manage_afterAdd, manage_afterClone and manage_beforeDelete should be private.

fd1a7c2b · Kazuhiko Shiozaki · fe3a1740 · fd1a7c2b · fd1a7c2b · fd1a7c2b
Commit fd1a7c2b authored Oct 08, 2013 by Kazuhiko Shiozaki
11 changed files
--- a/product/CMFActivity/ActivityTool.py
+++ b/product/CMFActivity/ActivityTool.py
@@ -798,10 +798,12 @@ class ActivityTool (Folder, UniqueObject):
          url += urllib.quote('Cancel and invoke links visible')
          RESPONSE.redirect(url)
+    security.declarePrivate('manage_beforeDelete')
    def manage_beforeDelete(self, item, container):
        self.unsubscribe()
        Folder.inheritedAttribute('manage_beforeDelete')(self, item, container)
+    security.declarePrivate('manage_afterAdd')
    def manage_afterAdd(self, item, container):
        self.subscribe()
        Folder.inheritedAttribute('manage_afterAdd')(self, item, container)

--- a/product/ERP5/Document/BaseCategory.py
+++ b/product/ERP5/Document/BaseCategory.py
@@ -66,6 +66,7 @@ class BaseCategory(CMFBaseCategory, XMLObject):
      #result.extend(self.portal_catalog())
      return result
+    security.declarePrivate('manage_afterAdd')
    def manage_afterAdd(self, item, container):
      """
         Reset Accessors

--- a/product/ERP5/Document/Bug.py
+++ b/product/ERP5/Document/Bug.py
@@ -55,6 +55,7 @@ class Bug(Ticket):
                      , PropertySheet.Bug
                      )
+    security.declarePrivate('manage_afterClone')
    def manage_afterClone(self, item):
      Ticket.manage_afterClone(self, item)
      # delete existing bug lines

--- a/product/ERP5/Document/BusinessTemplate.py
+++ b/product/ERP5/Document/BusinessTemplate.py
@@ -4789,7 +4789,7 @@ Business Template is a set of definitions, such as skins, portal types and categ
      XMLObject.__init__(self, *args, **kw)
      self._clean()
-    security.declareProtected(Permissions.ManagePortal, 'manage_afterAdd')
+    security.declarePrivate('manage_afterAdd')
    def manage_afterAdd(self, item, container):
      """
        This is called when a new business template is added or imported.

--- a/product/ERP5/ERP5Site.py
+++ b/product/ERP5/ERP5Site.py
@@ -364,6 +364,7 @@ class ERP5Site(FolderMixIn, CMFSite, CacheCookieMixin):
    return self
+  security.declarePrivate('manage_beforeDelete')
  def manage_beforeDelete(self, item, container):
    # skin is setup during __before_publishing_traverse__, which
    # doesn't happen when the object is being deleted from the management

--- a/product/ERP5/mixin/rule.py
+++ b/product/ERP5/mixin/rule.py
@@ -474,6 +474,7 @@ class RuleMixin(Predicate):
 class SimulableMixin(Base):
+  security = ClassSecurityInfo()
  def updateSimulation(self, **kw):
    """Create/update related simulation trees by activity
@@ -600,6 +601,7 @@ class SimulableMixin(Base):
        return applied_rule
      raise SimulationError("No such rule as %r is found" % rule_reference)
+  security.declarePrivate('manage_beforeDelete')
  def manage_beforeDelete(self, item, container):
    """Delete related Applied Rule"""
    for o in self.getCausalityRelatedValueList(portal_type='Applied Rule'):

--- a/product/ERP5/mixin/timer_service.py
+++ b/product/ERP5/mixin/timer_service.py
@@ -68,12 +68,12 @@ class TimerServiceMixin(object):
      return "Usubscribed from Timer Service"
    return "TimerService not available"
-  security.declareProtected(Permissions.ManageProperties, 'manage_beforeDelete')
+  security.declarePrivate('manage_beforeDelete')
  def manage_beforeDelete(self, *args, **kw):
    self.unsubscribe()
    super(TimerServiceMixin, self).manage_beforeDelete(*args, **kw)
-  security.declareProtected(Permissions.ManageProperties, 'manage_afterAdd')
+  security.declarePrivate('manage_afterAdd')
  def manage_afterAdd(self, *args, **kw):
    self.unsubscribe()
    super(TimerServiceMixin, self).manage_afterAdd(*args, **kw)

--- a/product/ERP5Banking/Document/BankingOperation.py
+++ b/product/ERP5Banking/Document/BankingOperation.py
@@ -64,7 +64,8 @@ class BankingOperation(BaobabMixin, AccountingTransaction):
                    , PropertySheet.ItemAggregation
                    , PropertySheet.Amount
                    )
+  security.declarePrivate('manage_beforeDelete')
  def manage_beforeDelete(self, item, container):
    """
    The right of deleting must be define by workflows

--- a/product/ERP5Type/CopySupport.py
+++ b/product/ERP5Type/CopySupport.py
@@ -234,6 +234,7 @@ class CopyContainer:
              return self.manage_main(self, REQUEST, update_menu=1)
  # Copy and paste support
+  security.declarePrivate('manage_afterClone')
  def manage_afterClone(self, item):
    """
        Add self to the workflow.
@@ -316,6 +317,7 @@ class CopyContainer:
      script()
+  security.declarePrivate('manage_afterAdd')
  def manage_afterAdd(self, item, container):
      """
          Add self to the catalog.
@@ -328,6 +330,7 @@ class CopyContainer:
          if getattr(self, 'isIndexable', 1):
            self.__recurse('manage_afterAdd', item, container)
+  security.declarePrivate('manage_beforeDelete')
  def manage_beforeDelete(self, item, container):
      """
          Remove self from the catalog.

--- a/product/Formulator/Field.py
+++ b/product/Formulator/Field.py
@@ -554,7 +554,7 @@ class ZMIField(
                getattr(self, method_name)(values[key])
-    security.declareProtected('Change Formulator Forms', 'manage_beforeDelete')
+    security.declarePrivate('manage_beforeDelete')
    def manage_beforeDelete(self, item, container):
        """Remove name from list if object is deleted.
        """
@@ -562,7 +562,7 @@ class ZMIField(
        if hasattr(item.aq_explicit, 'is_field'):
            container.field_removed(item.id)
-    security.declareProtected('Change Formulator Forms', 'manage_afterAdd')
+    security.declarePrivate('manage_afterAdd')
    def manage_afterAdd(self, item, container):
        """What happens when we add a field.
        """

--- a/product/ZMySQLDA/DA.py
+++ b/product/ZMySQLDA/DA.py
@@ -99,6 +99,7 @@ from App.ImageFile import ImageFile
 from DateTime import DateTime
 from . import DABase
 from .db import DB, DeferredDB
+from AccessControl import ClassSecurityInfo
 SHARED_DC_ZRDB_LOCATION = os.path.dirname(Shared.DC.ZRDB.__file__)
@@ -132,6 +133,7 @@ class Connection(DABase.Connection):
    id='%s_database_connection' % database_type
    meta_type=title='Z %s Database Connection' % database_type
    icon='misc_/Z%sDA/conn' % database_type
+    security = ClassSecurityInfo()
    manage_properties=HTMLFile('connectionEdit', globals())
@@ -139,6 +141,7 @@ class Connection(DABase.Connection):
    def factory(self): return DB
+    security.declarePrivate('manage_beforeDelete')
    def manage_beforeDelete(self, item, container):
        database_connection_pool.get(self._p_oid, {}).pop(self._p_jar, None)