from AccessControl.SecurityInfo import allow_module from AccessControl.SecurityInfo import ModuleSecurityInfo allow_module('Products.ERP5Type.Cache') ModuleSecurityInfo('Products.ERP5Type.Utils').declarePublic( 'sortValueList', 'convertToUpperCase', 'UpperCase', 'convertToMixedCase', 'cartesianProduct', 'sleep', 'getCommonTimeZoneList', 'int2letter', 'getMessageIdWithContext', 'getTranslationStringWithContext', 'Email_parseAddressHeader', 'guessEncodingFromText', 'isValidTALESExpression', 'ensure_list', 'bytes2str', 'str2bytes', 'unicode2str', ) allow_module('Products.ERP5Type.Message') ModuleSecurityInfo('Products.ERP5Type.Message').declarePublic( 'translateString') allow_module('Products.ERP5Type.Error')
# ############################################################################## """ Some common utilities. $Id$ """ import os from AccessControl.Permission import Permission from AccessControl.Role import gather_permissions from AccessControl.SecurityInfo import ModuleSecurityInfo from App.Common import package_home from zope.i18nmessageid import MessageFactory security = ModuleSecurityInfo('Products.DCWorkflow.utils') _dtmldir = os.path.join(package_home(globals()), 'dtml') _xmldir = os.path.join(package_home(globals()), 'xml') def ac_inherited_permissions(ob, all=0): # Get all permissions not defined in ourself that are inherited # This will be a sequence of tuples with a name as the first item and # an empty tuple as the second. d = {} perms = getattr(ob, '__ac_permissions__', ()) for p in perms: d[p[0]] = None r = gather_permissions(ob.__class__, [], d) if all:
from AccessControl.SecurityInfo import ClassSecurityInfo from AccessControl.SecurityInfo import ModuleSecurityInfo from AccessControl.SecurityInfo import ACCESS_PRIVATE from AccessControl.SecurityInfo import ACCESS_PUBLIC from AccessControl.SecurityInfo import ACCESS_NONE from AccessControl.SecurityInfo import secureModule from AccessControl.SecurityInfo import allow_module from AccessControl.SecurityInfo import allow_class from AccessControl.SimpleObjectPolicies import allow_type from AccessControl.unauthorized import Unauthorized from AccessControl.ZopeGuards import full_write_guard from AccessControl.ZopeGuards import safe_builtins from AccessControl.safe_formatter import safe_format ModuleSecurityInfo('AccessControl').declarePublic('getSecurityManager') # allow imports of utility_builtins for name in ('string', 'math', 'random', 'sets'): ModuleSecurityInfo(name).setDefaultAccess('allow') ModuleSecurityInfo('DateTime').declarePublic('DateTime') # We want to allow all methods on string type except "format". # That one needs special handling to avoid access to attributes. # from Products.PageTemplates.safe_formatter import safe_format rules = dict([(m, True) for m in dir(str) if not m.startswith('_')]) rules['format'] = safe_format allow_type(str, rules)
# This software is subject to the provisions of the Zope Public License, # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """Package of template utility classes and functions. """ from AccessControl.SecurityInfo import ModuleSecurityInfo from .Tree import a2b # NOQA: F401 from .Tree import b2a # NOQA: F401 from .Tree import decodeExpansion # NOQA: F401 from .Tree import encodeExpansion # NOQA: F401 from .Zope import Batch # NOQA: F401 from .Zope import LazyFilter # NOQA: F401 from .Zope import SimpleTreeMaker # NOQA: F401 from .Zope import TreeMaker # NOQA: F401 from .Zope import make_hidden_input # NOQA: F401 from .Zope import make_query # NOQA: F401 from .Zope import url_query # NOQA: F401 security = ModuleSecurityInfo('ZTUtils') for name in ('encodeExpansion', 'decodeExpansion', 'a2b', 'b2a', 'Batch', 'TreeMaker', 'SimpleTreeMaker', 'LazyFilter' 'url_query', 'make_query', 'make_hidden_input'): security.declarePublic(name) # NOQA: D001
from pkg_resources import DistributionNotFound from pkg_resources import get_distribution from zope import i18n # disambiguation from zope.component import getUtility from zope.component import queryUtility from zope.i18n.interfaces import IUserPreferredCharsets from zope.i18nmessageid import MessageFactory from zope.publisher.interfaces.browser import IBrowserRequest from ZTUtils.Zope import complex_marshal from Products.CMFCore.interfaces import IPropertiesTool from Products.CMFDefault.exceptions import EmailAddressInvalid from Products.CMFDefault.exceptions import IllegalHTML from Products.CMFDefault.interfaces import IHTMLScrubber security = ModuleSecurityInfo('Products.CMFDefault.utils') try: get_distribution('Products.CMFCalendar') except DistributionNotFound: PRODUCTS_CMFCALENDAR_INSTALLED = False else: PRODUCTS_CMFCALENDAR_INSTALLED = True try: get_distribution('Products.CMFUid') except DistributionNotFound: PRODUCTS_CMFUID_INSTALLED = False else: PRODUCTS_CMFUID_INSTALLED = True
from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles security = ModuleSecurityInfo('collective.favoriting') security.declarePublic('AddToFavorites') AddToFavorites = 'collective.favoriting: Add' setDefaultRoles(AddToFavorites, ('Member', 'Manager'))
import Products from .exceptions import AccessControl_Unauthorized from .exceptions import NotFound from .interfaces import ICachingPolicyManager HAS_ZSERVER = True try: dist = pkg_resources.get_distribution('ZServer') except pkg_resources.DistributionNotFound: HAS_ZSERVER = False SUBTEMPLATE = '__SUBTEMPLATE__' ProductsPath = [abspath(ppath) for ppath in Products.__path__] security = ModuleSecurityInfo('Products.CMFCore.utils') _globals = globals() _dtmldir = os_path.join(package_home(globals()), 'dtml') _wwwdir = os_path.join(package_home(globals()), 'www') # # Simple utility functions, callable from restricted code. # _marker = [] # Create a new marker object. _tool_interface_registry = {} @security.private def registerToolInterface(tool_id, tool_interface):
# along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ################################################################################ # Imports. from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.ExternalMethod import ExternalMethod from Products.PageTemplates import ZopePageTemplate from Products.PythonScripts import PythonScript import os import re # Product Imports. from Products.zms import standard from Products.zms import _fileutil security = ModuleSecurityInfo('Products.zms.zopeutil') class MissingArtefactProxy(object): def __init__(self, id, meta_type, data=None): self.id=id self.meta_type=meta_type self.data = data icon__roles__=None def zmi_icon(self): return 'fas fa-skull-crossbones text-danger' def zmi_icon(self): return icon_clazz(self) getId__roles__=None def getId(self): return self.id getData__roles__=None
# TODO: write a similar helper for 'nt' platform GIT_ASKPASS = os.path.join(os.path.dirname(__file__), 'bin', 'git_askpass') class GitInstallationError(EnvironmentError): """Raised when an installation is broken""" pass class GitError(EnvironmentError): def __init__(self, err, out, returncode): EnvironmentError.__init__(self, err) self.stdout = out self.returncode = returncode class GitLoginError(EnvironmentError): """Raised when an authentication is required""" ModuleSecurityInfo(__name__).declarePublic('GitLoginError') class Git(WorkingCopy): security = ClassSecurityInfo() reference = 'git' title = 'Git' _login_cookie_name = 'erp5_git_login' def _git(self, *args, **kw): kw.setdefault('cwd', self.working_copy) argv = ['git'] try: return subprocess.Popen(argv + list(args), **kw)
from Products.CMFCore import permissions as CMFCorePermissions from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles security = ModuleSecurityInfo("DiPP") security.declarePublic("MANAGE_JOURNAL") MANAGE_JOURNAL = "DiPP: Manage Journal" security.declarePublic("VIEW_STATISTICS") VIEW_STATISTICS = "DiPP: View Statistics" setDefaultRoles(MANAGE_JOURNAL, ()) setDefaultRoles(VIEW_STATISTICS, ()) # Publishing Permission ADD_CONTENTS_PERMISSION = "Fedora: Add Content" setDefaultRoles(ADD_CONTENTS_PERMISSION, ('Manager', )) VIEW_CONTENTS_PERMISSION = "Fedora: View Content" setDefaultRoles(VIEW_CONTENTS_PERMISSION, ('Manager', )) EDIT_CONTENTS_PERMISSION = "Fedora: Edit Content" setDefaultRoles(EDIT_CONTENTS_PERMISSION, ('Manager', )) # Review Permission VIEW_ORIGINAL_MANUSCRIPT_PERMISSION = "DiPPReview: View the original manuscript" VIEW_ANONYM_MANUSCRIPT_PERMISSION = "DiPPReview: View the anonymized manuscript" ADD_ANONYM_MANUSCRIPT_PERMISSION = "DiPPReview: Add the anonymized manuscript" VIEW_AUTHOR_REVIEW_PERMISSION = "DiPPReview: View the reviewers report for the author" VIEW_EDITOR_REVIEW_PERMISSION = "DiPPReview: View the reviewers report for the editor" VIEW_ORIGINAL_ATTACHMENT_PERMISSION = "DiPPReview: View the original attachment" VIEW_ANONYM_ATTACHMENT_PERMISSION = "DiPPReview: View the anonymized attachment"
from DocumentTemplate.DT_Var import whole_dollars # NOQA from DocumentTemplate.DT_Var import dollars_and_cents # NOQA from DocumentTemplate.DT_Var import structured_text # NOQA from DocumentTemplate.DT_Var import sql_quote # NOQA from DocumentTemplate.DT_Var import html_quote # NOQA from DocumentTemplate.DT_Var import url_quote # NOQA from DocumentTemplate.DT_Var import url_quote_plus # NOQA from DocumentTemplate.DT_Var import newline_to_br # NOQA from DocumentTemplate.DT_Var import thousands_commas # NOQA from DocumentTemplate.DT_Var import url_unquote # NOQA from DocumentTemplate.DT_Var import url_unquote_plus # NOQA from DocumentTemplate.DT_Var import restructured_text # NOQA from DocumentTemplate.security import RestrictedDTML from ZPublisher.HTTPRequest import record security = ModuleSecurityInfo('Products.PythonScripts.standard') security.declarePublic( 'special_formats', 'whole_dollars', 'dollars_and_cents', 'structured_text', 'restructured_text', 'sql_quote', 'html_quote', 'url_quote', 'url_quote_plus', 'newline_to_br', 'thousands_commas', 'url_unquote', 'url_unquote_plus',
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """ GenericSetup product initialization. """ from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.GenericSetup.interfaces import BASE from Products.GenericSetup.interfaces import EXTENSION from Products.GenericSetup.permissions import ManagePortal from Products.GenericSetup.registry import _profile_registry \ as profile_registry security = ModuleSecurityInfo('Products.GenericSetup') security.declareProtected(ManagePortal, 'profile_registry') def initialize(context): import tool context.registerClass( tool.SetupTool, constructors=( #tool.addSetupToolForm, tool.addSetupTool, ), permissions=(ManagePortal, ), interfaces=None, icon='www/tool.png', )
# -*- coding: utf-8 -*- from AccessControl.Permission import addPermission from AccessControl.SecurityInfo import ModuleSecurityInfo security = ModuleSecurityInfo('collective.testimonial') TYPE_ROLES = ('Manager', 'Site Administrator', 'Owner', 'Contributor') TYPES = ['Testimonial'] perms = [] for typename in TYPES: permid = 'Add' + typename permname = 'collective.testimonial: Add ' + typename security.declarePublic(permid) addPermission(permname, default_roles=TYPE_ROLES) AddTestimonial = 'collective.artowrk: Add Testimonial'
# This program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more # details. # # You should have received a copy of the GNU General Public License along with # this program; if not, write to the Free Software Foundation, Inc., 51 # Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # Copyright 2019-2020 by it's authors. # Some rights reserved, see README and LICENSE. from AccessControl.SecurityInfo import ModuleSecurityInfo from senaite.storage.interfaces import IStorageSamplesContainer security = ModuleSecurityInfo(__name__) @security.public def guard_recover_samples(samples_container): """ Guard for recover all samples from this container """ if not IStorageSamplesContainer.providedBy(samples_container): return False return samples_container.has_samples() @security.public def guard_add_samples(samples_container): """Guard for adding samples to this container """
# -*- coding: utf-8 -*- from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles security = ModuleSecurityInfo('cpskin.core.permissions') security.declarePublic('CPSkinSiteAdministrator') CPSkinSiteAdministrator = 'CPSkin: Site administrator' setDefaultRoles(CPSkinSiteAdministrator, ('Site Administrator', 'Manager')) security.declarePublic('CPSkinEditKeywords') CPSkinEditKeywords = 'CPSkin: Edit keywords' setDefaultRoles(CPSkinEditKeywords, ('Site Administrator', 'Manager', 'Portlets Manager'))
"""Raised when an authentication is required. """ # Declarative Security security = ClassSecurityInfo() def __init__(self, realm=None): self._realm = realm security.declarePublic('getRealm') def getRealm(self): return self._realm InitializeClass(SubversionLoginError) ModuleSecurityInfo(__name__).declarePublic('SubversionLoginError') class SubversionSSLTrustError(SubversionError): """Raised when a SSL certificate is not trusted. """ # Declarative Security security = ClassSecurityInfo() def __init__(self, trust_dict=None): self._trust_dict = trust_dict security.declarePublic('getTrustDict') def getTrustDict(self): return self._trust_dict
from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles #http://developer.plone.org/security/custom_permissions.html security = ModuleSecurityInfo('collective.rcse') TYPE_ROLES = ('Manager', 'Site Administrator', 'Owner') perms = [] for typename in ( "article", "audio", "discussion", "etherpad", "event", "file", "group", "image", "video", ): ctype = "collective.rcse." + typename permid = 'Add' + typename.capitalize() permname = 'collective.rcse: Add ' + typename security.declarePublic(permid) setDefaultRoles(permname, TYPE_ROLES) AddArticle = "collective.rcse: Add article" AddAudio = "collective.rcse: Add audio" AddDiscussion = "collective.rcse: Add discussion" AddEtherpad = "collective.rcse: Add etherpad" AddEvent = "collective.rcse: Add event" AddFile = "collective.rcse: Add file" AddGroup = "collective.rcse: Add group"
# -*- coding: utf-8 -*- from AccessControl.SecurityInfo import ModuleSecurityInfo PROJECTNAME = 'collective.loremipsum' security = ModuleSecurityInfo(PROJECTNAME) security.declarePublic('CanPopulate') CanPopulate = PROJECTNAME + ': Can Populate'
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ################################################################################ # Imports. from AccessControl.SecurityInfo import ModuleSecurityInfo import tempfile # Product Imports. from . import _fileutil from . import standard security = ModuleSecurityInfo('Products.zms.pilutil') security.declarePublic('enabled') def enabled(): try: from PIL import Image return True except: try: import Image return True except: return False security.declarePublic('thumbnail')
from Products.ERP5Type import Timeout erp5_conf = getattr(getConfiguration(), 'product_config', {}).get('erp5') # Note: erp5_conf attributes are missing in unit tests, fallback to no timeout # in that case. Timeout.publisher_timeout = getattr(erp5_conf, 'publisher_timeout', None) Timeout.activity_timeout = getattr(erp5_conf, 'activity_timeout', None) from AccessControl.SecurityInfo import allow_module from AccessControl.SecurityInfo import ModuleSecurityInfo allow_module('Products.ERP5Type.Cache') ModuleSecurityInfo('Products.ERP5Type.Utils').declarePublic( 'sortValueList', 'convertToUpperCase', 'UpperCase', 'convertToMixedCase', 'cartesianProduct', 'sleep', 'getCommonTimeZoneList', 'int2letter', 'getMessageIdWithContext', 'getTranslationStringWithContext', 'Email_parseAddressHeader', 'guessEncodingFromText', 'isValidTALESExpression') allow_module('Products.ERP5Type.Message') ModuleSecurityInfo('Products.ERP5Type.Message').declarePublic( 'translateString') allow_module('Products.ERP5Type.Error') allow_module('Products.ERP5Type.Errors') allow_module('Products.ERP5Type.JSONEncoder') allow_module('Products.ERP5Type.Log') allow_module('Products.ERP5Type.ImmediateReindexContextManager') ModuleSecurityInfo('Products.ERP5Type.JSON').declarePublic('dumps', 'loads') ModuleSecurityInfo('Products.ERP5Type.Constraint').declarePublic( 'PropertyTypeValidity')
# Copyright 2020-2022 by it's authors. # Some rights reserved, see README and LICENSE. import logging from AccessControl.Permission import addPermission from AccessControl.SecurityInfo import ModuleSecurityInfo from bika.lims.api import get_request from senaite.patient import permissions from senaite.patient.config import DEFAULT_ROLES from senaite.patient.config import DEFAULT_TYPES from senaite.patient.config import PRODUCT_NAME from senaite.patient.interfaces import ISenaitePatientLayer from zope.i18nmessageid import MessageFactory security = ModuleSecurityInfo("senaite.patient") # Defining a Message Factory for when this product is internationalized. messageFactory = MessageFactory(PRODUCT_NAME) logger = logging.getLogger(PRODUCT_NAME) def is_installed(): """Returns whether the product is installed or not """ request = get_request() return ISenaitePatientLayer.providedBy(request) def check_installed(default_return):
), visibility=None, icon='www/portal.gif') context.registerClass( ERP5AccessTokenExtractionPlugin.ERP5AccessTokenExtractionPlugin, permission=ManageUsers, constructors=( ERP5AccessTokenExtractionPlugin. manage_addERP5AccessTokenExtractionPluginForm, ERP5AccessTokenExtractionPlugin.addERP5AccessTokenExtractionPlugin, ), visibility=None, icon='www/portal.gif') context.registerClass( ERP5DumbHTTPExtractionPlugin.ERP5DumbHTTPExtractionPlugin, permission=ManageUsers, constructors=( ERP5DumbHTTPExtractionPlugin. manage_addERP5DumbHTTPExtractionPluginForm, ERP5DumbHTTPExtractionPlugin.addERP5DumbHTTPExtractionPlugin, ), visibility=None, icon='www/portal.gif') from AccessControl.SecurityInfo import ModuleSecurityInfo ModuleSecurityInfo('Products.ERP5Security.ERP5UserManager').declarePublic( 'getUserByLogin')
# -*- coding: utf-8 -*- from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles from plone.app.contenttypes.utils import DEFAULT_TYPES security = ModuleSecurityInfo('plone.app.contenttypes') TYPE_ROLES = ('Manager', 'Site Administrator', 'Owner', 'Contributor') perms = [] for typename in DEFAULT_TYPES: permid = 'Add' + typename permname = 'plone.app.contenttypes: Add ' + typename security.declarePublic(permid) setDefaultRoles(permname, TYPE_ROLES) AddCollection = "plone.app.contenttypes: Add Collection" AddDocument = "plone.app.contenttypes: Add Document" AddEvent = "plone.app.contenttypes: Add Event" AddFile = "plone.app.contenttypes: Add File" AddFolder = "plone.app.contenttypes: Add Folder" AddImage = "plone.app.contenttypes: Add Image" AddLink = "plone.app.contenttypes: Add Link" AddNewsItem = "plone.app.contenttypes: Add News Item"
############################################################################## # # Copyright (c) 2004 Zope Foundation and Contributors. # # This software is subject to the provisions of the Zope Public License, # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """ GenericSetup product exceptions. """ from AccessControl.SecurityInfo import ModuleSecurityInfo from zExceptions import BadRequest # NOQA: F401 security = ModuleSecurityInfo('Products.GenericSetup.exceptions') security.declarePublic('BadRequest') # NOQA: D001
from Products.ERP5Type import Permissions from Products.ERP5Type.Cache import CachingMethod from Products.ERP5Type.Globals import InitializeClass, PersistentMapping from Products.ERP5Type.Tool.BaseTool import BaseTool from Products.ERP5Type.Utils import deprecated from Products.ZSQLCatalog.SQLCatalog import SimpleQuery, AutoQuery, ComplexQuery, NegatedQuery from sets import ImmutableSet from zLOG import LOG, WARNING from six import reraise WORKLIST_METADATA_KEY = 'metadata' COUNT_COLUMN_TITLE = 'count' SECURITY_PARAMETER_ID = 'local_roles' from AccessControl.SecurityInfo import ModuleSecurityInfo ModuleSecurityInfo(__name__).declarePublic('SECURITY_PARAMETER_ID') class WorkflowTool(BaseTool, OriginalWorkflowTool): """ A new container for DC workflow and workflow; inherits methods from original WorkflowTool.py; contains patches from ERP5Type/patches/WorkflowTool.py. """ id = 'portal_workflow' title = 'Workflow Tool' meta_type = 'Workflow Tool' portal_type = 'Workflow Tool' allowed_types = ('Workflow', 'Interaction Workflow') security = ClassSecurityInfo()
# FOR A PARTICULAR PURPOSE. # ############################################################################## """ CMFCore product permissions. """ from AccessControl import Permissions from AccessControl.Permission import addPermission from AccessControl.SecurityInfo import ModuleSecurityInfo from zope.deferredimport import deprecated deprecated('Please use addPermission from AccessControl.Permission.', setDefaultRoles='AccessControl.Permission:addPermission') security = ModuleSecurityInfo('Products.CMFCore.permissions') # # General Zope permissions # security.declarePublic('AccessContentsInformation') # NOQA: flake8: D001 AccessContentsInformation = Permissions.access_contents_information security.declarePublic('ChangePermissions') # NOQA: flake8: D001 ChangePermissions = Permissions.change_permissions security.declarePublic('DeleteObjects') # NOQA: flake8: D001 DeleteObjects = Permissions.delete_objects security.declarePublic('FTPAccess') # NOQA: flake8: D001
return cache[args] except AttributeError: result = func(self, *args) setattr(self, key, {args: result}) except KeyError: cache[args] = result = func(self, *args) return result return decorated class NotAWorkingCopyError(Exception): pass ModuleSecurityInfo(__name__).declarePublic('NotAWorkingCopyError') class NotVersionedError(Exception): pass ModuleSecurityInfo(__name__).declarePublic('NotVersionedError') class BusinessTemplateNotInstalled(Exception): pass ModuleSecurityInfo(__name__).declarePublic('BusinessTemplateNotInstalled')
import sys from AccessControl.class_init import InitializeClass from AccessControl.SecurityInfo import ClassSecurityInfo from AccessControl.SecurityInfo import ModuleSecurityInfo from Acquisition import Implicit from App.config import getConfiguration from App.special_dtml import DTMLFile from DateTime.DateTime import DateTime from OFS.SimpleItem import Item from OFS.PropertyManager import PropertyManager from OFS.History import Historical from OFS.History import html_diff from Persistence import Persistent modulesecurity = ModuleSecurityInfo() modulesecurity.declareProtected('View management screens', 'manage_addZReSTForm') manage_addZReSTForm = DTMLFile('dtml/manage_addZReSTForm', globals()) modulesecurity.declareProtected('Add RestructuredText Document', 'manage_addZReST') def manage_addZReST(self, id, file='', REQUEST=None): """Add a ZReST product """ # validate the instance_home self._setObject(id, ZReST(id)) self._getOb(id).manage_upload(file) if REQUEST is not None:
from AccessControl.SecurityInfo import ModuleSecurityInfo from Products.Archetypes.config import UID_CATALOG from Products.CMFCore.WorkflowCore import WorkflowException from Products.CMFCore.utils import getToolByName from bika.lims import PMF from bika.lims import api from bika.lims import logger from bika.lims.browser import ulocalized_time from bika.lims.interfaces import IJSONReadExtender from bika.lims.jsonapi import get_include_fields from bika.lims.utils import changeWorkflowState from bika.lims.utils import t from bika.lims.workflow.indexes import ACTIONS_TO_INDEXES from zope.interface import implements security = ModuleSecurityInfo('bika.lims.workflow') security.declarePublic('guard_handler') _marker = object() def skip(instance, action, peek=False, unskip=False): """Returns True if the transition is to be SKIPPED peek - True just checks the value, does not set. unskip - remove skip key (for manual overrides). called with only (instance, action_id), this will set the request variable preventing the cascade's from re-transitioning the object and return None. """
# Copyright (c) 2002 Zope Foundation and Contributors. # # This software is subject to the provisions of the Zope Public License, # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE # ############################################################################## # This has to happen early so things get initialized properly from AccessControl.Implementation import setImplementation from AccessControl.SecurityManagement import getSecurityManager from AccessControl.SecurityManagement import setSecurityPolicy from AccessControl.SecurityInfo import ClassSecurityInfo from AccessControl.SecurityInfo import ModuleSecurityInfo from AccessControl.SecurityInfo import ACCESS_PRIVATE from AccessControl.SecurityInfo import ACCESS_PUBLIC from AccessControl.SecurityInfo import ACCESS_NONE from AccessControl.SecurityInfo import secureModule from AccessControl.SecurityInfo import allow_module from AccessControl.SecurityInfo import allow_class from AccessControl.SimpleObjectPolicies import allow_type from AccessControl.unauthorized import Unauthorized # XXX from AccessControl.ZopeGuards import full_write_guard from AccessControl.ZopeGuards import safe_builtins ModuleSecurityInfo('AccessControl').declarePublic('getSecurityManager')