def test_MaximumRecursionDepthExceededWithComplexSecurity(self):
skin = self.portal.portal_skins.custom
colour = self.portal.portal_categories.colour
colour.hasObject('green') or colour.newContent('green')
login = str(time.time())
script_id = ["ERP5Type_getSecurityCategoryMapping",
"ERP5Type_getSecurityCategory"]
createZODBPythonScript(skin, script_id[0], "",
"return ((%r, ('colour',)),)" % script_id[1])
createZODBPythonScript(skin, script_id[1],
"base_category_list, user_name, object, portal_type, depth=[]", """if 1:
# This should not be called recursively, or at least if should not fail.
# Because RuntimeError is catched by 'except:' clauses, we detect it
# with a static variable.
depth.append(None)
assert not portal_type, portal_type
# the following line calls Base_zSearchRelatedObjectsByCategoryList
object.getSourceDecisionRelatedValueList()
bc, = base_category_list
depth.pop()
return [] if depth else [{bc: 'green'}]
""")
person = self.portal.person_module.newContent(reference=login)
try:
self.tic()
PortalTestCase.login(self, person.Person_getUserId())
self.assertEqual(['green'], getSecurityManager().getUser().getGroups())
self.portal.portal_caches.clearAllCache()
PortalTestCase.login(self, person.Person_getUserId())
unittest.expectedFailure(self.assertEqual)(
['green'], getSecurityManager().getUser().getGroups())
finally:
skin.manage_delObjects(script_id)
self.commit()
def getEmailsForRole(self, role):
portal = getSite()
acl_users = getToolByName(portal, 'acl_users')
# get a set of ids of members with the global role
ids = set([p[0] for p in acl_users.portal_role_manager.listAssignedPrincipals(role)])
# union with set of ids of members with the local role
ids |= set([user_id for user_id, irole
in acl_users._getAllLocalRoles(self.context).items()
if role in irole])
# get members from group or member ids
members = _recursiveGetMembersFromIds(portal, ids)
# get only allowed members
allowed_members = []
old_sm = getSecurityManager()
try:
for m in members:
# m is a MemberData instance,
# it doesn't have an allowed method on it,
# so checkPermission doesn't properly work.
# PloneUser have this method.
user = acl_users.getUserById(m.getId())
newSecurityManager(None, user)
sm = getSecurityManager()
if sm.checkPermission('View', self.context):
allowed_members.append(m)
finally:
setSecurityManager(old_sm)
# get emails
return u', '.join(self.getPropsForMembers(allowed_members, 'email'))
def testAcquireLocalRoles(self):
"""Tests that document does not acquire loal roles from their parents if
"acquire local roles" is not checked."""
ti = self._getTypeInfo()
ti.acquire_local_roles = False
self._getModuleTypeInfo().newContent(portal_type='Role Information',
role_name='Assignor',
description='desc.',
title='an Assignor role for testing',
role_category=self.defined_category,
role_base_category_script_id='ERP5Type_getSecurityCategoryFromAssignment')
obj = self._makeOne()
module = obj.getParentValue()
module.updateLocalRolesOnSecurityGroups()
# we said the we do not want acquire local roles.
self.failIf(obj._getAcquireLocalRoles())
# the local role is set on the module
self.assertEquals(['Assignor'], module.__ac_local_roles__.get('F1_G1_S1'))
# but not on the document
self.assertEquals(None, obj.__ac_local_roles__.get('F1_G1_S1'))
# same testing with roles in context.
self.loginAsUser(self.username)
self.failUnless('Assignor' in
getSecurityManager().getUser().getRolesInContext(module))
self.failIf('Assignor' in
getSecurityManager().getUser().getRolesInContext(obj))
def testMemberRole(self):
"""Test users have the Member role.
"""
self.loginAsUser(self.username)
self.failUnless('Member' in
getSecurityManager().getUser().getRolesInContext(self.portal))
self.failUnless('Member' in
getSecurityManager().getUser().getRoles())
def test_isolate_securitymanager(self):
newSecurityManager(self.layer['portal'], TEST_USER_ID)
security_manager = getSecurityManager()
with isolate_securitymanager():
self.assertIsNone(None, getSecurityManager())
newSecurityManager(self.layer['portal'], SITE_OWNER_NAME)
self.assertEquals(security_manager, getSecurityManager())
def manage_FTPstat(self, REQUEST):
"""Psuedo stat, used by FTP for directory listings.
"""
from AccessControl.User import nobody
mode = 0o0100000
if (hasattr(aq_base(self), 'manage_FTPget')):
try:
if getSecurityManager().validate(
None, self, 'manage_FTPget', self.manage_FTPget):
mode = mode | 0o0440
except Unauthorized:
pass
if nobody.allowed(
self.manage_FTPget,
getRoles(self, 'manage_FTPget',
self.manage_FTPget, ())):
mode = mode | 0o0004
# check write permissions
if hasattr(aq_base(self), 'PUT'):
try:
if getSecurityManager().validate(None, self,
'PUT', self.PUT):
mode = mode | 0o0220
except Unauthorized:
pass
if nobody.allowed(
self.PUT,
getRoles(self, 'PUT', self.PUT, ())):
mode = mode | 0o0002
# get size
if hasattr(aq_base(self), 'get_size'):
size = self.get_size()
elif hasattr(aq_base(self), 'manage_FTPget'):
size = len(self.manage_FTPget())
else:
size = 0
# get modification time
if hasattr(aq_base(self), '_p_mtime'):
mtime = DateTime(self._p_mtime).timeTime()
else:
mtime = time.time()
# get owner and group
owner = group = 'Zope'
if hasattr(aq_base(self), 'get_local_roles'):
for user, roles in self.get_local_roles():
if 'Owner' in roles:
owner = user
break
return marshal.dumps(
(mode, 0, 0, 1, owner, group, size, mtime, mtime, mtime))
def failIfUserHaveRoleOnDocument(self, username, role, document):
"""Fails if the user have the role on the document."""
sm = getSecurityManager()
try:
self._loginAsUser(username)
user = getSecurityManager().getUser()
if role in user.getRolesInContext(document):
self.fail('User %s have %s role on %s at %s' % (
username, role, document.getPortalType(), document.getRelativeUrl()))
finally:
setSecurityManager(sm)
def __call__(self, username, document):
sm = getSecurityManager()
try:
self._instance._loginAsUser(username)
user = getSecurityManager().getUser()
if user.has_permission(self._permission_name, document):
self._instance.fail(
'User %s has %s permission on %s %s (roles: [%s])' %
(username, self._permission_name, document.getPortalTypeName(),
document, ', '.join(user.getRolesInContext(document))))
finally:
setSecurityManager(sm)
def _getContainer(self):
# Utility for bindcode.
while 1:
self = aq_parent(aq_inner(self))
if not getattr(self, '_is_wrapperish', None):
parent = aq_parent(self)
inner = aq_inner(self)
container = aq_parent(inner)
try: getSecurityManager().validate(parent, container, '', self)
except Unauthorized:
return UnauthorizedBinding('container', self)
return self
def test_decorator_isolates_security_manager(self):
newSecurityManager(self.layer['portal'], TEST_USER_ID)
security_manager = getSecurityManager()
@isolated
def foo():
self.assertIsNone(None, getSecurityManager())
newSecurityManager(self.layer['portal'], SITE_OWNER_NAME)
return 'Foo'
self.assertEquals('Foo', foo())
self.assertEquals(security_manager, getSecurityManager())
def simulateSlapgridCP(self, computer):
sm = getSecurityManager()
computer_reference = computer.getReference()
computer_user_id = computer.getUserId()
try:
self.login(computer_user_id)
computer_xml = self.portal.portal_slap.getFullComputerInformation(
computer_id=computer.getReference())
if not isinstance(computer_xml, str):
computer_xml = computer_xml.getBody()
slap_computer = xml_marshaller.xml_marshaller.loads(computer_xml)
self.assertEqual('Computer', slap_computer.__class__.__name__)
for partition in slap_computer._computer_partition_list:
if partition._requested_state in ('started', 'stopped') \
and partition._need_modification == 1:
instance_reference = partition._instance_guid.encode('UTF-8')
ip_list = partition._parameter_dict['ip_list']
connection_xml = xml_marshaller.xml_marshaller.dumps(dict(
url_1 = 'http://%s/' % ip_list[0][1],
url_2 = 'http://%s/' % ip_list[1][1],
))
self.login()
instance_user_id = self.portal.portal_catalog.getResultValue(
reference=instance_reference, portal_type="Software Instance").getUserId()
oldsm = getSecurityManager()
try:
self.login(instance_user_id)
self.portal.portal_slap.setComputerPartitionConnectionXml(
computer_id=computer_reference,
computer_partition_id=partition._partition_id,
connection_xml=connection_xml
)
for slave in partition._parameter_dict['slave_instance_list']:
slave_reference = slave['slave_reference']
connection_xml = xml_marshaller.xml_marshaller.dumps(dict(
url_1 = 'http://%s/%s' % (ip_list[0][1], slave_reference),
url_2 = 'http://%s/%s' % (ip_list[1][1], slave_reference)
))
self.portal.portal_slap.setComputerPartitionConnectionXml(
computer_id=computer_reference,
computer_partition_id=partition._partition_id,
connection_xml=connection_xml,
slave_reference=slave_reference
)
finally:
setSecurityManager(oldsm)
finally:
setSecurityManager(sm)
self.tic()
def connect(self, bind_dn='', bind_pwd=''):
""" initialize an ldap server connection """
conn = None
conn_string = ''
if bind_dn != '':
user_dn = bind_dn
user_pwd = bind_pwd or '~'
elif self.binduid_usage == 1:
user_dn = self.bind_dn
user_pwd = self.bind_pwd
else:
user = getSecurityManager().getUser()
if isinstance(user, LDAPUser):
user_dn = user.getUserDN()
user_pwd = user._getPassword()
if not user_pwd or user_pwd == 'undef':
# This user object did not result from a login
user_dn = user_pwd = ''
else:
user_dn = user_pwd = ''
conn = getResource('%s-connection' % self._hash, str, ())
if conn._type() is not str:
try:
conn.simple_bind_s(user_dn, user_pwd)
conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
return conn
except ( AttributeError
, ldap.SERVER_DOWN
, ldap.NO_SUCH_OBJECT
, ldap.TIMEOUT
, ldap.INVALID_CREDENTIALS
), e:
logger.exception(
'LDAPDEBUG bind error %s; bind_dn: %s, len(bind_pwd): %s,'
' self.binduid_usage: %s, self.bind_dn: %s, '
'len(self.bind_pwd): %s, user: %s, '
'is user instance of LDAPUser?: %s, '
'user_dn: %s, len(user_pwd): %s, '
'self.u_base: %s, self.BASE: %s' % (
e,
bind_dn, len(bind_pwd), self.binduid_usage,
self.bind_dn, len(self.bind_pwd),
getSecurityManager().getUser(),
isinstance(getSecurityManager().getUser(), LDAPUser),
user_dn, len(user_pwd),
self.u_base, self.BASE
))
pass
def __enter__(self):
"""Grant privileges of the user who has the token
"""
self.real_sm = getSecurityManager()
tokens_bucket = getUtility(ITokenManager)
user_id = tokens_bucket.userIdForToken(self.token)
portal_state = getMultiAdapter((self.context, self.request), name=u'plone_portal_state')
pas = portal_state.portal().acl_users
member = pas.getUserById(user_id)
if member is not None:
newSecurityManager(self.request, member)
else:
LOG.warning("No user for token %s, will be considered as anonymous", user_id)
return getSecurityManager()
def failIfUserCanPassWorkflowTransition(self, username, transition, document):
"""Fails if the user can pass the workflow transition on the document."""
sm = getSecurityManager()
try:
self._loginAsUser(username)
user = getSecurityManager().getUser()
valid_transition_list =[ai['id'] for ai in
self.workflow_tool.listActions(object=document) if
ai['category'] == 'workflow']
if transition in valid_transition_list:
self.fail('User %s can pass %s transition on %s %s. Roles: [%s]' % (
username, transition, document.getPortalTypeName(), document,
", ".join(user.getRolesInContext(document))))
finally:
setSecurityManager(sm)
def EditLink(self, object, borrow_lock=0):
"""Insert the external editor link to an object if appropriate"""
base = Acquisition.aq_base(object)
user = getSecurityManager().getUser()
editable = (hasattr(base, 'manage_FTPget')
or hasattr(base, 'EditableBody')
or hasattr(base, 'document_src')
or hasattr(base, 'read'))
if editable and user.has_permission(ExternalEditorPermission, object):
query = {}
if is_mac_user_agent(object.REQUEST['HTTP_USER_AGENT']):
# Add extension to URL so that the Mac finder can
# launch the ZopeEditManager helper app
# this is a workaround for limited MIME type
# support on MacOS X browsers
ext = '.zem'
query['macosx'] = 1
else:
ext = ''
if borrow_lock:
query['borrow_lock'] = 1
url = "%s/externalEdit_/%s%s%s" % (object.aq_parent.absolute_url(),
urllib.quote(object.getId()),
ext, querystr(query))
return ('<a href="%s" '
'title="Edit using external editor">'
'<img src="%s/misc_/ExternalEditor/edit_icon" '
'align="middle" hspace="2" border="0" alt="External Editor" />'
'</a>' % (url, object.REQUEST.BASEPATH1)
)
else:
return ''
def index_html(self, REQUEST, RESPONSE):
"""Publish the object to the external editor helper app"""
security = getSecurityManager()
ob = getattr(self.aq_parent, REQUEST['target'])
if not security.checkPermission('View management screen', ob):
raise 'Unauthorized'
r = []
r.append('url:%s' % ob.absolute_url())
r.append('meta_type:%s' % ob.meta_type)
if hasattr(ob, 'content_type'):
r.append('content_type:%s' % ob.content_type)
r.append('auth:%s' % REQUEST._auth)
r.append('cookie:%s' % REQUEST.environ.get('HTTP_COOKIE',''))
r.append('')
if hasattr(ob, 'document_src'):
r.append(ob.document_src(REQUEST, RESPONSE))
elif hasattr(ob, 'manage_FTPget'):
r.append(ob.manage_FTPget(REQUEST, RESPONSE))
elif hasattr(ob, 'read'):
r.append(ob.read())
else:
# can't read it!
raise 'BadRequest', 'Object does not support external editing'
RESPONSE.setHeader('Content-Type', 'application/x-zope-edit')
return '\n'.join(r)
def restrictMethodAsShadowUser(self, open_order=None, callable_object=None,
argument_list=None, argument_dict=None):
"""
Restrict the security access of a method to the unaccessible shadow user
associated to the current user.
"""
if argument_list is None:
argument_list = []
if argument_dict is None:
argument_dict = {}
if open_order is None or callable_object is None:
raise TypeError('open_order and callable_object cannot be None')
relative_url = open_order.getRelativeUrl()
if open_order.getPortalType() != 'Open Sale Order':
raise Unauthorized("%s is not an Open Sale Order" % relative_url)
else:
# Check that open order is the validated one for the current user
if open_order.getValidationState() != 'validated':
raise Unauthorized('Open Sale Order %s is not validated.' % relative_url)
acl_users = open_order.getPortalObject().acl_users
# Switch to the shadow user temporarily, so that the behavior would not
# change even if this method is invoked by random users.
sm = getSecurityManager()
newSecurityManager(None, acl_users.getUserById(open_order.getReference()))
try:
return callable_object(*argument_list, **argument_dict)
finally:
# Restore the original user.
setSecurityManager(sm)
def localBuild(self, activity_kw=()):
"""Activate builders for this delivery
The generated activity will find all buildable business links for this
delivery, and call related builders, which will select all simulation
movements part of the same explanation(s) as the delivery.
XXX: Consider moving it to SimulableMixin if it's useful for
Subscription Items.
"""
# XXX: Previous implementation waited for expand activities of related
# documents and even suggested to look at explanation tree,
# instead of causalities. Is it required ?
kw = {'priority': 3}
kw.update(activity_kw)
after_tag = kw.pop('after_tag', None)
if isinstance(after_tag, basestring):
after_tag = [after_tag]
else:
after_tag = list(after_tag) if after_tag else []
# Now that 'delivery' category relation are indexed in ZODB, this is the
# only method that depends on built: tag (via _updateSimulation), which
# is still required because builders only use catalog to find buildable
# movements and we don't want to miss any for local building.
after_tag.append('expand:' + self.getPath())
sm = getSecurityManager()
newSecurityManager(None, nobody)
try:
unrestricted_apply(self.activate(after_tag=after_tag, **kw)._localBuild)
finally:
setSecurityManager(sm)
def checkPermission(permission, object, interaction=None):
"""Return whether security policy allows permission on object.
Arguments:
permission -- A permission name
object -- The object being accessed according to the permission
interaction -- This zope.security concept has no equivalent in Zope 2,
and is ignored.
checkPermission is guaranteed to return True if permission is
CheckerPublic or None.
"""
if permission in ('zope.Public', 'zope2.Public') or \
permission is None or \
permission is CheckerPublic:
return True
if isinstance(permission, six.string_types):
permission = queryUtility(IPermission, six.u(permission))
if permission is None:
return False
if getSecurityManager().checkPermission(permission.title, object):
return True
return False
def isConstructionAllowed(self, container):
"""
a. Does the factory method exist?
b. Is the factory method usable?
c. Does the current user have the permission required in
order to invoke the factory method?
d. Do all workflows authorize the creation?
"""
ti_check = False
if self.product:
# oldstyle factory
m = self._queryFactoryMethod(container)
ti_check = m is not None
elif container is not None:
# newstyle factory
m = queryUtility(IFactory, self.factory, None)
if m is not None:
for d in container.all_meta_types():
if d['name'] == self.content_meta_type:
sm = getSecurityManager()
ti_check = sm.checkPermission(d['permission'],
container)
break
if not ti_check:
return False
else :
return self._checkWorkflowAllowed(container)
def testGetUserByLogin(self):
"""Test getUserByLogin method
"""
self.loginAsUser(self.username)
# getUserByLogin accept login as a string
self.portal.portal_caches.clearAllCache()
self.commit()
person_list = self.portal.acl_users.erp5_users.getUserByLogin(self.username)
self.assertEquals(1, len(person_list))
self.assertEquals(self.username, person_list[0].getReference())
# getUserByLogin accept login as a list
self.portal.portal_caches.clearAllCache()
self.commit()
person_list = self.portal.acl_users.erp5_users.getUserByLogin([self.username])
self.assertEquals(1, len(person_list))
self.assertEquals(self.username, person_list[0].getReference())
# getUserByLogin accept login as a tuple
self.portal.portal_caches.clearAllCache()
self.commit()
person_list = self.portal.acl_users.erp5_users.getUserByLogin((self.username,))
self.assertEquals(1, len(person_list))
self.assertEquals(self.username, person_list[0].getReference())
# PreferenceTool pass a user as parameter
user = getSecurityManager().getUser()
self.portal.portal_caches.clearAllCache()
self.commit()
person_list = self.portal.acl_users.erp5_users.getUserByLogin(user)
self.assertEquals(1, len(person_list))
self.assertEquals(self.username, person_list[0].getReference())
def wrapped_func(*args, **kw):
sm, site = getSecurityManager(), getSite()
try:
return func(*args, **kw)
finally:
setSecurityManager(sm)
setSite(site)
def test_apply_no_col_Locked(self):
from webdav.common import Locked
cmd = self._makeOne()
obj = _DummyContent('LOCKED')
sm = getSecurityManager()
self.assertRaises(Locked, cmd.apply, obj, None, sm, '/foo/DELETE')
def changed_security(user=SpecialUsers.system):
old_manager = getSecurityManager()
newSecurityManager(getRequest(), user)
yield
setSecurityManager(old_manager)
def manage_addFolder(self, id, title='',
createPublic=0,
createUserF=0,
REQUEST=None):
"""Add a new Folder object with id *id*.
If the 'createPublic' and 'createUserF' parameters are set to any true
value, an 'index_html' and a 'UserFolder' objects are created respectively
in the new folder.
"""
ob = Folder(id)
ob.title = title
self._setObject(id, ob)
ob = self._getOb(id)
checkPermission=getSecurityManager().checkPermission
if createUserF:
if not checkPermission(add_user_folders, ob):
raise Unauthorized, (
'You are not authorized to add User Folders.'
)
ob.manage_addUserFolder()
if createPublic:
if not checkPermission(add_page_templates, ob):
raise Unauthorized, (
'You are not authorized to add Page Templates.'
)
ob.manage_addProduct['PageTemplates'].manage_addPageTemplate(
id='index_html', title='')
if REQUEST is not None:
return self.manage_main(self, REQUEST, update_menu=1)
def last_modifier(self):
# Let's see if we have any last_modifier annotation
raw_last_modifier = self._raw_last_modifier()
if raw_last_modifier:
return raw_last_modifier
# If we are here: try with with history support if is available.
history = queryMultiAdapter((self.context, self.request),
interface=Interface, name=u"contenthistory")
# Security is in the view definition. Here we act as an omnipotent user
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(old_sm.getUser().getId() or '', '', ['Manager'], '')
newSecurityManager(None, tmp_user)
try:
if not history and sys.version_info < (2, 6):
# We didn't found any history... is this a Plone 3? Let's try with the old history viewlet
# To be sure of that let's do it only if we are using Python 2.4
# Please remove this abomination when Plone 3.3 compatibity will be dropped
history = ContentHistoryViewlet(self.context, self.request, None, manager=None)
history.update()
if history:
full_history = history.fullHistory()
if full_history:
return full_history[0].get('actorid') or full_history[0].get('actor').get('username')
finally:
setSecurityManager(old_sm)
def elevated_privileges():
"""Temporarily elevate current user's privileges.
See http://docs.plone.org/develop/plone/security/permissions.html#bypassing-permission-checks
for more documentation on this code.
"""
old_manager = getSecurityManager()
try:
# Clone the current user and assign a new role.
# Note that the username (getId()) is left in exception
# tracebacks in the error_log,
# so it is an important thing to store.
tmp_user = UnrestrictedUser(
api.user.get_current().getId(), '', ('manage', ), ''
)
# Wrap the user in the acquisition context of the portal
tmp_user = tmp_user.__of__(api.portal.get().acl_users)
newSecurityManager(getRequest(), tmp_user)
yield
finally:
# Restore the old security manager
setSecurityManager(old_manager)
def _checkTransitionGuard(self, t, ob, **kw):
guard = t.guard
if guard is None:
return 1
if guard.check(getSecurityManager(), self, ob, **kw):
return 1
return 0
def EditURL(self, object, borrow_lock=0):
"""Return the URL to externally edit an object if appropriate"""
base = Acquisition.aq_base(object)
user = getSecurityManager().getUser()
editable = (hasattr(base, 'manage_FTPget')
or hasattr(base, 'EditableBody')
or hasattr(base, 'document_src')
or hasattr(base, 'read'))
if editable and user.has_permission(ExternalEditorPermission, object):
query = {}
if is_mac_user_agent(object.REQUEST['HTTP_USER_AGENT']):
# Add extension to URL so that the Mac finder can
# launch the ZopeEditManager helper app
# this is a workaround for limited MIME type
# support on MacOS X browsers
ext = '.zem'
query['macosx'] = 1
else:
ext = ''
if borrow_lock:
query['borrow_lock'] = 1
path = object.absolute_url().split('/')
path.insert(-1, 'externalEdit_')
return "%s%s%s" % ('/'.join(path), ext, querystr(query))
return ''
def _queryFactoryMethod(self, container, default=None):
if not self.product or not self.factory or container is None:
return default
# In case we aren't wrapped.
dispatcher = getattr(container, 'manage_addProduct', None)
if dispatcher is None:
return default
try:
p = dispatcher[self.product]
except AttributeError:
logger.exception("_queryFactoryMethod raised an exception")
return default
m = getattr(p, self.factory, None)
if m:
try:
# validate() can either raise Unauthorized or return 0 to
# mean unauthorized.
if getSecurityManager().validate(p, p, self.factory, m):
return m
except zExceptions_Unauthorized: # Catch *all* Unauths!
pass
return default
def test_resume_enforce_same_account(self):
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityManager
from AccessControl.SecurityManagement import newSecurityManager
from euphorie.client import model
sm = getSecurityManager()
mgr = self.SessionManagerFactory()
victim = model.Account(loginname="test", password=u"test")
attacker = model.Account(loginname="evil", password=u"layer")
session = model.SurveySession(account=victim)
try:
newSecurityManager(None, attacker)
self.assertRaises(ValueError, mgr.resume, session)
finally:
setSecurityManager(sm)
def validated_hook(request, user):
newSecurityManager(request, user)
version = request.get(Globals.VersionNameName, '')
if version:
object = user.aq_parent
if not getSecurityManager().checkPermission('Join/leave Versions',
object):
request['RESPONSE'].setCookie(
Globals.VersionNameName,
'No longer active',
expires="Mon, 25-Jan-1999 23:59:59 GMT",
path=(request['BASEPATH1'] or '/'),
)
Zope2.DB.removeVersionPool(version)
raise Unauthorized, "You don't have permission to enter versions."
def test_validate_Masquerader_via_group(self):
request = self.app.REQUEST
request._auth = 'Basic %s' % pastc.mkauth('pebbles/wilma', 'sci55ors')
user = self.pas.validate(request)
self.failIfEqual(user, None)
self.assertEqual(user.getId(), 'wilma_id')
self.assertEqual(user.getUserName(), 'wilma')
self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
user = getSecurityManager().getUser()
self.failIfEqual(user, None)
self.assertEqual(user.getId(), 'wilma_id')
self.assertEqual(user.getUserName(), 'wilma')
self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
def credentialsChanged(self, password, REQUEST=None):
"""
Notifies the authentication mechanism that this user has changed
passwords. This can be used to update the authentication cookie.
Note that this call should *not* cause any change at all to user
databases.
"""
if not self.isAnonymousUser():
user = getSecurityManager().getUser()
name = user.getUserName()
# this really does need to be the user name, and not the user id,
# because we're dealing with authentication credentials
cctool = queryUtility(ICookieCrumbler)
if cctool is not None:
cctool.credentialsChanged(user, name, password, REQUEST)
def sudo(func, *args, **kwargs):
""" Function to run another operation under a new security context
"""
portal = getSite()
origSecurityManager = getSecurityManager()
origUserID = origSecurityManager.getUser().getId()
newSecurityManager(
None, OmnipotentUser(origUserID).__of__(portal.acl_users))
try:
result = func(*args, **kwargs)
finally:
setSecurityManager(origSecurityManager)
return result
def receive(self, REQUEST):
"""Receive push notification"""
#XML is stored is BODY of request
datas = REQUEST['BODY']
if not datas:
raise SMSGatewayError, "Impossible to notify nothing"
#Get current user
sm = getSecurityManager()
try:
#Use SUPER_USER
portal_membership = self.getPortalObject().portal_membership
newSecurityManager(
None, portal_membership.getMemberById(ERP5Security.SUPER_USER))
#Parse XML
root = etree.fromstring(datas)
#Choice action corresponding to the notification type
notification_type = root.tag
#Parse text XML Element to dict
xml = {}
for child in root.getchildren():
xml[child.tag] = child.text
#Check Account id
if xml['AccountId'] != self.getGatewayAccountId():
raise Unauthorized, 'Bad accound id (%s)' % xml['AccountId']
if notification_type == 'InboundMessage':
self.notifyReception(xml)
elif notification_type == 'MessageDelivered':
self.notifyDelivery(xml)
elif notification_type == 'MessageError':
raise SMSGatewayError, "'MessageError' notification is not implemented (%s)" % str(
kw)
elif notification_type == 'SubscriptionEvent':
raise SMSGatewayError, "'MessageError' notification is not implemented (%s)" % str(
kw)
else:
raise SMSGatewayError, "Unknow '%s' notification (%s)" % (
notification_type, str(kw))
finally:
#Restore orinal user
setSecurityManager(sm)
def runLiveTest(test_list, verbosity=1, stream=None, **kw):
from Products.ERP5Type.tests.runUnitTest import DebugTestResult
from StringIO import StringIO
# Add path of the TestTemplateItem folder of the instance
path = kw.get('path', None)
if path is not None and path not in sys.path:
sys.path.append(path)
product_test_list = []
import Products
for product_path in Products.__path__:
product_test_list.extend(glob(os.path.join(product_path, '*',
'tests')))
current_syspath = set(sys.path)
sys.path.extend(path for path in product_test_list
if path not in current_syspath)
TestRunner = unittest.TextTestRunner
if ERP5TypeLiveTestCase not in ERP5TypeTestCase.__bases__:
ERP5TypeTestCase.__bases__ = ERP5TypeLiveTestCase,
if kw.get('debug', False):
class DebugTextTestRunner(TestRunner):
def _makeResult(self):
result = super(DebugTextTestRunner, self)._makeResult()
return DebugTestResult(result)
TestRunner = DebugTextTestRunner
run_only = kw.get('run_only', ())
filter_test_list = [re.compile(x).search for x in run_only]
loader = ERP5TypeLiveTestLoader()
ERP5TypeTestLoader.filter_test_list = filter_test_list
suite = loader.loadTestsFromNames(test_list)
output = stream
if stream is None:
output = StringIO()
output.write("**Running Live Test:\n")
ZopeTestCase._print = output.write
# Test may login/logout with different users, so ensure that at the end the
# original SecurityManager is restored
from AccessControl.SecurityManagement import getSecurityManager, setSecurityManager
sm = getSecurityManager()
try:
result = TestRunner(stream=output, verbosity=verbosity).run(suite)
finally:
setSecurityManager(sm)
def LOCK(self, REQUEST, RESPONSE):
""" LOCK on a Null Resource makes a LockNullResource instance """
self.dav__init(REQUEST, RESPONSE)
security = getSecurityManager()
creator = security.getUser()
body = REQUEST.get('BODY', '')
ifhdr = REQUEST.get_header('If', '')
depth = REQUEST.get_header('Depth', 'infinity')
name = self.__name__
parent = self.__parent__
if IWriteLock.providedBy(parent) and parent.wl_isLocked():
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1)
else:
raise Locked
elif ifhdr:
# There was an If header, but the parent is not locked.
raise PreconditionFailed
# The logic involved in locking a null resource is simpler than
# a regular resource, since we know we're not already locked,
# and the lock isn't being refreshed.
if not body:
raise BadRequest, 'No body was in the request'
locknull = LockNullResource(name)
parent._setObject(name, locknull)
locknull = parent._getOb(name)
cmd = Lock(REQUEST)
token, result = cmd.apply(locknull, creator, depth=depth)
if result:
# Return the multistatus result (there were multiple errors)
# This *shouldn't* happen for locking a NullResource, but it's
# inexpensive to handle and is good coverage for any future
# changes in davcmds.Lock
RESPONSE.setStatus(207)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setBody(result)
else:
# The command was succesful
lock = locknull.wl_getLock(token)
RESPONSE.setStatus(200)
RESPONSE.setHeader('Content-Type', 'text/xml; charset="utf-8"')
RESPONSE.setHeader('Lock-Token', 'opaquelocktoken:' + token)
RESPONSE.setBody(lock.asXML())
def findCacheables(ob, manager_id, require_assoc, subfolders,
meta_types, rval, path):
'''
Used by the CacheManager UI. Recursive. Similar to the Zope
"Find" function. Finds all Cacheable objects in a hierarchy.
'''
try:
if meta_types:
subobs = ob.objectValues(meta_types)
else:
subobs = ob.objectValues()
sm = getSecurityManager()
# Add to the list of cacheable objects.
for subob in subobs:
if not isCacheable(subob):
continue
associated = (subob.ZCacheable_getManagerId() == manager_id)
if require_assoc and not associated:
continue
if not sm.checkPermission('Change cache settings', subob):
continue
subpath = path + (subob.getId(),)
icon = getattr(aq_base(subob), 'icon', '')
info = {
'sortkey': subpath,
'path': '/'.join(subpath),
'title': getattr(aq_base(subob), 'title', ''),
'icon': icon,
'associated': associated,}
rval.append(info)
# Visit subfolders.
if subfolders:
if meta_types:
subobs = ob.objectValues()
for subob in subobs:
subpath = path + (subob.getId(),)
if hasattr(aq_base(subob), 'objectValues'):
if sm.checkPermission(
'Access contents information', subob):
findCacheables(
subob, manager_id, require_assoc,
subfolders, meta_types, rval, subpath)
except:
# Ignore exceptions.
import traceback
traceback.print_exc()
def __call__(self, *args, **kw):
user = getSecurityManager().getUser()
if user.has_permission(permissions.ModifyPortalContent, self.context):
default_view = self.context.default_view_authenticated
return self.request.response.redirect(
'{}/{}'.format(self.context.absolute_url(), default_view))
else:
default_view = self.context.default_view_anonymous
if default_view:
return self.request.response.redirect(
'{}/{}'.format(self.context.absolute_url(), default_view))
else:
msg = _(u'No default view configured for anonymous visitors')
self.context.plone_utils.addPortalMessage(msg, 'error')
raise zExceptions.NotFound()
def owner_info(self):
"""Get ownership info for display
"""
owner = self.getOwnerTuple()
if owner is None or owner is UnownableOwner:
return owner
d = {
'path': '/'.join(owner[0]),
'id': owner[1],
'explicit': hasattr(self, '_owner'),
'userCanChangeOwnershipType':
getSecurityManager().checkPermission('Take ownership', self)
}
return d
def test_session_valid_session_open(self):
import mock
from .. import model
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityManager
from AccessControl.SecurityManagement import newSecurityManager
session = self.createSurveySession()
with mock.patch('euphorie.client.session.SessionManagerFactory.id', new_callable=mock.PropertyMock) as mock_id:
mock_id.return_value = session.id
mgr = self.SessionManagerFactory()
sm = getSecurityManager()
try:
newSecurityManager(None, session.account)
self.assertTrue(mgr.session is session)
finally:
setSecurityManager(sm)
def chart_elements(self, types=None, b_start=0, b_size=None):
if not hasattr(self, '_content'):
sm = getSecurityManager()
self._content = filter(
lambda o: sm.checkPermission('View', o),
filter(
lambda o: o.portal_type in self.ELEMENT_TYPES,
self.context.contentValues(),
))
content = self._content
if types:
content = filter(
lambda o: o.portal_type in types,
content,
)
return batch(content, b_start, b_size)
def testSimpleLocalRole(self):
"""Test simple case of setting a role.
"""
self._getTypeInfo().newContent(portal_type='Role Information',
role_name='Assignor',
description='desc.',
title='an Assignor role for testing',
role_category=self.defined_category)
self.loginAsUser(self.username)
user = getSecurityManager().getUser()
obj = self._makeOne()
self.assertEqual(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1'))
self.assertTrue('Assignor' in user.getRolesInContext(obj))
self.assertFalse('Assignee' in user.getRolesInContext(obj))
self.abort()
def connect(self, bind_dn='', bind_pwd=''):
""" initialize an ldap server connection """
conn = None
conn_string = ''
if bind_dn != '':
user_dn = bind_dn
user_pwd = bind_pwd or '~'
elif self.binduid_usage == 1:
user_dn = self.bind_dn
user_pwd = self.bind_pwd
else:
user = getSecurityManager().getUser()
if isinstance(user, LDAPUser):
user_dn = user.getUserDN()
user_pwd = user._getPassword()
if not user_pwd or user_pwd == 'undef':
# This user object did not result from a login
user_dn = user_pwd = ''
else:
user_dn = user_pwd = ''
conn = getResource('%s-connection' % self._hash, str, ())
if not isinstance(conn._type(), str):
try:
conn.simple_bind_s(user_dn, user_pwd)
conn.search_s(self.u_base, self.BASE, '(objectClass=*)')
return conn
except (AttributeError, ldap.SERVER_DOWN, ldap.NO_SUCH_OBJECT,
ldap.TIMEOUT, ldap.INVALID_CREDENTIALS):
pass
e = None
for server in self._servers:
conn_string = self._createConnectionString(server)
try:
newconn = self._connect(conn_string,
user_dn,
user_pwd,
conn_timeout=server['conn_timeout'],
op_timeout=server['op_timeout'])
return newconn
except (ldap.SERVER_DOWN, ldap.TIMEOUT,
ldap.INVALID_CREDENTIALS), e:
continue
def receive(self, REQUEST):
"""Receive push notification from the gateway"""
#Get current user
sm = getSecurityManager()
try:
#Use SUPER_USER
portal_membership = self.getPortalObject().portal_membership
newSecurityManager(
None, portal_membership.getMemberById(ERP5Security.SUPER_USER))
#Mobyt notify only new SMS
self.notifyReception(REQUEST.get("orig"), REQUEST.get("text"),
REQUEST.get("ticket"))
finally:
#Restore orinal user
setSecurityManager(sm)
def deliver(self, msg, user, recipient):
logger.info(
'MailToFolderRouter called with message %s from %s to %s' %
(msg.get('Message-ID'), user.getProperty('email'), recipient))
local_part = recipient.split('@')[0].lower()
assert len(local_part) <= 50, \
"local_part must have a reasonable length"
# Find the right context. Do that by looking up local_part
# in our local friendly-name storage, and if not found, check
# if it looks like a uid. Then look up the uid.
storage = queryUtility(IFriendlyNameStorage)
uid = storage.get(local_part, None)
if uid is None and UIDRE.match(local_part) is not None:
uid = local_part
if uid is None:
# local_part is not a uid and is not mapped onto a folder,
# this is not something we can handle.
return False
# Drop privileges to the right user
self.acl_users = getToolByName(self.site, 'acl_users')
newSecurityManager(None, user.__of__(self.acl_users))
context = api.content.get(UID=uid)
if not context:
raise NotFoundError(_("Folder not found"))
if not IFolderish.providedBy(context):
raise NotFoundError(
_("Target %s is not a folder" % context.getId()))
result = False
# Check permissions
if not getSecurityManager().checkPermission('Add portal content',
context):
raise PermissionError(
_("%s has insufficient privileges on %s" %
(user.getProperty('email'), context.getId())))
# Defer actual work to an adapter
result = IMailImportAdapter(context).add(msg)
return result
def manage_takeOwnership(self, REQUEST, RESPONSE, recursive=0):
"""Take ownership (responsibility) for an object.
If 'recursive' is true, then also take ownership of all sub-objects.
"""
security = getSecurityManager()
want_referer = REQUEST['URL1'] + '/manage_owner'
got_referer = ("%s://%s%s" %
parse.urlparse(REQUEST['HTTP_REFERER'])[:3])
__traceback_info__ = want_referer, got_referer
if (want_referer != got_referer or security.calledByExecutable()):
raise Unauthorized(
'manage_takeOwnership was called from an invalid context')
self.changeOwnership(security.getUser(), recursive)
raise Redirect(REQUEST['HTTP_REFERER'])
def tic(self):
"""
We will look at all alarms and see if they should be activated,
if so then we will activate them.
"""
security_manager = getSecurityManager()
try:
for alarm in self.getAlarmList(to_active=1):
if alarm is not None:
user = alarm.getWrappedOwner()
newSecurityManager(self.REQUEST, user)
if alarm.isActive() or not alarm.isEnabled():
# do nothing if already active, or not enabled
continue
alarm.activeSense()
finally:
setSecurityManager(security_manager)
def _getCacheId(self):
"""Return a cache id for preferences.
We use:
- user_id: because preferences are always different by user
- self._preference_cache[user_id] which is increased everytime a user
preference is modified
- self._preference_cache[None] which is increased everytime a global
preference is modified
"""
user_id = getSecurityManager().getUser().getId()
try:
self._preference_cache
except AttributeError:
self._preference_cache = OIBTree()
return self._preference_cache.get(None), self._preference_cache.get(
user_id), user_id
def createPreferenceForUser(self, user_id, enable=True):
"""Creates a preference for a given user, and optionnally enable the
preference.
"""
user_folder = self.acl_users
user = user_folder.getUserById(user_id)
if user is None:
raise ValueError("User %r not found" % (user_id, ))
security_manager = getSecurityManager()
try:
newSecurityManager(None, user.__of__(user_folder))
preference = self.newContent(portal_type='Preference')
if enable:
preference.enable()
return preference
finally:
setSecurityManager(security_manager)
def checkRights(self, object_list, security_mapping, username):
self.loginAsUser(username)
user = getSecurityManager().getUser()
if type(object_list) != type([]):
object_list = [
object_list,
]
for object in object_list:
for permission, has in security_mapping.items():
if user.has_permission(permission, object) and not has:
self.fail('%s Permission should be Unauthorized on %s' % \
( permission,
object.getRelativeUrl()))
if not (user.has_permission(permission, object)) and has:
self.fail('%s Permission should be Authorized on %s' % \
( permission,
object.getRelativeUrl()))
def assertUserHasNoWorklist(self, username, worklist_id):
self.portal.portal_workflow.refreshWorklistCache()
self.portal.portal_caches.clearAllCache()
sm = getSecurityManager()
try:
self._loginAsUser(username)
worklist_action_list = [
x for x in self.portal.portal_workflow.listActions(
object=self.portal) if x['category'] == 'global'
and x['worklist_id'] == worklist_id
]
if worklist_action_list:
self.fail(
"User %s has worklist %s: %s" %
(username, worklist_id, pformat(worklist_action_list)))
finally:
setSecurityManager(sm)
def test12LocalRoleSecurity(self):
"""Access TTW
"""
try:
self.gruf.acquireLocalRoles(self.sublr2, 1)
except:
failed = 1
else:
failed = 0
if getSecurityManager().checkPermission(
Permissions.change_permissions,
self.sublr2,
):
self.failUnless(not failed, "Must have the permission here.")
else:
self.failUnless(failed, "Must NOT have the permission here.")
def receive(self,REQUEST):
"""Receive push notification from the gateway"""
#Get current user
sm = getSecurityManager()
try:
#Use SUPER_USER
portal_membership = self.getPortalObject().portal_membership
newSecurityManager(None, portal_membership.getMemberById(SUPER_USER))
#Dummy notify only new SMS
self.notifyReception(REQUEST.get("sender"),
REQUEST.get("text"),
_generateRandomMessageId())
finally:
#Restore orinal user
setSecurityManager(sm)
def user_display_info(self, username):
"""
Given username, get information for that user, returning
it as a dict of portrait_url (if existing), properties,
assignments (in this workspace), and memberships (in
contained workspaces).
"""
if self._secmgr is None:
self._secmgr = getSecurityManager()
roster = self._roster
data = {} # use dict in lieu of object, simple
user = self._members.get(username, None)
if user is None or username not in roster:
return data # empty if no user data or user not in workspace
portrait = self._members.portrait_for(username)
if portrait is not None:
data['portrait_url'] = portrait.absolute_url()
propkeys = {
'fullname': 'Full name',
'email': 'Email',
'description': 'User info',
'location': 'Location',
'home_page': 'Home page',
'last_login_time': 'Last login',
}
restricted = self.RESTRICTED_PROPS
if self._secmgr.checkPermission('Manage users', self.context):
restricted = () # manager can see these properties
if self._mtool.getAuthenticatedMember().getId() == username:
restricted = () # user can see own restricted properties
props = {}
for name, title in propkeys.items():
if name in restricted:
continue
v = user.getProperty(name)
if v:
props[title] = v
if props:
data['properties'] = props
groups = roster.groups.values()
data['assignments'] = [g.title for g in groups if username in g]
workspaces = self.linked_workspaces(username)
if workspaces:
data['workspaces'] = workspaces
return data
def _authenticateCredentials(login, password, path):
if not login or not password:
return None
user_list = self.getUserByLogin((login, ))
if not user_list:
return None
user = user_list[0]
user_portal_type = user.getPortalType()
sm = getSecurityManager()
if sm.getUser().getId() != SUPER_USER:
newSecurityManager(self, self.getUser(SUPER_USER))
# search for assignment only on person entity
if user_portal_type == 'Person':
try:
# get assignment
assignment_list = [x for x in \
user.contentValues(portal_type="Assignment") if \
x.getValidationState() == "open"]
valid_assignment_list = []
# check dates if exist
login_date = DateTime()
for assignment in assignment_list:
if assignment.getStartDate() is not None and \
assignment.getStartDate() > login_date:
continue
if assignment.getStopDate() is not None and \
assignment.getStopDate() < login_date:
continue
valid_assignment_list.append(assignment)
if pw_validate(user.getPassword(), password) and \
len(valid_assignment_list): #user.getCareerRole() == 'internal':
return login, login # use same for user_id and login
finally:
setSecurityManager(sm)
else:
if pw_validate(user.getPassword(), password):
return login, login # use same for user_id and login
return None
def _getSortedPreferenceList(self, sql_catalog_id=None):
""" return the most appropriate preferences objects,
sorted so that the first in the list should be applied first
"""
tv = getTransactionalVariable()
security_manager = getSecurityManager()
user = security_manager.getUser()
acl_users = self.getPortalObject().acl_users
try:
# reset a security manager without any proxy role or unrestricted method,
# wich affects the catalog search that we do to find applicable
# preferences.
actual_user = acl_users.getUserById(user.getId())
if actual_user is not None:
newSecurityManager(None, actual_user.__of__(acl_users))
tv_key = 'PreferenceTool._getSortedPreferenceList/%s/%s' % (
user.getId(), sql_catalog_id)
if tv.get(tv_key, None) is None:
prefs = []
# XXX will also cause problems with Manager (too long)
# XXX For manager, create a manager specific preference
# or better solution
user_is_manager = 'Manager' in user.getRolesInContext(self)
for pref in self.searchFolder(portal_type='Preference',
sql_catalog_id=sql_catalog_id):
pref = pref.getObject()
# XXX quick workaround so that managers only see user preference
# they actually own.
if pref is not None and (
not user_is_manager
or pref.getPriority() != Priority.USER
or pref.getOwnerTuple()[1] == user.getId()):
if pref.getProperty('preference_state',
'broken') in ('enabled', 'global'):
prefs.append(pref)
prefs.sort(key=lambda x: x.getPriority(), reverse=True)
# add system preferences before user preferences
sys_prefs = [x.getObject() for x in self.searchFolder(portal_type='System Preference', sql_catalog_id=sql_catalog_id) \
if x.getObject().getProperty('preference_state', 'broken') in ('enabled', 'global')]
sys_prefs.sort(key=lambda x: x.getPriority(), reverse=True)
preference_list = sys_prefs + prefs
tv[tv_key] = preference_list
return tv[tv_key]
finally:
setSecurityManager(security_manager)
def manage_fixupOwnershipAfterAdd(self):
# Sigh, get the parent's _owner
parent = getattr(self, '__parent__', None)
if parent is not None:
_owner = aq_get(parent, '_owner', None, 1)
else:
_owner = None
if _owner is None and \
(getattr(self, '__parent__', None) is None or # NOQA: W504
not hasattr(self, 'getPhysicalRoot')):
# This is a special case. An object is
# being added to an object that hasn't
# been added to the object hierarchy yet.
# We can delay fixing up the ownership until the
# object is actually added.
return None
if _owner is UnownableOwner:
# We want to acquire Unownable ownership!
return self._deleteOwnershipAfterAdd()
else:
# Otherwise change the ownership
user = getSecurityManager().getUser()
if (SU.emergency_user and aq_base(user) is SU.emergency_user):
__creatable_by_emergency_user__ = getattr(
self, '__creatable_by_emergency_user__', None)
if __creatable_by_emergency_user__ is None or \
not __creatable_by_emergency_user__():
raise EmergencyUserCannotOwn(
"Objects cannot be owned by the emergency user")
self.changeOwnership(user)
# Force all subs to acquire ownership!
for object in self.objectValues():
try:
s = object._p_changed
except:
s = 0
try:
object._deleteOwnershipAfterAdd()
except:
pass
if s is None:
object._p_deactivate()
def _adopt_user(user):
# Fortunately, AccessControl makes this fairly easy.
# One reference to the current user is held by the security
# manager's pet SecurityContext object (defined for both the C and
# Python implementations in AccessControl/SecurityManagement.py).
# Use getSecurityManager() to take a reference to the existing
# security manager object. Use newSecurityManager() to replace it
# with a new one whose context refers to the new user object.
# Run the block, then put the original security manager back.
old_security_manager = getSecurityManager()
newSecurityManager(getRequest(), user)
yield
setSecurityManager(old_security_manager)
