def wrapWorkflowMethod(self, ob, method_id, func, args, kw):
'''
Allows the user to request a workflow action. This method
must perform its own security checks.
'''
sdef = self._getWorkflowStateOf(ob)
if sdef is None:
raise WorkflowException, 'Object is in an undefined state'
if method_id not in sdef.transitions:
raise Unauthorized(method_id)
tdef = self.transitions.get(method_id, None)
if tdef is None or tdef.trigger_type != TRIGGER_WORKFLOW_METHOD:
raise WorkflowException, (
'Transition %s is not triggered by a workflow method' %
method_id)
if not self._checkTransitionGuard(tdef, ob):
raise Unauthorized(method_id)
res = func(*args, **kw)
try:
self._changeStateOf(ob, tdef)
except ObjectDeleted:
# Re-raise with a different result.
raise ObjectDeleted(res)
except ObjectMoved, ex:
# Re-raise with a different result.
raise ObjectMoved(ex.getNewObject(), res)
def DCWorkflowDefinition_notifyWorkflowMethod(self,
ob,
transition_list,
args=None,
kw=None):
'''
Allows the system to request a workflow action. This method
must perform its own security checks.
'''
if type(transition_list) in StringTypes:
method_id = transition_list
elif len(transition_list) == 1:
method_id = transition_list[0]
else:
raise ValueError(
'WorkflowMethod should be attached to exactly 1 transition per DCWorkflow instance.'
)
sdef = self._getWorkflowStateOf(ob)
if sdef is None:
raise WorkflowException, 'Object is in an undefined state'
if method_id not in sdef.transitions:
raise Unauthorized(method_id)
tdef = self.transitions.get(method_id, None)
if tdef is None or tdef.trigger_type != TRIGGER_WORKFLOW_METHOD:
raise WorkflowException, (
'Transition %s is not triggered by a workflow method' % method_id)
if not self._checkTransitionGuard(tdef, ob):
raise Unauthorized(method_id)
self._changeStateOf(ob, tdef, kw)
if getattr(ob, 'reindexObject', None) is not None:
if kw is not None:
activate_kw = kw.get('activate_kw', {})
else:
activate_kw = {}
ob.reindexObject(activate_kw=activate_kw)
def _set(self, instance, value, **kw):
"""Set the value of the field
"""
logger.debug("ATFieldManager::set: value=%r" % value)
# check field permission
if not self.field.checkPermission("write", instance):
raise Unauthorized(
"You are not allowed to write the field {}".format(self.name))
# check if field is writable
if not self.field.writeable(instance):
raise Unauthorized("Field {} is read only.".format(self.name))
# id fields take only strings
if self.name == "id":
value = str(value)
# get the field mutator
mutator = self.field.getMutator(instance)
# Inspect function and apply *args and **kwargs if possible.
mapply(mutator, value, **kw)
return True
def deletelayout(self):
layout_resources = queryResourceDirectory(
CONTENT_LAYOUT_RESOURCE_NAME, 'custom')
layout_path = self.request.form.get('layout')
if len(layout_path.split('/')) <= 2:
sm = getSecurityManager()
# this is a global layout, need to check permissions
if not sm.checkPermission('Plone: Manage Content Layouts',
api.portal.get()):
raise Unauthorized("User not allowed to delete global layout")
else:
# check this user is allowed to delete this template
user_dir = 'custom/user-layouts/{0:s}'.format(
api.user.get_current().getId())
if not layout_path.startswith(user_dir):
raise Unauthorized("You are not allowed to delete this layout")
# find directory
filename = layout_path.split('/')[-1]
directory = layout_resources
for part in layout_path.replace('custom/', '').split('/')[:-1]:
directory = directory[part]
del directory[filename]
# now to modify manifest to not include
if MANIFEST_FILENAME in directory.listDirectory():
manifest = loadManifest(directory.readFile(MANIFEST_FILENAME))
removeLayout(manifest, filename)
directory.writeFile(MANIFEST_FILENAME, dumpManifest(manifest))
# now reassign if provided
replacement = self.request.form.get('replacement')
if replacement:
replacement = self._get_layout_path(replacement)
catalog = api.portal.get_tool('portal_catalog')
for brain in catalog(layout=self._get_layout_path(layout_path)):
obj = brain.getObject()
layout_data = ILayoutAware(obj, None)
if layout_data:
layout_data.contentLayout = replacement
obj.reindexObject(idxs=['layout'])
return json.dumps(
{
'success': True,
'user_layouts': getUserContentLayoutsForType(
self.context.portal_type
),
'available_layouts': getContentLayoutsForType(
self.context.portal_type,
self.context
)
}
)
def verify_may_untrash(self, raise_on_violations=True):
if not self.check_untrash_permission():
if raise_on_violations:
raise Unauthorized()
return False
if not ITrashed.providedBy(self.context) or self.context.is_removed:
if raise_on_violations:
raise Unauthorized()
return False
return True
def _check_add_permission(self, status):
permission = "Plone Social: Add Microblog Status Update"
try:
check_context = status.microblog_context
if check_context is None:
check_context = self # Fall back to tool
except AttributeError:
raise Unauthorized("You do not have permission <%s>" % permission)
if not api.user.has_permission(
permission,
obj=check_context):
raise Unauthorized("You do not have permission <%s>" % permission)
def untrash(self):
if not _checkPermission('opengever.trash: Untrash content',
self.context):
raise Unauthorized()
folder = aq_parent(aq_inner(self.context))
if not _checkPermission('opengever.trash: Trash content', folder):
raise Unauthorized()
noLongerProvides(self.context, ITrashed)
self.reindex()
notify(UntrashedEvent(self.context))
def can_write(self, field):
""" check if the field is writeable
"""
# check if the field is read only
if field.readonly:
raise Unauthorized("Field '%s' is read-only" % field.__name__)
# XXX: How to check security on the field level?
sm = getSecurityManager()
permission = permissions.ModifyPortalContent
if not sm.checkPermission(permission, self.context):
raise Unauthorized("Not allowed to modify this content")
return field
def protect_del_objects(self, ids=None):
sm = getSecurityManager()
if not sm.checkPermission('Delete objects', self):
raise Unauthorized("Do not have permissions to remove this object")
if ids is None:
ids = []
if isinstance(ids, basestring):
ids = [ids]
for id_ in ids:
item = self._getOb(id_)
if not sm.checkPermission("Delete portal content", item):
raise Unauthorized("Do not have permissions to remove this object")
def wrapped_fn(f, self, *args, **kwargs):
if callable(permission):
if not permission(self, *args, **kwargs):
args = (f.__name__, permission.__name__)
raise Unauthorized('Calling %s requires "%s" permission' %
args)
return f(self, *args, **kwargs)
else:
if not Zuul.checkPermission(permission, self.context):
args = (f.__name__, permission)
raise Unauthorized('Calling %s requires "%s" permission' %
args)
return f(self, *args, **kwargs)
def __call__(self):
sm = getSecurityManager()
context = aq_inner(self.context)
# If the user has the global Manage Portlets permission, let them
# run wild
if not sm.checkPermission("Portlets: Manage own portlets", context):
raise Unauthorized("You are not allowed to manage portlets")
user_id = sm.getUser().getId()
if context.__name__ != user_id:
raise Unauthorized(
"You are only allowed to manage your own portlets")
def __call__(self, *args, **kwargs):
request = self.request
form = request.form
context = self.context
putils = getToolByName(context, 'plone_utils')
b_start = form.get('b_start', None)
if not self.check_labeling_permission():
raise Unauthorized("You can't modify the label")
if form.get('cancel'):
return request.response.redirect(
"%s/edit-table%s" %
(context.absolute_url(),
b_start and '?b_start:int=%d' % b_start or ''))
if form.get('form.submitted'):
if not form.get('label'):
putils.addPortalMessage(_('Label is required'), type="error")
return request.response.redirect(
"%s/edit-label%s" %
(context.absolute_url(),
b_start and '?b_start:int=%d' % b_start or ''))
# saving
self._save()
putils.addPortalMessage(_('Label has been saved'))
return request.response.redirect(
"%s/edit-table%s" %
(context.absolute_url(),
b_start and '?b_start:int=%d' % b_start or ''))
elif form.get('row-index') is not None and not form.get('addLabel'):
# load an existing row
self.data = self.storage[form.get('row-index')].get(
'__label__', '')
return self.index()
def __call__(self, *args, **kwargs):
context = self.context
request = self.request
form = request.form
self.row_index = form.get('row-index', None)
b_start = form.get('b_start', None)
if form.get('cancel'):
request.response.redirect(
"%s/edit-table%s" %
(context.absolute_url(),
b_start and '?b_start:int=%d' % b_start or ''))
return
if form.get('form.submitted'):
# saving
putils = getToolByName(context, 'plone_utils')
self._save()
if self.errors:
del form['form.submitted']
self.data.update(**form)
return self.index()
putils.addPortalMessage(_('Row has been saved'))
request.response.redirect(
"%s/edit-table%s" %
(context.absolute_url(),
b_start and '?b_start:int=%d' % b_start or ''))
return
elif self.row_index is not None and not form.get('addRow'):
# load an existing row
if not self.check_manager_or_mine_record(self.row_index):
raise Unauthorized("You can't modify that record")
else:
self.data = self.storage[self.row_index]
return self.index()
def get_batched(context, portal_type=None, uid=None, endpoint=None, **kw):
"""Get batched results
"""
# TODO: to move to baobab lims jsonapi -----
pm = getToolByName(context, 'portal_membership')
roles = pm.getAuthenticatedMember().getRoles()
if 'EMS' in roles or uid == "allowSharing":
uid = None
if portal_type == 'Sample':
kw['object_provides'] = ISharableSample.__identifier__
req.get_request().form["catalog"] = "portal_catalog"
else:
raise Unauthorized(
"You don't have access permission to {}".format(portal_type))
# TODO: ------
# fetch the catalog results
results = get_search_results(portal_type=portal_type, uid=uid, **kw)
# fetch the batch params from the request
size = req.get_batch_size()
start = req.get_batch_start()
# check for existing complete flag
complete = req.get_complete(default=_marker)
if complete is _marker:
# if the uid is given, get the complete information set
complete = uid and True or False
# return a batched record
return get_batch(results,
size,
start,
endpoint=endpoint,
complete=complete)
def listFolderContents(self,
spec=None,
contentFilter=None,
suppressHiddenFiles=0):
"""
Hook around 'contentValues' to let 'folder_contents'
be protected. Duplicating skip_unauthorized behavior of dtml-in.
In the world of Plone we do not want to show objects that begin with a .
So we have added a simply check. We probably dont want to raise an
Exception as much as we want to not show it.
"""
items = self.contentValues(spec=spec, filter=contentFilter)
l = []
for obj in items:
id = obj.getId()
v = obj
try:
if suppressHiddenFiles and id[:1] == '.':
raise Unauthorized(id, v)
if getSecurityManager().validate(self, self, id, v):
l.append(obj)
except (Unauthorized, 'Unauthorized'):
pass
return l
def handle_rename(self, action):
request = self.request
data, errors = self.extractData()
if errors:
return
context = self.context
parent = aq_parent(aq_inner(context))
sm = getSecurityManager()
if not sm.checkPermission("Copy or Move", parent):
raise Unauthorized(
_(
u"Permission denied to rename ${title}.",
mapping={u"title": context.title},
))
newid = data["new_id"]
newtitle = data["new_title"]
try:
notify(events.AsyncBeforeRename(context, newid, newtitle))
except Unauthorized:
IStatusMessage(self.request).add(
_(
u"Permission denied to rename ${title}.",
mapping={u"title": context.title},
))
return self.request.response.redirect(context.absolute_url())
except interfaces.AsyncValidationFailed, e:
IStatusMessage(request).add(unicode(e))
return request.response.redirect(context.absolute_url())
def get_membrain(self):
"""return the member as a brain (Products.Membrane)"""
if self.memberid is None:
raise Unauthorized()
brains = self.membrane_tool(exact_getUserId=self.memberid)
if len(brains) == 1:
return brains[0]
def _generate_doc(self, pod_template, output_format):
"""
Generate a document of format 'output_format' from the template
'pod_template'.
"""
if not pod_template.can_be_generated(self.context):
raise Unauthorized(
'You are not allowed to generate this document.')
if output_format not in pod_template.get_available_formats():
raise Exception("Asked output format '{0}' "
"is not available for template '{1}'!".format(
output_format, pod_template.getId()))
# subtemplates should not refer to each other in a cyclic way.
self._check_cyclic_merges(pod_template)
# Recursive generation of the document and all its subtemplates.
document_path = self._recursive_generate_doc(pod_template,
output_format)
rendered_document = open(document_path, 'rb')
rendered = rendered_document.read()
rendered_document.close()
os.remove(document_path)
filename = u'{}.{}'.format(pod_template.title, output_format)
return rendered, filename
def __call__(self):
if self.request.method != 'POST':
raise Unauthorized()
line = self.request.form.get('line', '')
if not line.strip():
return ''
line = line.rstrip() + '\n'
portal = getToolByName(self.context, 'portal_url').getPortalObject()
app = portal.getPhysicalRoot()
globs = {
'context': self.context,
'request': self.request,
'portal': portal,
'app': app,
}
globs.update(VARS.get(self.context))
context = evalcontext.EvalContext({}, globs)
output = context.exec_expr(line)
VARS.update(self.context, globs)
line_html = formatter.str2html(line)
return ('<code style="color: #060">>>></code> '
'%s<br />\n%s' % (preserveWhitespace(
line_html, quote=False), preserveWhitespace(output)))
def replace_interactive_user(self, principal):
"""Replaces interactive users in the principal.
"""
if principal == 'responsible':
# find the dossier
dossier = self.context
while not IDossierMarker.providedBy(dossier):
if IPloneSiteRoot.providedBy(dossier):
raise ValueError('Could not find dossier')
dossier = aq_parent(aq_inner(dossier))
# get the responsible of the dossier
wrapped_dossier = IDossier(dossier)
return wrapped_dossier.responsible
elif principal == 'current_user':
# get the current user
mtool = getToolByName(self.context, 'portal_membership')
member = mtool.getAuthenticatedMember()
if not member:
raise Unauthorized()
return member.getId()
else:
return principal
def addContentToContainer(container, object, checkConstraints=True):
"""Copy of plone.dexterity.util.addContentToContainer.
Modified to check the existing Id on the object before paving over it.
"""
if not hasattr(aq_base(object), 'portal_type'):
raise ValueError('object must have its portal_type set')
container = aq_inner(container)
if checkConstraints:
container_fti = container.getTypeInfo()
fti = getUtility(IDexterityFTI, name=object.portal_type)
if not fti.isConstructionAllowed(container):
raise Unauthorized('Cannot create {0}'.format(object.portal_type))
if container_fti is not None and \
not container_fti.allowType(object.portal_type):
raise ValueError('Disallowed subobject type: {0}'.format(
object.portal_type))
chooser = INameChooser(container)
if hasattr(object, 'id') and chooser.checkName(object.id, object):
name = object.id
else:
name = INameChooser(container).chooseName(None, object)
object.id = name
newName = container._setObject(name, object)
return container._getOb(newName)
def addContentToContainer(container, object, checkConstraints=True):
"""Add an object to a container.
The portal_type must already be set correctly. If checkConstraints
is False no check for addable content types is done. The new object,
wrapped in its new acquisition context, is returned.
"""
if not hasattr(aq_base(object), "portal_type"):
raise ValueError("object must have its portal_type set")
container = aq_inner(container)
if checkConstraints:
container_fti = container.getTypeInfo()
fti = getUtility(IDexterityFTI, name=object.portal_type)
if not fti.isConstructionAllowed(container):
raise Unauthorized("Cannot create %s" % object.portal_type)
if container_fti is not None \
and not container_fti.allowType(object.portal_type):
raise ValueError("Disallowed subobject type: %s" %
object.portal_type)
name = getattr(aq_base(object), 'id', None)
name = INameChooser(container).chooseName(name, object)
object.id = name
newName = container._setObject(name, object)
try:
return container._getOb(newName)
except AttributeError:
uuid = IUUID(object)
return uuidToObject(uuid)
def _checkConversionFormatPermission(self,
format,
lock_checking=False,
**kw):
"""Private method to check permission when access specified format.
This method raises
"""
transaction_variable = getTransactionalVariable()
if transaction_variable.get(LOCK_PERMISSION_KEY, False):
# Permission already checked in convert with final format,
# do not check permission for intermediate formats
return True
# XXX cache result in TV
method = self._getTypeBasedMethod(
'checkConversionFormatPermission',
fallback_script_id='Document_checkConversionFormatPermission')
if '**' not in method.params():
# Backward compatibility code:
# Existing Type Based Method doesn't support new **kw argument
# in their signature.
is_allowed = method(format=format)
else:
is_allowed = method(format=format, **kw)
if not is_allowed:
raise Unauthorized('Document: user does not have enough permission'\
' to access document in %s format' %\
(format or 'original'))
transaction_variable[LOCK_PERMISSION_KEY] = lock_checking
def __call__(self):
self.portal_properties = getUtility(IPropertiesTool)
self.portal_catalog = getToolByName(self.context, 'portal_catalog')
# XXX: getUtility call does not work.
self.membership_tool = getToolByName(self.context, 'portal_membership')
self.portal_state = getMultiAdapter((self.context, self.request),
name=u'plone_portal_state')
self.feedback_form = AuthorFeedbackForm(self.context, self.request)
self.feedback_form.update()
self.feedback_form.widgets["author"].mode = HIDDEN_MODE
self.feedback_form.widgets["referer"].mode = HIDDEN_MODE
self.feedback_form.widgets["author"].value = self.username
self.feedback_form.widgets["referer"].value = self.request.get(
'referer', self.request.get('HTTP_REFERER', 'unknown url'))
registry = getUtility(IRegistry)
security_settings = registry.forInterface(ISecuritySchema,
prefix='plone')
allow_anonymous_view_about = security_settings.allow_anon_views_about
if self.is_anonymous and not allow_anonymous_view_about:
raise Unauthorized()
return self.index()
def replace_with_objects(self, obj):
if not self.isAllowedToEdit():
raise Unauthorized(
_("You are not allowed to add content to "
"this tile"))
notify(ObjectModifiedEvent(self))
def validate(self):
''' Check that the token passed in the request is equal
to the one generate in our secret way
'''
token = self.request.get('token')
if token != self.get_token():
raise Unauthorized("Access denied to anonymous")
def addAnswer(self, value, comments=""):
"""Add an answer and optional comments for a user.
This method protects _addAnswer from anonymous users specifying a
userid when they vote, and thus apparently voting as another user
of their choice.
"""
# Get hold of the parent survey
survey = None
ob = self
while survey is None:
ob = aq_parent(aq_inner(ob))
if ob.meta_type == 'Survey':
survey = ob
elif getattr(ob, '_isPortalRoot', False):
raise Exception("Could not find a parent Survey.")
portal_membership = getToolByName(self, 'portal_membership')
is_anon = portal_membership.isAnonymousUser()
if is_anon and not survey.getAllowAnonymous():
raise Unauthorized(
"This survey is not available to anonymous users.")
userid = self.getSurveyId()
if is_anon and userid not in survey.getRespondentsList():
# anon is not added on survey view, so may need to be added
survey.addRespondent(userid)
# Call the real method for storing the answer for this user.
return self._addAnswer(userid, value, comments)
def get_user(self):
''' Get the requested user
'''
user = pi_api.userprofile.get_current()
if not user:
raise Unauthorized("Only valid users can access this menu")
return user
def _assertAuthorized(self, obj, permission, name=None):
# We need to provide access to the repository upon the object
# permissions istead of repositories method permissions.
# So the repository method access is set to public and the
# access is check on the object when needed.
if not _checkPermission(permission, obj):
raise Unauthorized(name)
def _check_permission(self, perm="read"):
if perm == "read":
permission = "Plone Social: View Microblog Status Update"
else:
permission = "Plone Social: Add Microblog Status Update"
if not getSecurityManager().checkPermission(permission, self):
raise Unauthorized("You do not have permission <%s>" % permission)
