from AccessControl.SecurityInfo import allow_module
from AccessControl.SecurityInfo import ModuleSecurityInfo
allow_module('Products.ERP5Type.Cache')
ModuleSecurityInfo('Products.ERP5Type.Utils').declarePublic(
'sortValueList',
'convertToUpperCase',
'UpperCase',
'convertToMixedCase',
'cartesianProduct',
'sleep',
'getCommonTimeZoneList',
'int2letter',
'getMessageIdWithContext',
'getTranslationStringWithContext',
'Email_parseAddressHeader',
'guessEncodingFromText',
'isValidTALESExpression',
'ensure_list',
'bytes2str',
'str2bytes',
'unicode2str',
)
allow_module('Products.ERP5Type.Message')
ModuleSecurityInfo('Products.ERP5Type.Message').declarePublic(
'translateString')
allow_module('Products.ERP5Type.Error')
#
##############################################################################
""" Some common utilities.
$Id$
"""
import os
from AccessControl.Permission import Permission
from AccessControl.Role import gather_permissions
from AccessControl.SecurityInfo import ModuleSecurityInfo
from App.Common import package_home
from zope.i18nmessageid import MessageFactory
security = ModuleSecurityInfo('Products.DCWorkflow.utils')
_dtmldir = os.path.join(package_home(globals()), 'dtml')
_xmldir = os.path.join(package_home(globals()), 'xml')
def ac_inherited_permissions(ob, all=0):
# Get all permissions not defined in ourself that are inherited
# This will be a sequence of tuples with a name as the first item and
# an empty tuple as the second.
d = {}
perms = getattr(ob, '__ac_permissions__', ())
for p in perms:
d[p[0]] = None
r = gather_permissions(ob.__class__, [], d)
if all:
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityInfo import ModuleSecurityInfo
from AccessControl.SecurityInfo import ACCESS_PRIVATE
from AccessControl.SecurityInfo import ACCESS_PUBLIC
from AccessControl.SecurityInfo import ACCESS_NONE
from AccessControl.SecurityInfo import secureModule
from AccessControl.SecurityInfo import allow_module
from AccessControl.SecurityInfo import allow_class
from AccessControl.SimpleObjectPolicies import allow_type
from AccessControl.unauthorized import Unauthorized
from AccessControl.ZopeGuards import full_write_guard
from AccessControl.ZopeGuards import safe_builtins
from AccessControl.safe_formatter import safe_format
ModuleSecurityInfo('AccessControl').declarePublic('getSecurityManager')
# allow imports of utility_builtins
for name in ('string', 'math', 'random', 'sets'):
ModuleSecurityInfo(name).setDefaultAccess('allow')
ModuleSecurityInfo('DateTime').declarePublic('DateTime')
# We want to allow all methods on string type except "format".
# That one needs special handling to avoid access to attributes.
# from Products.PageTemplates.safe_formatter import safe_format
rules = dict([(m, True) for m in dir(str) if not m.startswith('_')])
rules['format'] = safe_format
allow_type(str, rules)
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Package of template utility classes and functions.
"""
from AccessControl.SecurityInfo import ModuleSecurityInfo
from .Tree import a2b # NOQA: F401
from .Tree import b2a # NOQA: F401
from .Tree import decodeExpansion # NOQA: F401
from .Tree import encodeExpansion # NOQA: F401
from .Zope import Batch # NOQA: F401
from .Zope import LazyFilter # NOQA: F401
from .Zope import SimpleTreeMaker # NOQA: F401
from .Zope import TreeMaker # NOQA: F401
from .Zope import make_hidden_input # NOQA: F401
from .Zope import make_query # NOQA: F401
from .Zope import url_query # NOQA: F401
security = ModuleSecurityInfo('ZTUtils')
for name in ('encodeExpansion', 'decodeExpansion', 'a2b', 'b2a', 'Batch',
'TreeMaker', 'SimpleTreeMaker', 'LazyFilter'
'url_query', 'make_query', 'make_hidden_input'):
security.declarePublic(name) # NOQA: D001
from pkg_resources import DistributionNotFound
from pkg_resources import get_distribution
from zope import i18n # disambiguation
from zope.component import getUtility
from zope.component import queryUtility
from zope.i18n.interfaces import IUserPreferredCharsets
from zope.i18nmessageid import MessageFactory
from zope.publisher.interfaces.browser import IBrowserRequest
from ZTUtils.Zope import complex_marshal
from Products.CMFCore.interfaces import IPropertiesTool
from Products.CMFDefault.exceptions import EmailAddressInvalid
from Products.CMFDefault.exceptions import IllegalHTML
from Products.CMFDefault.interfaces import IHTMLScrubber
security = ModuleSecurityInfo('Products.CMFDefault.utils')
try:
get_distribution('Products.CMFCalendar')
except DistributionNotFound:
PRODUCTS_CMFCALENDAR_INSTALLED = False
else:
PRODUCTS_CMFCALENDAR_INSTALLED = True
try:
get_distribution('Products.CMFUid')
except DistributionNotFound:
PRODUCTS_CMFUID_INSTALLED = False
else:
PRODUCTS_CMFUID_INSTALLED = True
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.CMFCore.permissions import setDefaultRoles
security = ModuleSecurityInfo('collective.favoriting')
security.declarePublic('AddToFavorites')
AddToFavorites = 'collective.favoriting: Add'
setDefaultRoles(AddToFavorites, ('Member', 'Manager'))
import Products
from .exceptions import AccessControl_Unauthorized
from .exceptions import NotFound
from .interfaces import ICachingPolicyManager
HAS_ZSERVER = True
try:
dist = pkg_resources.get_distribution('ZServer')
except pkg_resources.DistributionNotFound:
HAS_ZSERVER = False
SUBTEMPLATE = '__SUBTEMPLATE__'
ProductsPath = [abspath(ppath) for ppath in Products.__path__]
security = ModuleSecurityInfo('Products.CMFCore.utils')
_globals = globals()
_dtmldir = os_path.join(package_home(globals()), 'dtml')
_wwwdir = os_path.join(package_home(globals()), 'www')
#
# Simple utility functions, callable from restricted code.
#
_marker = [] # Create a new marker object.
_tool_interface_registry = {}
@security.private
def registerToolInterface(tool_id, tool_interface):
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
################################################################################
# Imports.
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.ExternalMethod import ExternalMethod
from Products.PageTemplates import ZopePageTemplate
from Products.PythonScripts import PythonScript
import os
import re
# Product Imports.
from Products.zms import standard
from Products.zms import _fileutil
security = ModuleSecurityInfo('Products.zms.zopeutil')
class MissingArtefactProxy(object):
def __init__(self, id, meta_type, data=None):
self.id=id
self.meta_type=meta_type
self.data = data
icon__roles__=None
def zmi_icon(self):
return 'fas fa-skull-crossbones text-danger'
def zmi_icon(self):
return icon_clazz(self)
getId__roles__=None
def getId(self):
return self.id
getData__roles__=None
# TODO: write a similar helper for 'nt' platform
GIT_ASKPASS = os.path.join(os.path.dirname(__file__), 'bin', 'git_askpass')
class GitInstallationError(EnvironmentError):
"""Raised when an installation is broken"""
pass
class GitError(EnvironmentError):
def __init__(self, err, out, returncode):
EnvironmentError.__init__(self, err)
self.stdout = out
self.returncode = returncode
class GitLoginError(EnvironmentError):
"""Raised when an authentication is required"""
ModuleSecurityInfo(__name__).declarePublic('GitLoginError')
class Git(WorkingCopy):
security = ClassSecurityInfo()
reference = 'git'
title = 'Git'
_login_cookie_name = 'erp5_git_login'
def _git(self, *args, **kw):
kw.setdefault('cwd', self.working_copy)
argv = ['git']
try:
return subprocess.Popen(argv + list(args), **kw)
from Products.CMFCore import permissions as CMFCorePermissions
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.CMFCore.permissions import setDefaultRoles
security = ModuleSecurityInfo("DiPP")
security.declarePublic("MANAGE_JOURNAL")
MANAGE_JOURNAL = "DiPP: Manage Journal"
security.declarePublic("VIEW_STATISTICS")
VIEW_STATISTICS = "DiPP: View Statistics"
setDefaultRoles(MANAGE_JOURNAL, ())
setDefaultRoles(VIEW_STATISTICS, ())
# Publishing Permission
ADD_CONTENTS_PERMISSION = "Fedora: Add Content"
setDefaultRoles(ADD_CONTENTS_PERMISSION, ('Manager', ))
VIEW_CONTENTS_PERMISSION = "Fedora: View Content"
setDefaultRoles(VIEW_CONTENTS_PERMISSION, ('Manager', ))
EDIT_CONTENTS_PERMISSION = "Fedora: Edit Content"
setDefaultRoles(EDIT_CONTENTS_PERMISSION, ('Manager', ))
# Review Permission
VIEW_ORIGINAL_MANUSCRIPT_PERMISSION = "DiPPReview: View the original manuscript"
VIEW_ANONYM_MANUSCRIPT_PERMISSION = "DiPPReview: View the anonymized manuscript"
ADD_ANONYM_MANUSCRIPT_PERMISSION = "DiPPReview: Add the anonymized manuscript"
VIEW_AUTHOR_REVIEW_PERMISSION = "DiPPReview: View the reviewers report for the author"
VIEW_EDITOR_REVIEW_PERMISSION = "DiPPReview: View the reviewers report for the editor"
VIEW_ORIGINAL_ATTACHMENT_PERMISSION = "DiPPReview: View the original attachment"
VIEW_ANONYM_ATTACHMENT_PERMISSION = "DiPPReview: View the anonymized attachment"
from DocumentTemplate.DT_Var import whole_dollars # NOQA
from DocumentTemplate.DT_Var import dollars_and_cents # NOQA
from DocumentTemplate.DT_Var import structured_text # NOQA
from DocumentTemplate.DT_Var import sql_quote # NOQA
from DocumentTemplate.DT_Var import html_quote # NOQA
from DocumentTemplate.DT_Var import url_quote # NOQA
from DocumentTemplate.DT_Var import url_quote_plus # NOQA
from DocumentTemplate.DT_Var import newline_to_br # NOQA
from DocumentTemplate.DT_Var import thousands_commas # NOQA
from DocumentTemplate.DT_Var import url_unquote # NOQA
from DocumentTemplate.DT_Var import url_unquote_plus # NOQA
from DocumentTemplate.DT_Var import restructured_text # NOQA
from DocumentTemplate.security import RestrictedDTML
from ZPublisher.HTTPRequest import record
security = ModuleSecurityInfo('Products.PythonScripts.standard')
security.declarePublic(
'special_formats',
'whole_dollars',
'dollars_and_cents',
'structured_text',
'restructured_text',
'sql_quote',
'html_quote',
'url_quote',
'url_quote_plus',
'newline_to_br',
'thousands_commas',
'url_unquote',
'url_unquote_plus',
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" GenericSetup product initialization.
"""
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.GenericSetup.interfaces import BASE
from Products.GenericSetup.interfaces import EXTENSION
from Products.GenericSetup.permissions import ManagePortal
from Products.GenericSetup.registry import _profile_registry \
as profile_registry
security = ModuleSecurityInfo('Products.GenericSetup')
security.declareProtected(ManagePortal, 'profile_registry')
def initialize(context):
import tool
context.registerClass(
tool.SetupTool,
constructors=( #tool.addSetupToolForm,
tool.addSetupTool, ),
permissions=(ManagePortal, ),
interfaces=None,
icon='www/tool.png',
)
# -*- coding: utf-8 -*-
from AccessControl.Permission import addPermission
from AccessControl.SecurityInfo import ModuleSecurityInfo
security = ModuleSecurityInfo('collective.testimonial')
TYPE_ROLES = ('Manager', 'Site Administrator', 'Owner', 'Contributor')
TYPES = ['Testimonial']
perms = []
for typename in TYPES:
permid = 'Add' + typename
permname = 'collective.testimonial: Add ' + typename
security.declarePublic(permid)
addPermission(permname, default_roles=TYPE_ROLES)
AddTestimonial = 'collective.artowrk: Add Testimonial'
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51
# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright 2019-2020 by it's authors.
# Some rights reserved, see README and LICENSE.
from AccessControl.SecurityInfo import ModuleSecurityInfo
from senaite.storage.interfaces import IStorageSamplesContainer
security = ModuleSecurityInfo(__name__)
@security.public
def guard_recover_samples(samples_container):
""" Guard for recover all samples from this container
"""
if not IStorageSamplesContainer.providedBy(samples_container):
return False
return samples_container.has_samples()
@security.public
def guard_add_samples(samples_container):
"""Guard for adding samples to this container
"""
# -*- coding: utf-8 -*-
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.CMFCore.permissions import setDefaultRoles
security = ModuleSecurityInfo('cpskin.core.permissions')
security.declarePublic('CPSkinSiteAdministrator')
CPSkinSiteAdministrator = 'CPSkin: Site administrator'
setDefaultRoles(CPSkinSiteAdministrator, ('Site Administrator', 'Manager'))
security.declarePublic('CPSkinEditKeywords')
CPSkinEditKeywords = 'CPSkin: Edit keywords'
setDefaultRoles(CPSkinEditKeywords,
('Site Administrator', 'Manager', 'Portlets Manager'))
"""Raised when an authentication is required.
"""
# Declarative Security
security = ClassSecurityInfo()
def __init__(self, realm=None):
self._realm = realm
security.declarePublic('getRealm')
def getRealm(self):
return self._realm
InitializeClass(SubversionLoginError)
ModuleSecurityInfo(__name__).declarePublic('SubversionLoginError')
class SubversionSSLTrustError(SubversionError):
"""Raised when a SSL certificate is not trusted.
"""
# Declarative Security
security = ClassSecurityInfo()
def __init__(self, trust_dict=None):
self._trust_dict = trust_dict
security.declarePublic('getTrustDict')
def getTrustDict(self):
return self._trust_dict
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.CMFCore.permissions import setDefaultRoles
#http://developer.plone.org/security/custom_permissions.html
security = ModuleSecurityInfo('collective.rcse')
TYPE_ROLES = ('Manager', 'Site Administrator', 'Owner')
perms = []
for typename in (
"article",
"audio",
"discussion",
"etherpad",
"event",
"file",
"group",
"image",
"video",
):
ctype = "collective.rcse." + typename
permid = 'Add' + typename.capitalize()
permname = 'collective.rcse: Add ' + typename
security.declarePublic(permid)
setDefaultRoles(permname, TYPE_ROLES)
AddArticle = "collective.rcse: Add article"
AddAudio = "collective.rcse: Add audio"
AddDiscussion = "collective.rcse: Add discussion"
AddEtherpad = "collective.rcse: Add etherpad"
AddEvent = "collective.rcse: Add event"
AddFile = "collective.rcse: Add file"
AddGroup = "collective.rcse: Add group"
# -*- coding: utf-8 -*-
from AccessControl.SecurityInfo import ModuleSecurityInfo
PROJECTNAME = 'collective.loremipsum'
security = ModuleSecurityInfo(PROJECTNAME)
security.declarePublic('CanPopulate')
CanPopulate = PROJECTNAME + ': Can Populate'
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
################################################################################
# Imports.
from AccessControl.SecurityInfo import ModuleSecurityInfo
import tempfile
# Product Imports.
from . import _fileutil
from . import standard
security = ModuleSecurityInfo('Products.zms.pilutil')
security.declarePublic('enabled')
def enabled():
try:
from PIL import Image
return True
except:
try:
import Image
return True
except:
return False
security.declarePublic('thumbnail')
from Products.ERP5Type import Timeout
erp5_conf = getattr(getConfiguration(), 'product_config', {}).get('erp5')
# Note: erp5_conf attributes are missing in unit tests, fallback to no timeout
# in that case.
Timeout.publisher_timeout = getattr(erp5_conf, 'publisher_timeout', None)
Timeout.activity_timeout = getattr(erp5_conf, 'activity_timeout', None)
from AccessControl.SecurityInfo import allow_module
from AccessControl.SecurityInfo import ModuleSecurityInfo
allow_module('Products.ERP5Type.Cache')
ModuleSecurityInfo('Products.ERP5Type.Utils').declarePublic(
'sortValueList', 'convertToUpperCase', 'UpperCase', 'convertToMixedCase',
'cartesianProduct', 'sleep', 'getCommonTimeZoneList', 'int2letter',
'getMessageIdWithContext', 'getTranslationStringWithContext',
'Email_parseAddressHeader', 'guessEncodingFromText',
'isValidTALESExpression')
allow_module('Products.ERP5Type.Message')
ModuleSecurityInfo('Products.ERP5Type.Message').declarePublic(
'translateString')
allow_module('Products.ERP5Type.Error')
allow_module('Products.ERP5Type.Errors')
allow_module('Products.ERP5Type.JSONEncoder')
allow_module('Products.ERP5Type.Log')
allow_module('Products.ERP5Type.ImmediateReindexContextManager')
ModuleSecurityInfo('Products.ERP5Type.JSON').declarePublic('dumps', 'loads')
ModuleSecurityInfo('Products.ERP5Type.Constraint').declarePublic(
'PropertyTypeValidity')
# Copyright 2020-2022 by it's authors.
# Some rights reserved, see README and LICENSE.
import logging
from AccessControl.Permission import addPermission
from AccessControl.SecurityInfo import ModuleSecurityInfo
from bika.lims.api import get_request
from senaite.patient import permissions
from senaite.patient.config import DEFAULT_ROLES
from senaite.patient.config import DEFAULT_TYPES
from senaite.patient.config import PRODUCT_NAME
from senaite.patient.interfaces import ISenaitePatientLayer
from zope.i18nmessageid import MessageFactory
security = ModuleSecurityInfo("senaite.patient")
# Defining a Message Factory for when this product is internationalized.
messageFactory = MessageFactory(PRODUCT_NAME)
logger = logging.getLogger(PRODUCT_NAME)
def is_installed():
"""Returns whether the product is installed or not
"""
request = get_request()
return ISenaitePatientLayer.providedBy(request)
def check_installed(default_return):
),
visibility=None,
icon='www/portal.gif')
context.registerClass(
ERP5AccessTokenExtractionPlugin.ERP5AccessTokenExtractionPlugin,
permission=ManageUsers,
constructors=(
ERP5AccessTokenExtractionPlugin.
manage_addERP5AccessTokenExtractionPluginForm,
ERP5AccessTokenExtractionPlugin.addERP5AccessTokenExtractionPlugin,
),
visibility=None,
icon='www/portal.gif')
context.registerClass(
ERP5DumbHTTPExtractionPlugin.ERP5DumbHTTPExtractionPlugin,
permission=ManageUsers,
constructors=(
ERP5DumbHTTPExtractionPlugin.
manage_addERP5DumbHTTPExtractionPluginForm,
ERP5DumbHTTPExtractionPlugin.addERP5DumbHTTPExtractionPlugin,
),
visibility=None,
icon='www/portal.gif')
from AccessControl.SecurityInfo import ModuleSecurityInfo
ModuleSecurityInfo('Products.ERP5Security.ERP5UserManager').declarePublic(
'getUserByLogin')
# -*- coding: utf-8 -*-
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.CMFCore.permissions import setDefaultRoles
from plone.app.contenttypes.utils import DEFAULT_TYPES
security = ModuleSecurityInfo('plone.app.contenttypes')
TYPE_ROLES = ('Manager', 'Site Administrator', 'Owner', 'Contributor')
perms = []
for typename in DEFAULT_TYPES:
permid = 'Add' + typename
permname = 'plone.app.contenttypes: Add ' + typename
security.declarePublic(permid)
setDefaultRoles(permname, TYPE_ROLES)
AddCollection = "plone.app.contenttypes: Add Collection"
AddDocument = "plone.app.contenttypes: Add Document"
AddEvent = "plone.app.contenttypes: Add Event"
AddFile = "plone.app.contenttypes: Add File"
AddFolder = "plone.app.contenttypes: Add Folder"
AddImage = "plone.app.contenttypes: Add Image"
AddLink = "plone.app.contenttypes: Add Link"
AddNewsItem = "plone.app.contenttypes: Add News Item"
##############################################################################
#
# Copyright (c) 2004 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" GenericSetup product exceptions.
"""
from AccessControl.SecurityInfo import ModuleSecurityInfo
from zExceptions import BadRequest # NOQA: F401
security = ModuleSecurityInfo('Products.GenericSetup.exceptions')
security.declarePublic('BadRequest') # NOQA: D001
from Products.ERP5Type import Permissions
from Products.ERP5Type.Cache import CachingMethod
from Products.ERP5Type.Globals import InitializeClass, PersistentMapping
from Products.ERP5Type.Tool.BaseTool import BaseTool
from Products.ERP5Type.Utils import deprecated
from Products.ZSQLCatalog.SQLCatalog import SimpleQuery, AutoQuery, ComplexQuery, NegatedQuery
from sets import ImmutableSet
from zLOG import LOG, WARNING
from six import reraise
WORKLIST_METADATA_KEY = 'metadata'
COUNT_COLUMN_TITLE = 'count'
SECURITY_PARAMETER_ID = 'local_roles'
from AccessControl.SecurityInfo import ModuleSecurityInfo
ModuleSecurityInfo(__name__).declarePublic('SECURITY_PARAMETER_ID')
class WorkflowTool(BaseTool, OriginalWorkflowTool):
"""
A new container for DC workflow and workflow;
inherits methods from original WorkflowTool.py;
contains patches from ERP5Type/patches/WorkflowTool.py.
"""
id = 'portal_workflow'
title = 'Workflow Tool'
meta_type = 'Workflow Tool'
portal_type = 'Workflow Tool'
allowed_types = ('Workflow', 'Interaction Workflow')
security = ClassSecurityInfo()
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
""" CMFCore product permissions.
"""
from AccessControl import Permissions
from AccessControl.Permission import addPermission
from AccessControl.SecurityInfo import ModuleSecurityInfo
from zope.deferredimport import deprecated
deprecated('Please use addPermission from AccessControl.Permission.',
setDefaultRoles='AccessControl.Permission:addPermission')
security = ModuleSecurityInfo('Products.CMFCore.permissions')
#
# General Zope permissions
#
security.declarePublic('AccessContentsInformation') # NOQA: flake8: D001
AccessContentsInformation = Permissions.access_contents_information
security.declarePublic('ChangePermissions') # NOQA: flake8: D001
ChangePermissions = Permissions.change_permissions
security.declarePublic('DeleteObjects') # NOQA: flake8: D001
DeleteObjects = Permissions.delete_objects
security.declarePublic('FTPAccess') # NOQA: flake8: D001
return cache[args]
except AttributeError:
result = func(self, *args)
setattr(self, key, {args: result})
except KeyError:
cache[args] = result = func(self, *args)
return result
return decorated
class NotAWorkingCopyError(Exception):
pass
ModuleSecurityInfo(__name__).declarePublic('NotAWorkingCopyError')
class NotVersionedError(Exception):
pass
ModuleSecurityInfo(__name__).declarePublic('NotVersionedError')
class BusinessTemplateNotInstalled(Exception):
pass
ModuleSecurityInfo(__name__).declarePublic('BusinessTemplateNotInstalled')
import sys
from AccessControl.class_init import InitializeClass
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Acquisition import Implicit
from App.config import getConfiguration
from App.special_dtml import DTMLFile
from DateTime.DateTime import DateTime
from OFS.SimpleItem import Item
from OFS.PropertyManager import PropertyManager
from OFS.History import Historical
from OFS.History import html_diff
from Persistence import Persistent
modulesecurity = ModuleSecurityInfo()
modulesecurity.declareProtected('View management screens',
'manage_addZReSTForm')
manage_addZReSTForm = DTMLFile('dtml/manage_addZReSTForm', globals())
modulesecurity.declareProtected('Add RestructuredText Document',
'manage_addZReST')
def manage_addZReST(self, id, file='', REQUEST=None):
"""Add a ZReST product """
# validate the instance_home
self._setObject(id, ZReST(id))
self._getOb(id).manage_upload(file)
if REQUEST is not None:
from AccessControl.SecurityInfo import ModuleSecurityInfo
from Products.Archetypes.config import UID_CATALOG
from Products.CMFCore.WorkflowCore import WorkflowException
from Products.CMFCore.utils import getToolByName
from bika.lims import PMF
from bika.lims import api
from bika.lims import logger
from bika.lims.browser import ulocalized_time
from bika.lims.interfaces import IJSONReadExtender
from bika.lims.jsonapi import get_include_fields
from bika.lims.utils import changeWorkflowState
from bika.lims.utils import t
from bika.lims.workflow.indexes import ACTIONS_TO_INDEXES
from zope.interface import implements
security = ModuleSecurityInfo('bika.lims.workflow')
security.declarePublic('guard_handler')
_marker = object()
def skip(instance, action, peek=False, unskip=False):
"""Returns True if the transition is to be SKIPPED
peek - True just checks the value, does not set.
unskip - remove skip key (for manual overrides).
called with only (instance, action_id), this will set the request variable preventing the
cascade's from re-transitioning the object and return None.
"""
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
# This has to happen early so things get initialized properly
from AccessControl.Implementation import setImplementation
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityPolicy
from AccessControl.SecurityInfo import ClassSecurityInfo
from AccessControl.SecurityInfo import ModuleSecurityInfo
from AccessControl.SecurityInfo import ACCESS_PRIVATE
from AccessControl.SecurityInfo import ACCESS_PUBLIC
from AccessControl.SecurityInfo import ACCESS_NONE
from AccessControl.SecurityInfo import secureModule
from AccessControl.SecurityInfo import allow_module
from AccessControl.SecurityInfo import allow_class
from AccessControl.SimpleObjectPolicies import allow_type
from AccessControl.unauthorized import Unauthorized # XXX
from AccessControl.ZopeGuards import full_write_guard
from AccessControl.ZopeGuards import safe_builtins
ModuleSecurityInfo('AccessControl').declarePublic('getSecurityManager')
