def render(self):
if self._finishedAdd:
can_view = checkPermission( # noqa: P001
'zope2.View',
self.content,
)
can_edit = checkPermission( # noqa: P001
'cmf.ModifyPortalContent',
self.content,
)
if IAddFlowSchemaDynamic.providedBy(self.schema) and can_edit:
self.request.response.redirect(
self.content.absolute_url() + u'/@@edit', )
return u''
elif can_view:
self.request.response.redirect(self.content.absolute_url())
return u''
else:
return SubmissionView(
self.context,
self.request,
self.content,
)()
else:
can_edit = checkPermission( # noqa: P001
'cmf.ModifyPortalContent',
self.context,
)
if can_edit and self.submission_impersonation:
self.impersonate_url = (self.context.absolute_url() +
u'/@@impersonate')
return super(FlowSubmitForm, self).render()
def update(self):
format = self.request.locale.dates.getFormatter('dateTime', 'short').format
convert = lambda d: d is not None and format(d.asdatetime()) or None
self.first_publication_date = convert(
self.context.get_first_publication_date())
self.publication_date = convert(
self.context.get_public_version_publication_datetime())
self.expiration_date = convert(
self.context.get_public_version_expiration_datetime())
self.have_unapproved = self.context.get_unapproved_version() != None
self.have_next = self.context.get_next_version() != None
self.have_closed = self.context.get_last_closed_version() != None
self.have_approved = self.context.is_approved()
self.have_published = self.context.is_published()
self.may_approve = checkPermission('silva.ApproveSilvaContent', self.context)
self.may_change = checkPermission('silva.ChangeSilvaContent', self.context)
def __init__(self, source, manager, request, instance):
dataManager = [
(None,
lambda content: silvaforms.FieldValueDataManager(self, content))]
self.manager = manager
self.source = source
self.__parent__ = manager.context # Enable security checks.
if source is not None:
fields = source.get_parameters_form()
if fields is not None:
self.parameterFields = silvaforms.Fields(fields)
# This doesn't work because authentication is not done
# when __init__ is called.
if checkPermission(SETTINGS_PERMISSION, manager.context):
self.settingFields += TextField(
identifier="source_template",
title="Source template",
description="<!-- source output --> will be replaced by the HTML code generated by the source.",
constrainValue=validateSourceTemplate,
required=False)
dataManager.append(
('source_template', silvaforms.SilvaDataManager))
self.dataManager = silvaforms.MultiDataManagerFactory(dataManager)
super(ExternalSourceController, self).__init__(
manager.context, request, instance)
def __call__(self):
"""Return the children of the <head> tag as a fragment.
"""
# Check for the registered view permission
try:
type_ = queryUtility(ITileType, self.context.__name__)
permission = type_.view_permission
except AttributeError:
permission = None
if permission:
if not checkPermission(permission, self.context):
raise Unauthorized()
if self.request.getHeader(ESI_HEADER):
del self.request.environ[ESI_HEADER_KEY]
document = self.context() # render the tile
# Disable the theme so we don't <html/>-wrapped
self.request.response.setHeader('X-Theme-Disabled', '1')
match = BODY_CHILDREN.search(document)
if not match:
return document
return match.group(1).strip()
def getContentLayoutsForType(pt, context=None):
result = []
registry = getUtility(IRegistry)
hidden = registry.get('plone.app.mosaic.hidden_content_layouts', [])[:]
for item in hidden[:]:
# undocumented feature right now.
# need to figure out how to integrate into UI yet
if '::' in item:
# seperator to be able to specify hidden for a specific type
key, _, hidden_type = item.partition('::')
if hidden_type == pt:
hidden.append(key)
for key, value in getLayoutsFromResources(
CONTENT_LAYOUT_MANIFEST_FORMAT).items():
if key in hidden:
continue
_for = [v for v in (value.get('for') or '').split(',') if v]
if _for and pt not in _for:
continue
preview = value.get('preview', value.get('screenshot'))
if preview and not preview.startswith('++'):
value['preview'] = '++contentlayout++' + '/'.join(
[os.path.dirname(key), preview])
value['path'] = key
result.append(value)
if context is not None:
result = [
value for value in result if not value.get('permission')
or checkPermission(value.get('permission'), context)
]
result.sort(key=lambda l: l.get('sort_key', '') or l.get('title', ''))
return result
def update(self):
# If you don't have the permission to edit the content, then
# you don't. This can't be done in setContentData, as this is
# called before security is verified.
content = self.getContentData().content
if not checkPermission('silva.ChangeSilvaContent', content):
self.widgetFactoryFactory = SMIDisplayWidgetFactory
def __init__(self, source, manager, request, instance):
dataManager = [
(None,
lambda content: silvaforms.FieldValueDataManager(self, content))
]
self.manager = manager
self.source = source
self.__parent__ = manager.context # Enable security checks.
if source is not None:
fields = source.get_parameters_form()
if fields is not None:
self.parameterFields = silvaforms.Fields(fields)
# This doesn't work because authentication is not done
# when __init__ is called.
if checkPermission(SETTINGS_PERMISSION, manager.context):
self.settingFields += TextField(
identifier="source_template",
title="Source template",
description=
"<!-- source output --> will be replaced by the HTML code generated by the source.",
constrainValue=validateSourceTemplate,
required=False)
dataManager.append(
('source_template', silvaforms.SilvaDataManager))
self.dataManager = silvaforms.MultiDataManagerFactory(dataManager)
super(ExternalSourceController, self).__init__(manager.context,
request, instance)
def reply(self):
if self.params and len(self.params) > 0:
self.content_type = "application/json+schema"
try:
tile = getUtility(ITileType, name=self.params[0])
return getMultiAdapter(
(tile, self.request), ISerializeToJson)()
except KeyError:
self.content_type = "application/json"
self.request.response.setStatus(404)
return {
'type': 'NotFound',
'message': 'Tile "{}" could not be found.'.format(
self.params[0]
)
}
result = []
tiles = getUtilitiesFor(ITileType, context=self.context)
for name, tile in tiles:
serializer = getMultiAdapter(
(tile, self.request), ISerializeToJsonSummary)
if checkPermission(tile.add_permission, self.context):
result.append(serializer())
return result
def reply(self):
warnings.warn(
"``plone.restapi.services.tiles`` is deprecated and will be removed in plone.restapi 9.",
DeprecationWarning,
)
if self.params and len(self.params) > 0:
self.content_type = "application/json+schema"
try:
tile = getUtility(ITileType, name=self.params[0])
return getMultiAdapter((tile, self.request),
ISerializeToJson)()
except KeyError:
self.content_type = "application/json"
self.request.response.setStatus(404)
return {
"type": "NotFound",
"message": f'Tile "{self.params[0]}" could not be found.',
}
result = []
tiles = getUtilitiesFor(ITileType, context=self.context)
for name, tile in tiles:
serializer = getMultiAdapter((tile, self.request),
ISerializeToJsonSummary)
if checkPermission(tile.add_permission, self.context):
result.append(serializer())
return result
def available(self):
""" This form do not show if there is no unapproved version or if
the current user can directly approve the content
"""
if checkPermission("silva.ApproveSilvaContent", self.context):
return False
return not self.context.is_approval_requested()
def wrapped(self, *args, **kwargs):
if not checkPermission(permission, self.context):
raise Unauthorized(
"You don't have access to %s on %s" % (
func.func_name,
'/'.join(self.context.getPhysicalPath())))
return func(self, *args, **kwargs)
def __call__(self):
"""Return the children of the <head> tag as a fragment.
"""
# Check for the registered view permission
try:
type_ = queryUtility(ITileType, self.context.__name__)
permission = type_.view_permission
except AttributeError:
permission = None
if permission:
if not checkPermission(permission, self.context):
raise Unauthorized()
if self.request.getHeader(ESI_HEADER):
del self.request.environ[ESI_HEADER_KEY]
document = self.context() # render the tile
# Disable the theme so we don't <html/>-wrapped
self.request.response.setHeader('X-Theme-Disabled', '1')
match = BODY_CHILDREN.search(document)
if not match:
return document
return match.group(1).strip()
def available(self):
return (
checkPermission("silva.ApproveSilvaContent", self.context)
and self.context.get_last_closed_version() is not None
and self.context.get_public_version() is None
and self.context.get_unapproved_version() is None
)
def update(self, preview=None):
if preview is None:
preview = IPreviewLayer.providedBy(self.request)
self.preview = preview
self.title = self.context.manager.label
self.info = self.context.info
self.manage = checkPermission(
'silva.ManageSilvaSettings', self.context.manager.context)
def payload(self):
if checkPermission("silva.ChangeSilvaContent", self.context):
version = self.context.get_editable()
if version is not None:
text = version.body.render(version, self.request, type=IInputEditorFilter)
return {"ifaces": ["editor"], "name": "body", "text": text, "configuration": self.context.meta_type}
view = getMultiAdapter((self.context, self.request), IJSView, name="content-preview")
return view(self)
def check_user_can_view(self, card, userid):
" if userid then login as that user otherwise logout (use Anonymous User) "
if userid:
self.login(userid)
else:
self.logout()
# check if the card is viewable
self.assertEqual(security.checkPermission('zope2.View', card), 1)
# but can't find an equivalent zope2 permission for Modify so
# try this way:
self.assertEqual(getSecurityManager().checkPermission("View", card), 1)
def payload(self):
if checkPermission('silva.ChangeSilvaContent', self.context):
version = self.context.get_editable()
if version is not None:
view = getMultiAdapter(
(version, self.request), IJSView, name='content-layout')
return view(self, identifier=version.getId())
view = getMultiAdapter(
(self.context, self.request), IJSView, name='content-preview')
return view(self)
def check_user_can_edit(self, card, userid):
" if userid then login as that user otherwise logout (use Anonymous User) "
if userid:
self.login(userid)
else:
self.logout()
# check if the card is viewable
self.assertEqual(security.checkPermission('zope2.View', card), 1)
# but can't find an equivalent zope2 permission for Modify so
# try this way:
self.assertEqual(getSecurityManager().checkPermission( "Modify portal content", card), 1)
def getter(self):
if self.__content is not _marker:
return self.__content
content = None
if self.is_preview:
content = self.context.get_previewable()
if not checkPermission('silva.ReadSilvaContent', self.context):
raise Unauthorized(
"You need to be authenticated to access this version")
if content is None:
content = self.context.get_viewable()
self.__content = content
return content
def is_deletable(self):
"""is object deletable?
a publishable object is only deletable if
it's not published
it's not approved
"""
if not checkPermission('silva.ApproveSilvaContent', self):
if self.is_published():
raise ContentError(_(u"Content is published."), self)
if self.is_approved():
raise ContentError(_(u"Content is approved."), self)
def __call__(self, context=None):
context = self.context or context
vocabulary = super(AllowedTilesVocabulary, self).__call__(context)
if context is None:
return vocabulary
items = []
for item in vocabulary:
if checkPermission(item.value.add_permission, context):
items.append(item)
return SimpleVocabulary(items)
def check_user_cannot_view_or_edit(self, card, userid):
" if userid then login as that user otherwise logout (use Anonymous User) "
if userid:
self.login(userid)
else:
self.logout()
# some_retrieved_value = card.getComments() # no worky: this doesn't check security!
# check if the card is viewable by anon
self.assertEqual(security.checkPermission('zope2.View', card), False)
# but can't find an equivalent zope2 permission for Modify so
# try this way:
self.assertEqual(getSecurityManager().checkPermission( "View", card), None)
self.assertEqual(getSecurityManager().checkPermission( "Modify portal content", card), None)
def __call__(self, design):
if self.context is not None:
obj = self.context
implements = False
if self.addable is not None:
obj = self.addable
implements = True
comply, require = verify_context(design, obj, implements)
if not comply:
return False
permission = grok.require.bind().get(design)
if permission:
return checkPermission(permission, self.context)
return True
def check_user_cannot_view_or_edit(self, card, userid):
" if userid then login as that user otherwise logout (use Anonymous User) "
if userid:
self.login(userid)
else:
self.logout()
# some_retrieved_value = card.getComments() # no worky: this doesn't check security!
# check if the card is viewable by anon
self.assertEqual(security.checkPermission('zope2.View', card), False)
# but can't find an equivalent zope2 permission for Modify so
# try this way:
self.assertEqual(getSecurityManager().checkPermission("View", card),
None)
self.assertEqual(
getSecurityManager().checkPermission("Modify portal content",
card), None)
def is_deletable(self):
"""is object deletable?
a publishable object is only deletable if
it's not published
it's not approved
"""
if not checkPermission('silva.ApproveSilvaContent', self):
if self.is_published():
raise ContentError(
_(u"Content is published."),
self)
if self.is_approved():
raise ContentError(
_(u"Content is approved."),
self)
def _get_root_content_url(self):
# Redirect to the root of the SMI if we are not already
site = IVirtualSite(self.request)
settings = getUtility(IUIService)
if settings.smi_access_root:
top_level = site.get_silva_root()
else:
top_level = site.get_root()
# We lookup for the highest container where we have access
root = self.context.get_container()
while root != top_level:
parent = root.get_real_container()
if parent is None or not checkPermission("silva.ReadSilvaContent", parent):
# We don't have access at that level
break
root = parent
return getMultiAdapter((root, self.request), IContentURL)
def allow_action(self, action):
if action == 'submit':
return True
if checkPermission('cmf.ManagePortal', self.context):
return True
usergroups = self.usergroups
for town in self.context.keywords(categories=['cat2']):
town = town.lower()
town = town.replace(' ', '-')
town = town.replace(u'ü', 'ue')
town = town.replace(u'ö', 'oe')
town = town.replace(u'ä', 'ae')
if town in usergroups:
return True
return False
def render_content(content, request, suppress_title=False):
"""Render a content for inclusion.
"""
if not (checkPermission('zope2.View', content)
or IBrowserRequest.providedBy(request)):
# You can't see the content or don't have a valid request.
return u''
content = content.get_silva_object()
if suppress_title:
if IDocument.providedBy(content):
version = content.get_viewable()
if version is None:
return u''
details = getMultiAdapter((version, request), name="details")
return details.get_text()
if IAutoTOC.providedBy(content):
toc = getMultiAdapter((content, request), name="toc")
toc.update()
return toc.render()
# suppress title is not supported for other contents, render them publicly.
renderer = queryMultiAdapter((content, request), name='content.html')
if renderer is not None:
return renderer()
return u''
def available(self, form):
return checkPermission("silva.ChangeSilvaContent", form.context)
def available(self):
return (
checkPermission("silva.ApproveSilvaContent", self.context)
and super(RejectApprovalRequestForm, self).available()
)
def available(self):
if checkPermission("silva.ApproveSilvaContent", self.context):
return False
return super(WithdrawApprovalRequestForm, self).available()
def available(self):
return bool(checkPermission("silva.ApproveSilvaContent", self.context))
def available(self, form):
return (len(form.lines) > 1 and
bool(checkPermission('silva.ApproveSilvaContent', form.context)))
def update_index_available(self):
return checkPermission('silva.ChangeSilvaContent', self.context)
def canedit(self):
return checkPermission("cmf.ModifyPortalContent", self.context)
def update_index_available(self):
return checkPermission('silva.ChangeSilvaContent', self.context)
def canView(self, obj):
return checkPermission('zope2.View', obj)
def canView(self, obj):
return checkPermission('zope2.View', obj)
def available(self, form):
return checkPermission('silva.ChangeSilvaContent', form.context)
def allow_configuration(self, configuration, slot, context):
if checkPermission(self.permission, context):
return None
return False
def allow_controller(self, controller, slot, context):
if checkPermission(self.permission, context):
return None
return False
def update(self):
# Redirect to the root of the SMI if we are not already
site = IVirtualSite(self.request)
settings = getUtility(IUIService)
if settings.smi_access_root:
top_level = site.get_silva_root()
else:
top_level = site.get_root()
# We lookup for the highest container where we have access
root = self.context.get_container()
while root != top_level:
parent = root.get_real_container()
if (parent is None or
not checkPermission('silva.ReadSilvaContent', parent)):
# We don't have access at that level
break
root = parent
root_content_url = getMultiAdapter((root, self.request), IContentURL)
root_url = root_content_url.url()
if root != self.context:
# Relative path of the content from the root.
content_url = getMultiAdapter(
(self.context, self.request), IContentURL)
root_path = root_content_url.url(relative=True).split('/')
content_path = content_url.url(relative=True).split('/')
path = '/'.join(relative_path(root_path, content_path))
raise Redirect('/'.join((root_url, 'edit')) + '#!' + path)
# Set the proper SMI skin
set_smi_skin(self.context, self.request)
# Load the extensions
for load_entry in iter_entry_points('silva.ui.resources'):
resource = load_entry.load()
need(resource)
# Customization from service
if settings.logo is not None:
settings_content_url = getMultiAdapter(
(settings, self.request), IContentURL)
self.logo_url = '/'.join((settings_content_url.url(), 'logo'))
else:
self.logo_url = self.static['img']['silva.png']()
self.background = '#7996ac'
self.name = settings.name
self.listing_preview = settings.folder_icon_preview
self.maintenance_message = settings.maintenance_message
self.test_mode = settings.test_mode
self.preview_resolutions = []
self.notifications_life = settings.notifications_life
if settings.preview_use_resolutions:
self.preview_resolutions = list(settings.preview_resolutions)
if settings.background:
self.background = settings.background
# Prepare values for template
languages = IUserPreferredLanguages(
self.request).getPreferredLanguages()
self.language = languages[0] if languages else 'en'
self.root_url = root_url
self.can_manage = getSecurityManager().checkPermission(
'View Management Screens', self.context)
