovement(new_movement) movement_collection_diff.addNewMovement(new_movement)
InitializeClass(RuleMixin)
class SimulableMixin(Base): class SimulableMixin(Base):
security = ClassSecurityInfo() security = ClassSecurityInfo()
...@@ -553,6 +558,8 @@ class SimulableMixin(Base): ...@@ -553,6 +558,8 @@ class SimulableMixin(Base):
if not movement.aq_inContextOf(applied_rule): if not movement.aq_inContextOf(applied_rule):
movement.recursiveReindexObject(activate_kw=activate_kw) movement.recursiveReindexObject(activate_kw=activate_kw)
security.declareProtected( Permissions.AccessContentsInformation,
'getRuleReference')
def getRuleReference(self): def getRuleReference(self):
"""Returns an appropriate rule reference """Returns an appropriate rule reference
...@@ -609,4 +616,4 @@ class SimulableMixin(Base): ...@@ -609,4 +616,4 @@ class SimulableMixin(Base):
o.getParentValue().deleteContent(o.getId()) o.getParentValue().deleteContent(o.getId())
super(SimulableMixin, self).manage_beforeDelete(item, container) super(SimulableMixin, self).manage_beforeDelete(item, container)
InitializeClass(RuleMixin) InitializeClass(SimulableMixin)
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
import zope.interface import zope.interface
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, PropertySheet, interfaces from Products.ERP5Type import Permissions, PropertySheet, interfaces
from Products.ERP5Type.UnrestrictedMethod import super_user from Products.ERP5Type.UnrestrictedMethod import super_user
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
...@@ -58,6 +58,8 @@ class SolverMixin(object): ...@@ -58,6 +58,8 @@ class SolverMixin(object):
def getPortalTypeValue(self): def getPortalTypeValue(self):
return self.getPortalObject().portal_solvers._getOb(self.getPortalType()) return self.getPortalObject().portal_solvers._getOb(self.getPortalType())
security.declareProtected(Permissions.AccessContentsInformation,
'searchDeliverySolverList')
def searchDeliverySolverList(self, **kw): def searchDeliverySolverList(self, **kw):
""" """
this method returns a list of delivery solvers this method returns a list of delivery solvers
...@@ -70,6 +72,8 @@ class SolverMixin(object): ...@@ -70,6 +72,8 @@ class SolverMixin(object):
solver_list = target_solver_type.getDeliverySolverValueList() solver_list = target_solver_type.getDeliverySolverValueList()
return solver_list return solver_list
InitializeClass(SolverMixin)
class ConfigurablePropertySolverMixin(SolverMixin, class ConfigurablePropertySolverMixin(SolverMixin,
ConfigurableMixin, ConfigurableMixin,
XMLObject): XMLObject):
...@@ -118,4 +122,4 @@ class ConfigurablePropertySolverMixin(SolverMixin, ...@@ -118,4 +122,4 @@ class ConfigurablePropertySolverMixin(SolverMixin,
tested_property_list = portal_type.getTestedPropertyList() tested_property_list = portal_type.getTestedPropertyList()
return tested_property_list return tested_property_list
InitializeClass(SolverMixin) InitializeClass(ConfigurablePropertySolverMixin)
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from warnings import warn from warnings import warn
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
import warnings import warnings
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.CMFActivity.ActivityTool import ActivityTool from Products.CMFActivity.ActivityTool import ActivityTool
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
try: try:
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
############################################################################## ##############################################################################
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Utils import normaliseUrl from Products.ERP5Type.Utils import normaliseUrl
...@@ -133,6 +133,8 @@ class UrlMixin: ...@@ -133,6 +133,8 @@ class UrlMixin:
url_string = self.getUrlString() url_string = self.getUrlString()
return '/'.join(url_string.split('/')[1:]) return '/'.join(url_string.split('/')[1:])
security.declareProtected(Permissions.AccessContentsInformation,
'asNormalisedURL')
def asNormalisedURL(self, base_url=None): def asNormalisedURL(self, base_url=None):
""" """
call normaliseUrl with raw url call normaliseUrl with raw url
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
from warnings import warn from warnings import warn
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.CMFCategory.Renderer import Renderer from Products.CMFCategory.Renderer import Renderer
from Products.ERP5Type import interfaces, Permissions, PropertySheet from Products.ERP5Type import interfaces, Permissions, PropertySheet
import zope.interface import zope.interface
......
...@@ -31,7 +31,7 @@ ...@@ -31,7 +31,7 @@
_marker=[] _marker=[]
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type.Core.Folder import Folder from Products.ERP5Type.Core.Folder import Folder
from Products.ERP5Type.TransactionalVariable import getTransactionalVariable from Products.ERP5Type.TransactionalVariable import getTransactionalVariable
......
...@@ -314,6 +314,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -314,6 +314,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
, 'manage_schema') , 'manage_schema')
manage_schema = DTMLFile('dtml/manageSchema', globals()) manage_schema = DTMLFile('dtml/manageSchema', globals())
security.declarePublic('getPreferredSQLCatalogId')
def getPreferredSQLCatalogId(self, id=None): def getPreferredSQLCatalogId(self, id=None):
""" """
Get the SQL Catalog from preference. Get the SQL Catalog from preference.
...@@ -366,6 +367,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -366,6 +367,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return result return result
# Schema Management # Schema Management
security.declareProtected(Permissions.ManagePortal, 'editColumn')
def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None): def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
""" """
Modifies a schema column of the catalog Modifies a schema column of the catalog
...@@ -379,17 +381,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -379,17 +381,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
new_schema.append(new_c) new_schema.append(new_c)
self.setColumnList(new_schema) self.setColumnList(new_schema)
security.declareProtected(Permissions.ManagePortal, 'setColumnList')
def setColumnList(self, column_list): def setColumnList(self, column_list):
""" """
""" """
self._sql_schema = column_list self._sql_schema = column_list
security.declarePublic('getColumnList')
def getColumnList(self): def getColumnList(self):
""" """
""" """
if not hasattr(self, '_sql_schema'): self._sql_schema = [] if not hasattr(self, '_sql_schema'): self._sql_schema = []
return self._sql_schema return self._sql_schema
security.declarePublic('getColumn')
def getColumn(self, column_id): def getColumn(self, column_id):
""" """
""" """
...@@ -398,6 +403,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -398,6 +403,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return c return c
return None return None
security.declareProtected(Permissions.ManagePortal, 'editIndex')
def editIndex(self, index_id, sql_definition, REQUEST=None, RESPONSE=None): def editIndex(self, index_id, sql_definition, REQUEST=None, RESPONSE=None):
""" """
Modifies the schema of the catalog Modifies the schema of the catalog
...@@ -411,17 +417,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -411,17 +417,20 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
new_index.append(new_c) new_index.append(new_c)
self.setIndexList(new_index) self.setIndexList(new_index)
security.declareProtected(Permissions.ManagePortal, 'setIndexList')
def setIndexList(self, index_list): def setIndexList(self, index_list):
""" """
""" """
self._sql_index = index_list self._sql_index = index_list
security.declarePublic('getIndexList')
def getIndexList(self): def getIndexList(self):
""" """
""" """
if not hasattr(self, '_sql_index'): self._sql_index = [] if not hasattr(self, '_sql_index'): self._sql_index = []
return self._sql_index return self._sql_index
security.declarePublic('getIndex')
def getIndex(self, index_id): def getIndex(self, index_id):
""" """
""" """
...@@ -512,6 +521,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -512,6 +521,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
return allowedRolesAndUsers, role_column_dict, local_role_column_dict return allowedRolesAndUsers, role_column_dict, local_role_column_dict
security.declarePublic('getSecurityUidDictAndRoleColumnDict')
def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, local_roles=None): def getSecurityUidDictAndRoleColumnDict(self, sql_catalog_id=None, local_roles=None):
""" """
Return a dict of local_roles_group_id -> security Uids and a Return a dict of local_roles_group_id -> security Uids and a
......
...@@ -86,10 +86,12 @@ class Preference( Folder ): ...@@ -86,10 +86,12 @@ class Preference( Folder ):
self._clearCache() self._clearCache()
Folder._edit(self, **kw) Folder._edit(self, **kw)
security.declareProtected(Permissions.ModifyPortalContent, 'enable')
def enable(self, **kw): def enable(self, **kw):
"""Workflow method""" """Workflow method"""
self._clearCache() self._clearCache()
security.declareProtected(Permissions.ModifyPortalContent, 'disable')
def disable(self, **kw): def disable(self, **kw):
"""Workflow method""" """Workflow method"""
self._clearCache() self._clearCache()
...@@ -710,6 +710,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate): ...@@ -710,6 +710,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
return ret return ret
# Utilities # Utilities
security.declareProtected('View', 'ErrorFields')
def ErrorFields(self, validation_errors): def ErrorFields(self, validation_errors):
""" """
Create a dictionnary of validation_errors Create a dictionnary of validation_errors
...@@ -788,6 +789,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate): ...@@ -788,6 +789,7 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
manage_FTPput = PUT manage_FTPput = PUT
security.declarePrivate('getSimilarSkinFolderIdList')
def getSimilarSkinFolderIdList(self): def getSimilarSkinFolderIdList(self):
""" """
Find other skins id installed in the same time Find other skins id installed in the same time
......
...@@ -412,6 +412,7 @@ class ProxyField(ZMIField): ...@@ -412,6 +412,7 @@ class ProxyField(ZMIField):
""" """
return self.getTemplateField().get_error_names() return self.getTemplateField().get_error_names()
security.declareProtected('Access contents information', 'getTemplateField')
def getTemplateField(self, cache=True): def getTemplateField(self, cache=True):
""" """
Return template field of the proxy field. Return template field of the proxy field.
...@@ -478,6 +479,7 @@ class ProxyField(ZMIField): ...@@ -478,6 +479,7 @@ class ProxyField(ZMIField):
self._setTemplateFieldCache(proxy_field) self._setTemplateFieldCache(proxy_field)
return proxy_field return proxy_field
security.declareProtected('Access contents information', 'getRecursiveTemplateField')
def getRecursiveTemplateField(self): def getRecursiveTemplateField(self):
""" """
Return template field of the proxy field. Return template field of the proxy field.
...@@ -639,6 +641,7 @@ class ProxyField(ZMIField): ...@@ -639,6 +641,7 @@ class ProxyField(ZMIField):
else: else:
return None return None
security.declareProtected('Access contents information', 'getFieldValue')
def getFieldValue(self, field, id, **kw): def getFieldValue(self, field, id, **kw):
""" """
Return a callable expression and cacheable boolean flag Return a callable expression and cacheable boolean flag
......
...@@ -1197,6 +1197,7 @@ class SelectionTool( BaseTool, SimpleItem ): ...@@ -1197,6 +1197,7 @@ class SelectionTool( BaseTool, SimpleItem ):
return md5(str(sorted(map(str, uid_list)))).hexdigest() return md5(str(sorted(map(str, uid_list)))).hexdigest()
# Related document searching # Related document searching
security.declarePublic('viewSearchRelatedDocumentDialog')
def viewSearchRelatedDocumentDialog(self, index, form_id, def viewSearchRelatedDocumentDialog(self, index, form_id,
REQUEST=None, sub_index=None, **kw): REQUEST=None, sub_index=None, **kw):
""" """
...@@ -1433,6 +1434,7 @@ class SelectionTool( BaseTool, SimpleItem ): ...@@ -1433,6 +1434,7 @@ class SelectionTool( BaseTool, SimpleItem ):
tv['_user_id'] = user_id tv['_user_id'] = user_id
return user_id return user_id
security.declarePrivate('getTemporarySelectionDict')
def getTemporarySelectionDict(self): def getTemporarySelectionDict(self):
""" Temporary selections are used in push/pop nested scope, """ Temporary selections are used in push/pop nested scope,
to prevent from editting for stored selection in the scope. to prevent from editting for stored selection in the scope.
...@@ -1794,7 +1796,7 @@ for x in SelectionTool.__dict__: ...@@ -1794,7 +1796,7 @@ for x in SelectionTool.__dict__:
if x in method_id_filter_list: if x in method_id_filter_list:
continue continue
roles = getattr(SelectionTool, '%s__roles__' % x, None) roles = getattr(SelectionTool, '%s__roles__' % x, None)
if roles is None: if roles is None or roles == ():
continue continue
if roles.__name__ == ERP5Permissions.ManagePortal: if roles.__name__ == ERP5Permissions.ManagePortal:
continue continue
......
...@@ -2495,6 +2495,7 @@ return 1 ...@@ -2495,6 +2495,7 @@ return 1
kw['portal_type'] = "Spreadsheet" kw['portal_type'] = "Spreadsheet"
new_document = self.portal.Base_contribute(**kw) new_document = self.portal.Base_contribute(**kw)
self.assertEqual(new_document.getValidationState(), 'draft') self.assertEqual(new_document.getValidationState(), 'draft')
self.tic()
# make it read only # make it read only
document.manage_permission(Permissions.ModifyPortalContent, []) document.manage_permission(Permissions.ModifyPortalContent, [])
......
...@@ -78,6 +78,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -78,6 +78,7 @@ class ERP5GroupManager(BasePlugin):
# #
# IGroupsPlugin implementation # IGroupsPlugin implementation
# #
security.declarePrivate('getGroupsForPrincipal')
def getGroupsForPrincipal(self, principal, request=None): def getGroupsForPrincipal(self, principal, request=None):
""" See IGroupsPlugin. """ See IGroupsPlugin.
""" """
......
...@@ -209,6 +209,7 @@ class ERP5UserFactory(BasePlugin): ...@@ -209,6 +209,7 @@ class ERP5UserFactory(BasePlugin):
self._id = self.id = id self._id = self.id = id
self.title = title self.title = title
security.declarePrivate('createUser')
def createUser( self, user_id, name ): def createUser( self, user_id, name ):
""" See IUserFactoryPlugin """ See IUserFactoryPlugin
""" """
......
...@@ -809,12 +809,16 @@ class Base( CopyContainer, ...@@ -809,12 +809,16 @@ class Base( CopyContainer,
getId = BaseAccessor.Getter('getId', 'id', 'string') getId = BaseAccessor.Getter('getId', 'id', 'string')
# Debug # Debug
security.declareProtected(Permissions.AccessContentsInformation,
'getOid')
def getOid(self): def getOid(self):
""" """
Return ODB oid Return ODB oid
""" """
return self._p_oid return self._p_oid
security.declareProtected(Permissions.AccessContentsInformation,
'getOidRepr')
def getOidRepr(self): def getOidRepr(self):
""" """
Return ODB oid, in an 'human' readable form. Return ODB oid, in an 'human' readable form.
...@@ -822,10 +826,14 @@ class Base( CopyContainer, ...@@ -822,10 +826,14 @@ class Base( CopyContainer,
from ZODB.utils import oid_repr from ZODB.utils import oid_repr
return oid_repr(self._p_oid) return oid_repr(self._p_oid)
security.declareProtected(Permissions.AccessContentsInformation,
'getSerial')
def getSerial(self): def getSerial(self):
"""Return ODB Serial.""" """Return ODB Serial."""
return self._p_serial return self._p_serial
security.declareProtected(Permissions.AccessContentsInformation,
'getHistorySerial')
def getHistorySerial(self): def getHistorySerial(self):
"""Return ODB Serial, in the same format used for history keys""" """Return ODB Serial, in the same format used for history keys"""
return '.'.join([str(x) for x in unpack('>HHHH', self._p_serial)]) return '.'.join([str(x) for x in unpack('>HHHH', self._p_serial)])
...@@ -1378,6 +1386,8 @@ class Base( CopyContainer, ...@@ -1378,6 +1386,8 @@ class Base( CopyContainer,
# Accessors are not workflow methods by default # Accessors are not workflow methods by default
# Ping provides a dummy method to trigger automatic methods # Ping provides a dummy method to trigger automatic methods
# XXX : maybe an empty edit is enough (self.edit()) # XXX : maybe an empty edit is enough (self.edit())
security.declareProtected(Permissions.AccessContentsInformation,
'ping')
def ping(self): def ping(self):
pass pass
...@@ -1565,6 +1575,8 @@ class Base( CopyContainer, ...@@ -1565,6 +1575,8 @@ class Base( CopyContainer,
""" """
return self return self
security.declareProtected(Permissions.AccessContentsInformation,
'getDocumentInstance')
def getDocumentInstance(self): def getDocumentInstance(self):
""" """
Returns self Returns self
...@@ -1584,6 +1596,8 @@ class Base( CopyContainer, ...@@ -1584,6 +1596,8 @@ class Base( CopyContainer,
assert mount_point._getMountedConnection(connection) is connection assert mount_point._getMountedConnection(connection) is connection
return mount_point._traverseToMountedRoot(connection.root(), None) return mount_point._traverseToMountedRoot(connection.root(), None)
security.declareProtected(Permissions.AccessContentsInformation,
'asSQLExpression')
def asSQLExpression(self, strict_membership=0, table='category', base_category = None): def asSQLExpression(self, strict_membership=0, table='category', base_category = None):
""" """
Any document can be used as a Category. It can therefore Any document can be used as a Category. It can therefore
...@@ -3266,6 +3280,8 @@ class Base( CopyContainer, ...@@ -3266,6 +3280,8 @@ class Base( CopyContainer,
self._p_changed = 1 self._p_changed = 1
# Helpers # Helpers
security.declareProtected(Permissions.AccessContentsInformation,
'getQuantityPrecisionFromResource')
def getQuantityPrecisionFromResource(self, resource, d=2): def getQuantityPrecisionFromResource(self, resource, d=2):
""" """
Provides a quick access to precision without accessing the resource Provides a quick access to precision without accessing the resource
......
...@@ -383,28 +383,6 @@ class CopyContainer: ...@@ -383,28 +383,6 @@ class CopyContainer:
group_method_id='portal_catalog/uncatalogObjectList', group_method_id='portal_catalog/uncatalogObjectList',
serialization_tag=self.getRootDocumentPath()).unindexObject(uid=uid) serialization_tag=self.getRootDocumentPath()).unindexObject(uid=uid)
security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
def moveObject(self, idxs=None):
"""
Reindex the object in the portal catalog.
If idxs is present, only those indexes are reindexed.
The metadata is always updated.
Also update the modification date of the object,
unless specific indexes were requested.
Passes is_object_moved to catalog to force
reindexing without creating new uid
"""
if idxs is None: idxs = []
if idxs == []:
# Update the modification date.
if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
self.notifyModified()
catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
if catalog is not None:
catalog.moveObject(self, idxs=idxs)
def _notifyOfCopyTo(self, container, op=0): def _notifyOfCopyTo(self, container, op=0):
"""Overiden to track object cut and pastes, and update related """Overiden to track object cut and pastes, and update related
content accordingly. content accordingly.
......
...@@ -86,18 +86,21 @@ class ActionInformation(XMLObject): ...@@ -86,18 +86,21 @@ class ActionInformation(XMLObject):
# XXX Following getAction/getCondition/getIcon are problably not useful # XXX Following getAction/getCondition/getIcon are problably not useful
# because properties should already be cleaned up during migration # because properties should already be cleaned up during migration
# or installation from BT. # or installation from BT.
security.declareProtected(AccessContentsInformation, 'getAction')
def getAction(self): def getAction(self):
"""Overridden getter for 'action' to clean null values""" """Overridden getter for 'action' to clean null values"""
if getattr(aq_base(self), 'action', None) == '': if getattr(aq_base(self), 'action', None) == '':
del self.action del self.action
return self._baseGetAction() return self._baseGetAction()
security.declareProtected(AccessContentsInformation, 'getCondition')
def getCondition(self): def getCondition(self):
"""Overridden getter for 'condition' to clean null values""" """Overridden getter for 'condition' to clean null values"""
if getattr(aq_base(self), 'condition', None) == '': if getattr(aq_base(self), 'condition', None) == '':
del self.condition del self.condition
return self._baseGetCondition() return self._baseGetCondition()
security.declareProtected(AccessContentsInformation, 'getIcon')
def getIcon(self): def getIcon(self):
"""Overridden getter for 'icon' to clean null values""" """Overridden getter for 'icon' to clean null values"""
if getattr(aq_base(self), 'icon', None) == '': if getattr(aq_base(self), 'icon', None) == '':
......
...@@ -61,6 +61,7 @@ class CacheFactory(XMLObject): ...@@ -61,6 +61,7 @@ class CacheFactory(XMLObject):
, PropertySheet.SortIndex , PropertySheet.SortIndex
) )
security.declareProtected(Permissions.AccessContentsInformation, 'getCacheId')
def getCacheId(self): def getCacheId(self):
""" """
Get a common Cache Factory / Cache Bag ID in this Get a common Cache Factory / Cache Bag ID in this
...@@ -94,6 +95,7 @@ class CacheFactory(XMLObject): ...@@ -94,6 +95,7 @@ class CacheFactory(XMLObject):
for cache_plugin in cache_plugin_list: for cache_plugin in cache_plugin_list:
cache_plugin.set(cache_id, value) cache_plugin.set(cache_id, value)
security.declareProtected(Permissions.AccessContentsInformation, 'getCachePluginList')
def getCachePluginList(self, allowed_type_list=None): def getCachePluginList(self, allowed_type_list=None):
""" get ordered list of installed cache plugins in ZODB """ """ get ordered list of installed cache plugins in ZODB """
if allowed_type_list is None: if allowed_type_list is None:
......
...@@ -588,12 +588,14 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn): ...@@ -588,12 +588,14 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
# Create data structure if none present # Create data structure if none present
return FolderMixIn.newContent(self, *args, **kw) return FolderMixIn.newContent(self, *args, **kw)
security.declareProtected(Permissions.AccessContentsInformation, 'isBTree')
def isBTree(self): def isBTree(self):
""" """
Tell if we are a BTree Tell if we are a BTree
""" """
return self._folder_handler == BTREE_HANDLER return self._folder_handler == BTREE_HANDLER
security.declareProtected(Permissions.AccessContentsInformation, 'isHBTree')
def isHBTree(self): def isHBTree(self):
""" """
Tell if we are a HBTree Tell if we are a HBTree
...@@ -1386,6 +1388,28 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn): ...@@ -1386,6 +1388,28 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
'recursiveImmediateReindexObject', None) is not None: 'recursiveImmediateReindexObject', None) is not None:
c.recursiveImmediateReindexObject(**kw) c.recursiveImmediateReindexObject(**kw)
security.declareProtected(Permissions.ModifyPortalContent, 'moveObject')
def moveObject(self, idxs=None):
"""
Reindex the object in the portal catalog.
If idxs is present, only those indexes are reindexed.
The metadata is always updated.
Also update the modification date of the object,
unless specific indexes were requested.
Passes is_object_moved to catalog to force
reindexing without creating new uid
"""
if idxs is None: idxs = []
if idxs == []:
# Update the modification date.
if getattr(aq_base(self), 'notifyModified', _marker) is not _marker:
self.notifyModified()
catalog = getattr(self.getPortalObject(), 'portal_catalog', None)
if catalog is not None:
catalog.moveObject(self, idxs=idxs)
security.declareProtected( Permissions.ModifyPortalContent, security.declareProtected( Permissions.ModifyPortalContent,
'recursiveMoveObject' ) 'recursiveMoveObject' )
def recursiveMoveObject(self): def recursiveMoveObject(self):
...@@ -1513,46 +1537,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn): ...@@ -1513,46 +1537,6 @@ class Folder(CopyContainer, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
strict_membership=strict_membership)) strict_membership=strict_membership))
return "( %s )" % result return "( %s )" % result
def mergeContent(self,from_object=None,to_object=None, delete=1,**kw):
"""
This method will merge two objects.
When we have to different objects wich represent the same content, we
may want to merge them. In this case, we want to be sure to report
"""
if from_object is None or to_object is None:
return
from_object_related_object_list = self.portal_categories\
.getRelatedValueList(from_object)
to_object_url = to_object.getRelativeUrl()
from_object_url = from_object.getRelativeUrl()
corrected_list = []
for object in from_object_related_object_list:
#LOG('Folder.mergeContent, working on object:',0,object)
new_category_list = []
found = 0
for category in object.getCategoryList(): # so ('destination/person/1',...)
#LOG('Folder.mergeContent, working on category:',0,category)
linked_object_url = '/'.join(category.split('/')[1:])
if linked_object_url == from_object_url:
base_category = category.split('/')[0]
found = 1
new_category_list.append(base_category + '/' + to_object_url)
else:
new_category_list.append(category)
if found:
corrected_list.append(object)
object.setCategoryList(new_category_list)
object.immediateReindexObject()
if delete:
if len(from_object.portal_categories.getRelatedValueList(from_object))==0:
parent = from_object.getParentValue()
parent.manage_delObjects(from_object.getId())
return corrected_list
security.declareProtected( Permissions.AccessContentsInformation, security.declareProtected( Permissions.AccessContentsInformation,
'objectValues' ) 'objectValues' )
def objectValues(self, spec=None, meta_type=None, portal_type=None, def objectValues(self, spec=None, meta_type=None, portal_type=None,
......
...@@ -355,12 +355,14 @@ class Predicate(XMLObject): ...@@ -355,12 +355,14 @@ class Predicate(XMLObject):
security.declareProtected( Permissions.AccessContentsInformation, 'asSqlJoinExpression' ) security.declareProtected( Permissions.AccessContentsInformation, 'asSqlJoinExpression' )
asSqlJoinExpression = asSQLJoinExpression asSqlJoinExpression = asSQLJoinExpression
security.declareProtected(Permissions.AccessContentsInformation, 'searchResults')
def searchResults(self, **kw): def searchResults(self, **kw):
""" """
""" """
portal_catalog = getToolByName(self, 'portal_catalog') portal_catalog = getToolByName(self, 'portal_catalog')
return portal_catalog.searchResults(build_sql_query_method=self.buildSQLQuery,**kw) return portal_catalog.searchResults(build_sql_query_method=self.buildSQLQuery,**kw)
security.declareProtected(Permissions.AccessContentsInformation, 'countResults')
def countResults(self, REQUEST=None, used=None, **kw): def countResults(self, REQUEST=None, used=None, **kw):
""" """
""" """
...@@ -600,6 +602,7 @@ class Predicate(XMLObject): ...@@ -600,6 +602,7 @@ class Predicate(XMLObject):
def _asPredicate(self): def _asPredicate(self):
return self return self
security.declareProtected(Permissions.AccessContentsInformation, 'searchPredicate')
def searchPredicate(self, **kw): def searchPredicate(self, **kw):
""" """
Returns a list of documents matching the predicate Returns a list of documents matching the predicate
......
...@@ -76,6 +76,7 @@ class RoleInformation(XMLObject): ...@@ -76,6 +76,7 @@ class RoleInformation(XMLObject):
value = value and Expression(value) or None value = value and Expression(value) or None
self._baseSetCondition(value) self._baseSetCondition(value)
security.declareProtected(AccessContentsInformation, 'getCondition')
def getCondition(self): def getCondition(self):
"""Overridden getter for 'condition' to clean null values""" """Overridden getter for 'condition' to clean null values"""
if getattr(aq_base(self), 'condition', None) == '': if getattr(aq_base(self), 'condition', None) == '':
......
...@@ -86,6 +86,8 @@ class StandardProperty(IdAsReferenceMixin('_property'), XMLObject): ...@@ -86,6 +86,8 @@ class StandardProperty(IdAsReferenceMixin('_property'), XMLObject):
getDescription = Base.Getter('getDescription', 'description', 'string', getDescription = Base.Getter('getDescription', 'description', 'string',
default='') default='')
security.declareProtected(Permissions.AccessContentsInformation,
'getElementaryType')
def getElementaryType(self): def getElementaryType(self):
""" """
Define this getter manually as it is not possible to rely on Define this getter manually as it is not possible to rely on
......
...@@ -75,7 +75,7 @@ class LocalRoleAssignorMixIn(object): ...@@ -75,7 +75,7 @@ class LocalRoleAssignorMixIn(object):
zope.interface.implements(interfaces.ILocalRoleAssignor) zope.interface.implements(interfaces.ILocalRoleAssignor)
security.declarePrivate('updateLocalRolesOnObject') security.declarePrivate('updateLocalRolesOnDocument')
@UnrestrictedMethod @UnrestrictedMethod
def updateLocalRolesOnDocument(self, ob, user_name=None, reindex=True, activate_kw=()): def updateLocalRolesOnDocument(self, ob, user_name=None, reindex=True, activate_kw=()):
""" """
...@@ -209,6 +209,8 @@ class LocalRoleAssignorMixIn(object): ...@@ -209,6 +209,8 @@ class LocalRoleAssignorMixIn(object):
role.uid = None role.uid = None
return self[self._setObject(role.id, role, set_owner=0)] return self[self._setObject(role.id, role, set_owner=0)]
InitializeClass(LocalRoleAssignorMixIn)
class ERP5TypeInformation(XMLObject, class ERP5TypeInformation(XMLObject,
FactoryTypeInformation, FactoryTypeInformation,
LocalRoleAssignorMixIn, LocalRoleAssignorMixIn,
......
...@@ -199,6 +199,7 @@ class CacheTool(BaseTool): ...@@ -199,6 +199,7 @@ class CacheTool(BaseTool):
if REQUEST is not None: if REQUEST is not None:
self.REQUEST.RESPONSE.redirect('cache_tool_configure?manage_tabs_message=Cache factory scope %s cleared.' %cache_factory_id) self.REQUEST.RESPONSE.redirect('cache_tool_configure?manage_tabs_message=Cache factory scope %s cleared.' %cache_factory_id)
security.declareProtected(Permissions.AccessContentsInformation, 'getCacheTotalMemorySize')
def getCacheTotalMemorySize(self, REQUEST=None): def getCacheTotalMemorySize(self, REQUEST=None):
""" Calculate total size of memory used for cache. """ Calculate total size of memory used for cache.
......
...@@ -191,6 +191,7 @@ class SessionTool(BaseTool): ...@@ -191,6 +191,7 @@ class SessionTool(BaseTool):
session._updatecontext(self) session._updatecontext(self)
return session return session
security.declarePrivate('getSession')
def getSession(self, session_id, session_duration=None): def getSession(self, session_id, session_duration=None):
""" Return session object. """ """ Return session object. """
storage_plugin = self._getStoragePlugin() storage_plugin = self._getStoragePlugin()
...@@ -216,6 +217,7 @@ class SessionTool(BaseTool): ...@@ -216,6 +217,7 @@ class SessionTool(BaseTool):
session = session.getValue() session = session.getValue()
return session return session
security.declarePublic('newContent')
def newContent(self, id, **kw): def newContent(self, id, **kw):
""" Create new session object. """ """ Create new session object. """
session = self.getSession(id) session = self.getSession(id)
......
...@@ -89,6 +89,8 @@ class WebServiceTool(BaseTool): ...@@ -89,6 +89,8 @@ class WebServiceTool(BaseTool):
security.declareProtected(Permissions.ManagePortal, 'manage_overview') security.declareProtected(Permissions.ManagePortal, 'manage_overview')
manage_overview = DTMLFile('explainWebServiceTool', _dtmldir ) manage_overview = DTMLFile('explainWebServiceTool', _dtmldir )
security.declareProtected(Permissions.AccessContentsInformation,
'getConnectionPluginList')
def getConnectionPluginList(self): def getConnectionPluginList(self):
""" """
Return list of available connection plugins Return list of available connection plugins
...@@ -97,6 +99,7 @@ class WebServiceTool(BaseTool): ...@@ -97,6 +99,7 @@ class WebServiceTool(BaseTool):
plugin_list.sort() plugin_list.sort()
return plugin_list return plugin_list
security.declareProtected(Permissions.ManagePortal, 'connect')
def connect(self, url, user_name=None, password=None, transport=None, transport_kw=None): def connect(self, url, user_name=None, password=None, transport=None, transport_kw=None):
""" """
Connect to remote instances Connect to remote instances
......
...@@ -17,6 +17,7 @@ import re ...@@ -17,6 +17,7 @@ import re
import transaction import transaction
from Acquisition import aq_parent, aq_inner, aq_base from Acquisition import aq_parent, aq_inner, aq_base
from AccessControl import ClassSecurityInfo, ModuleSecurityInfo from AccessControl import ClassSecurityInfo, ModuleSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions, PropertySheet, Constraint from Products.ERP5Type import Permissions, PropertySheet, Constraint
from Products.CMFCore.PortalContent import ResourceLockedError from Products.CMFCore.PortalContent import ResourceLockedError
from Products.CMFCore.utils import getToolByName from Products.CMFCore.utils import getToolByName
...@@ -193,6 +194,8 @@ class TextContent: ...@@ -193,6 +194,8 @@ class TextContent:
""" Used for FTP and apparently the ZMI now too """ """ Used for FTP and apparently the ZMI now too """
return len(self.manage_FTPget()) return len(self.manage_FTPget())
InitializeClass(TextContent)
from webdav.common import Locked, PreconditionFailed from webdav.common import Locked, PreconditionFailed
from webdav.interfaces import IWriteLock from webdav.interfaces import IWriteLock
from webdav.NullResource import NullResource from webdav.NullResource import NullResource
......
...@@ -32,6 +32,7 @@ ...@@ -32,6 +32,7 @@
from __future__ import absolute_import from __future__ import absolute_import
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5.mixin.property_recordable import PropertyRecordableMixin from Products.ERP5.mixin.property_recordable import PropertyRecordableMixin
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.Base import Base from Products.ERP5Type.Base import Base
...@@ -399,3 +400,5 @@ class ComponentMixin(PropertyRecordableMixin, Base): ...@@ -399,3 +400,5 @@ class ComponentMixin(PropertyRecordableMixin, Base):
rev = historicalRevision(self, serial) rev = historicalRevision(self, serial)
return rev.getTextContent() return rev.getTextContent()
InitializeClass(ComponentMixin)
...@@ -16,8 +16,13 @@ import logging ...@@ -16,8 +16,13 @@ import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
from Products.ERP5Type.Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from Products.CMFCore.ActionsTool import ActionsTool from Products.CMFCore.ActionsTool import ActionsTool
from Products.CMFCore.interfaces import IActionProvider from Products.CMFCore.interfaces import IActionProvider
from Products.CMFCore.permissions import ManagePortal
security = ClassSecurityInfo()
def migrateNonProviders(portal_actions): def migrateNonProviders(portal_actions):
portal_actions_path = '/'.join(portal_actions.getPhysicalPath()) portal_actions_path = '/'.join(portal_actions.getPhysicalPath())
...@@ -100,4 +105,8 @@ def reorderActions(self, REQUEST=None): ...@@ -100,4 +105,8 @@ def reorderActions(self, REQUEST=None):
return self.manage_editActionsForm(REQUEST, return self.manage_editActionsForm(REQUEST,
manage_tabs_message='Actions reordered.') manage_tabs_message='Actions reordered.')
security.declareProtected(ManagePortal, 'reorderActions')
ActionsTool.reorderActions = reorderActions ActionsTool.reorderActions = reorderActions
ActionsTool.security = security
InitializeClass(ActionsTool)
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment