Modified to Verify that the format is acceptable

(from permission point of view) git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34093 20353a03-c40f-0410-a6d1-a30d3c3de9de

Modified to Verify that the format is acceptable
(from permission point of view) git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@34093 20353a03-c40f-0410-a6d1-a30d3c3de9de
6c20dab9 · Mame Coumba Sall · ceca5d61 · 6c20dab9
Commit 6c20dab9 authored Mar 25, 2010 by Mame Coumba Sall
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 9 deletions

product/ERP5OOo/Document/OOoDocument.py product/ERP5OOo/Document/OOoDocument.py +14 -9

No files found.
--- a/product/ERP5OOo/Document/OOoDocument.py
+++ b/product/ERP5OOo/Document/OOoDocument.py
@@ -48,10 +48,13 @@ from Products.ERP5.Document.File import File
 from Products.ERP5.Document.Document import PermanentURLMixIn
 from Products.ERP5.Document.Document import ConversionError
 from Products.ERP5.Document.Document import NotConvertedError
+from AccessControl.SecurityManagement import getSecurityManager
 from zLOG import LOG, ERROR

 # Mixin Import
 from Products.ERP5.mixin.cached_convertable import CachedConvertableMixin
+from Products.ERP5.mixin.convertable import ConvertableMixin
+from Products.ERP5.mixin.base_convertable import BaseConvertableMixin

 enc=base64.encodestring
 dec=base64.decodestring
@@ -88,7 +91,7 @@ class TimeoutTransport(SafeTransport):
    return SafeTransport.make_connection(self, h)


-class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
+class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin, BaseConvertableMixin, ConvertableMixin):
  """
    A file document able to convert OOo compatible files to
    any OOo supported format, to capture metadata and to
@@ -184,9 +187,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
    _setCacheHeaders(_ViewEmulator().__of__(self), {'format' : format})

    # Verify that the format is acceptable (from permission point of view)
-    method = self._getTypeBasedMethod('checkConversionFormatPermission', 
-        fallback_script_id = 'Document_checkConversionFormatPermission')
-    if not method(format=format):
+    if self.isTargetFormatPermitted(format)==False:
      raise Unauthorized("OOoDocument: user does not have enough permission to access document"
                         " in %s format" % (format or 'original'))

@@ -279,8 +280,7 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
        allowed = server_proxy.getAllowedTargets(content_type)
        warn('Your oood version is too old, using old method '
            'getAllowedTargets instead of getAllowedTargetList',
-             DeprecationWarning)
-
+             DeprecationWarning)  
      # tuple order is reversed to be compatible with ERP5 Form
      return [(y, x) for x, y in allowed]

@@ -313,10 +313,11 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
  def isTargetFormatAllowed(self, format):
    """
      Checks if the current document can be converted
-      into the specified target format.
+      into the specified target format
    """
    return format in self.getTargetFormatList()

+
  security.declarePrivate('_convert')
  def _convert(self, format):
    """
@@ -409,6 +410,10 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
    # Raise an error if the format is not supported
    if not self.isTargetFormatAllowed(format):
      raise ConversionError("OOoDocument: target format %s is not supported" % format)
+    # Raise an error if the format is not permitted
+    if not self.isTargetFormatPermitted(format):
+      raise Unauthorized("OOoDocument: user does not have enough permission to access document"
+				                     " in %s format" % (format or 'original'))
    # Check if we have already a base conversion
    if not self.hasBaseData():
      raise NotConvertedError
@@ -553,13 +558,13 @@ class OOoDocument(PermanentURLMixIn, File, CachedConvertableMixin):
      metadata = response_dict['meta']
      self._base_metadata = metadata
      if metadata.get('MIMEType', None) is not None:
-        self._setBaseContentType(metadata['MIMEType'])
+        self._setBaseContentType(metadata['MIMEType'])   
    else:
      # Explicitly raise the exception!
      raise ConversionError(
                "OOoDocument: Error converting document to base format %s:%s:"
                                       % (response_code, response_message))
-
+  
  security.declareProtected(Permissions.AccessContentsInformation,
                            'getContentInformation')
  def getContentInformation(self):