erp5_maileva_connector: Rework security to not require roles

The way to use the connector should NOT require us to set Roles on portal_web_services objects. Documents on portal_web_services contains passwords to third-party software so, that should be not accessible by the user (even with proper roles). I set a minimal set of proxy roles and re-work to use path rather them object to not require roles everywhere.

erp5_maileva_connector: Rework security to not require roles
The way to use the connector should NOT require us to set Roles on portal_web_services objects. Documents on portal_web_services contains passwords to third-party software so, that should be not accessible by the user (even with proper roles). I set a minimal set of proxy roles and re-work to use path rather them object to not require roles everywhere.
defbaca7 · Rafael Monnerat · 5d126a25 · defbaca7 · defbaca7 · defbaca7
Commit defbaca7 authored Sep 25, 2024 by Rafael Monnerat
9 changed files
--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/Alarm_checkMailevaDocumentStatus.py
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/Alarm_checkMailevaDocumentStatus.py
 portal = context.getPortalObject()
-maileva_connector = portal.ERP5Site_getAvailableMailevaSOAPConnector()
+maileva_connector_path = portal.ERP5Site_getAvailableMailevaSOAPConnector()
+maileva_connector = portal.restrictTraverse(maileva_connector_path)
 notification_dict = maileva_connector.checkPendingNotifications()

--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/ERP5Site_getAvailableMailevaSOAPConnector.py
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/ERP5Site_getAvailableMailevaSOAPConnector.py
+from zExceptions import Unauthorized
+if REQUEST is not None:
+  raise Unauthorized
 maileva_connector = context.portal_catalog.getResultValue(
  portal_type='Maileva SOAP Connector',
  reference=reference,
  validation_state='validated')
 if not maileva_connector:
  raise ValueError('Maileav soap connector is not defined')
-return maileva_connector
+return maileva_connector.getRelativeUrl()
--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/ERP5Site_getAvailableMailevaSOAPConnector.xml
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/ERP5Site_getAvailableMailevaSOAPConnector.xml
@@ -50,7 +50,15 @@
        </item>
        <item>
            <key> <string>_params</string> </key>
-            <value> <string>reference="maileva_soap_connector"</string> </value>
+            <value> <string>reference="maileva_soap_connector", REQUEST=None</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
        </item>
        <item>
            <key> <string>id</string> </key>

--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_checkStatus.py
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_checkStatus.py
-maileva_connector = context.getPortalObject().ERP5Site_getAvailableMailevaSOAPConnector()
+portal = context.getPortalObject()
+maileva_connector = portal.restrictedTraverse(portal.ERP5Site_getAvailableMailevaSOAPConnector())
 result = maileva_connector.getPendingNotificationDetails(track_id)
 if result['status'] == "SENT":
  document = context.getFollowUpValue()

--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_processResponse.py
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_processResponse.py
+from zExceptions import Unauthorized
+if REQUEST is not None:
+    raise Unauthorized
 connector = context.getResourceValue()
 connector.processResponse(response, context.getObject(), failed)
--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_processResponse.xml
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_processResponse.xml
@@ -50,7 +50,15 @@
        </item>
        <item>
            <key> <string>_params</string> </key>
-            <value> <string>response, failed=False</string> </value>
+            <value> <string>response, failed=False, REQUEST=None</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
        </item>
        <item>
            <key> <string>id</string> </key>

--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_submitMailevaRequest.py
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_submitMailevaRequest.py
+from zExceptions import Unauthorized
+if REQUEST is not None:
+    raise Unauthorized
 connector = context.getResourceValue()
 connector.submitRequest(context)
--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_submitMailevaRequest.xml
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/MailevaExchange_submitMailevaRequest.xml
@@ -50,7 +50,15 @@
        </item>
        <item>
            <key> <string>_params</string> </key>
-            <value> <string></string> </value>
+            <value> <string>REQUEST=None</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
        </item>
        <item>
            <key> <string>id</string> </key>

--- a/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/PDF_sendToMaileva.py
+++ b/bt5/erp5_maileva_connector/SkinTemplateItem/portal_skins/erp5_maileva_connector/PDF_sendToMaileva.py
@@ -23,7 +23,7 @@ maileva_exchange = context.system_event_module.newContent(
  portal_type='Maileva Exchange',
  source_value = sender,
  destination_value = recipient,
-  resource_value = maileva_connector,
+  resource = maileva_connector,
  follow_up_value = context,
  reference=reference,
  request = xml