def login_as_portal_owner(app): uf = app.acl_users owner = uf.getUserById(ptc.portal_owner) if not hasattr(owner, 'aq_base'): owner = owner.__of__(uf) SecurityManagement.newSecurityManager(None, owner) return owner
def createObjectAsPortalOwner(container, type_name, id_): """Create an object as the portal owner""" info = interfaces.ITemplateTypeInfo( container.portal_types.getTypeInfo(type_name), None) if info is None: return template = info.getTemplate(container) if template is None: return source = Acquisition.aq_parent(Acquisition.aq_inner(template)) sm = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager( None, container.portal_url.getPortalObject().getOwner()) result, = container.manage_pasteObjects( source.manage_copyObjects([template.getId()])) container.manage_renameObject(result['new_id'], id_) SecurityManagement.setSecurityManager(sm) added = container[id_] owner.changeOwnershipOf(added) event.notify(interfaces.TemplateCopiedEvent(added, template)) return added
def flash_upload_file(self) : context = aq_inner(self.context) request = self.request self._auth_with_ticket() file_name = request.form.get("Filename", "") file_data = request.form.get("Filedata", None) content_type = mimetypes.guess_type(file_name)[0] portal_type = request.form.get('typeupload', '') title = request.form.get("title", None) description = request.form.get("description", None) if not portal_type : ctr = getToolByName(context, 'content_type_registry') portal_type = ctr.findTypeName(file_name.lower(), content_type, '') or 'File' if file_data: factory = IQuickUploadFileFactory(context) logger.debug("Uploading file with flash: filename=%s, title=%s, " "description=%s, content_type=%s, portal_type=%s" % ( file_name, title, description, content_type, portal_type) ) try : f = factory(file_name, title, description, content_type, file_data, portal_type) except : # XXX todo : improve errors handlers for flashupload raise if f['success'] is not None : o = f['success'] logger.info("file url: %s" % o.absolute_url()) SecurityManagement.setSecurityManager(self.old_sm) return o.absolute_url()
def _auth_with_ticket(self): """ with flashupload authentication is done using a ticket """ context = aq_inner(self.context) request = self.request url = context.absolute_url() ticket = getDataFromAllRequests(request, 'ticket') if ticket is None: raise Unauthorized('No ticket specified') logger.info('Authenticate using ticket, the ticket is "%s"' % str(ticket)) username = ticketmod.ticketOwner(url, ticket) if username is None: logger.info('Ticket "%s" was invalidated, cannot be used ' 'any more.' % str(ticket)) raise Unauthorized('Ticket is not valid') self.old_sm = SecurityManagement.getSecurityManager() user = find_user(context, username) SecurityManagement.newSecurityManager(self.request, user) logger.info('Switched to user "%s"' % username)
def tearDown(self): IStatusMessage(self.request).show() if 'HTTP_REFERER' in self.request.environ: del self.request.environ['HTTP_REFERER'] SecurityManagement.noSecurityManager() if 'location' in self.request.response.headers: del self.request.response.headers['location']
def __call__(self): """ Create a new revision folder based on an existing item """ context_id = self.context.getId() parent = getMultiAdapter((self.context, self.request), name=u'plone_context_state').parent() try: uniqueid = parent.generateUniqueId('Folder') uniqueid = parent.invokeFactory('Folder', uniqueid) folderish_obj = getattr(parent, uniqueid) folderish_obj.setTitle(self.context.Title()) alsoProvides(folderish_obj, IRevision) revision_info = IRevisionInfo(folderish_obj) next_code = revision_info.next_code() transaction.savepoint(optimistic=True) _move(parent, self.context, folderish_obj, context_id, next_code) revisionfile = getattr(folderish_obj, next_code) alsoProvides(revisionfile, IRevisionFile) _move(parent, folderish_obj, parent, uniqueid, context_id) newcontext = getattr(parent, context_id) ppw = getToolByName(newcontext, 'portal_placeful_workflow', None) if ppw: portal_type = self.context.portal_type priority_utility = queryUtility(IRevisionWorkflowUtility, name=portal_type) priority_utility = not priority_utility and queryUtility(IRevisionWorkflowUtility) policy_id = priority_utility and priority_utility.policy_id() if policy_id and ppw.isValidPolicyName(policy_id): old_sm = SecurityManagement.getSecurityManager() try: SecurityManagement.newSecurityManager(None, SpecialUsers.system) newcontext.manage_addProduct['CMFPlacefulWorkflow'].manage_addWorkflowPolicyConfig() config = ppw.getWorkflowPolicyConfig(newcontext) config.setPolicyIn(policy=policy_id) config.setPolicyBelow(policy=policy_id, update_security=True) finally: SecurityManagement.setSecurityManager(old_sm) newcontext.reindexObject() newcontext.reindexObjectSecurity() except ConflictError: raise except Exception: view_url = getMultiAdapter((self.context, self.request), name=u'plone_context_state').view_url() self.request.response.redirect(view_url) IStatusMessage(self.request).addStatusMessage(_(u'enabled_revision_error', default=u'Error'), type='error') else: view_url = getMultiAdapter((folderish_obj, self.request), name=u'plone_context_state').view_url() self.request.response.redirect(view_url) IStatusMessage(self.request).addStatusMessage(_(u'enabled_revision_ok', default=u'Revision created correctly'), type='info')
def reorderFolderContents(folder, encodedlist, reverse=False): # id[]=313128&id[]=800959&id[]=304611&id[]=947600&id[]=588736&id[]=274764 folder = folder.aq_inner encodedlist = encodedlist.strip() if not encodedlist: return ids = [id.split('=')[1] for id in encodedlist.split('&')] if reverse: ids.reverse() ctool = getToolByName(folder, 'portal_catalog') existing_ids = folder.objectIds() moved_ids = [id for id in ids if id not in existing_ids] # print moved_ids, ids, existing_ids if moved_ids: parent_path = '/'.join(folder.aq_inner.aq_parent.getPhysicalPath()) brains = ctool(path=parent_path, portal_type='TodoItem', getId=moved_ids) for b in brains: o = b.getObject() cutted = o.aq_parent.manage_cutObjects([o.getId()]) # 解决粘贴的时候权限的问题 originalSecurityManager = SecurityManagement.getSecurityManager() username = originalSecurityManager.getUser().getUserName() deliverUser = User.SimpleUser(username, '', ['Manager', 'Owner'], '') acl_users = folder.acl_users.aq_inner deliverUser = deliverUser.__of__(acl_users) SecurityManagement.newSecurityManager(None, deliverUser) folder.manage_pasteObjects(cutted) SecurityManagement.setSecurityManager(originalSecurityManager) _dict = {} unchanged = [] for obj in folder._objects: if obj['id'] not in ids: unchanged.append(obj) else: _dict[obj['id']] = obj # 注意,可能传过来了不存在的id, 在对象被删除后会发生! ordered = [_dict[id] for id in ids if id in _dict] ordered.extend(unchanged) folder._objects = tuple(ordered) # 更新索引 for id in _dict: obj = getattr(folder, id) ctool.reindexObject(obj, idxs=['getObjPositionInParent'], update_metadata=1)
def adopt_system(user=SpecialUsers.system): """ Execute this block of code as the system user. """ old_security_manager = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager(globalrequest.getRequest(), user) yield SecurityManagement.setSecurityManager(old_security_manager)
def setUp(self): RequestAwareTestCase.setUp(self) user = SimpleUser('john.doe', 'pw', [], []) SecurityManagement.newSecurityManager(object(), user) self.portal = self.layer['portal'] self.request = self.layer['request'] self.page = self.portal.get('feed-folder').get('page') self.referer_url = 'http://nohost/plone/feed-folder/page' self.request.environ['HTTP_REFERER'] = self.referer_url
def reorderFolderContents(folder, encodedlist, reverse=False): # id[]=313128&id[]=800959&id[]=304611&id[]=947600&id[]=588736&id[]=274764 folder = folder.aq_inner encodedlist = encodedlist.strip() if not encodedlist: return ids = [id.split('=')[1] for id in encodedlist.split('&')] if reverse: ids.reverse() ctool = getToolByName(folder, 'portal_catalog') existing_ids = folder.objectIds() moved_ids = [id for id in ids if id not in existing_ids] # print moved_ids, ids, existing_ids if moved_ids: parent_path = '/'.join(folder.aq_inner.aq_parent.getPhysicalPath()) brains = ctool(path=parent_path, portal_type='TodoItem', getId=moved_ids) for b in brains: o = b.getObject() cutted = o.aq_parent.manage_cutObjects([o.getId()]) # 解决粘贴的时候权限的问题 originalSecurityManager = SecurityManagement.getSecurityManager() username = originalSecurityManager.getUser().getUserName() deliverUser = User.SimpleUser(username,'', ['Manager', 'Owner'], '') acl_users = folder.acl_users.aq_inner deliverUser = deliverUser.__of__(acl_users) SecurityManagement.newSecurityManager(None, deliverUser) folder.manage_pasteObjects(cutted) SecurityManagement.setSecurityManager(originalSecurityManager) _dict = {} unchanged = [] for obj in folder._objects: if obj['id'] not in ids: unchanged.append(obj) else: _dict[obj['id']] = obj # 注意,可能传过来了不存在的id, 在对象被删除后会发生! ordered = [_dict[id] for id in ids if id in _dict] ordered.extend(unchanged) folder._objects = tuple(ordered) # 更新索引 for id in _dict: obj = getattr(folder, id) ctool.reindexObject(obj, idxs=['getObjPositionInParent'], update_metadata=1)
def create_folder(self, context, id, title=''): old_sm = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager(None, SpecialUsers.system) try: folder = api.content.create(type=self.action.folderish_type, id=id, title=title, container=context) for transition in self.action.transitions: api.content.transition(obj=folder, transition=transition) finally: SecurityManagement.setSecurityManager(old_sm) return folder
def notifyAboutReview(ob, event): # 仅当文件或者图片(File/Image)的时候,才发送 if ob.getPortalTypeName() not in ['File', 'Image']: return # 仅当处于提交、审核通过、拒绝的时候才通知 mtool = getToolByName(ob, 'portal_membership') userid = mtool.getAuthenticatedMember().getId() operation = '' if event.action.endswith('submit'): operation = 'submit' elif event.action.endswith('publish'): operation = 'publish' elif event.action.endswith('reject'): operation = 'reject' # 工作流就是这样定义的, 下面逻辑没错! elif event.action.endswith('retract') and ob.Creator() != userid: operation = 'reject' else: return # 必须在项目中 if hasattr(ob, 'getProject'): project = ob.getProject().aq_inner acl_users = getToolByName(project, 'acl_users') oe = IOrganizedEmployess(project.teams) all_members = oe.get_all_people() members = [] if operation == 'submit': # 只有Administrator或者Reviewer才能收到邮件 # userids = ob.users_with_local_role('Administrator') + ob.users_with_local_role('Reviewer') originalSecurityManager = SecurityManagement.getSecurityManager() for member in all_members: user = acl_users.getUserById(member.getId()) if user is not None: # 模拟那个用户来登录 SecurityManagement.newSecurityManager(None, user) if mtool.checkPermission('Review portal content', ob): members.append(member) SecurityManagement.setSecurityManager(originalSecurityManager) else: member = mtool.getMemberById(ob.Creator()) if member: members.append(member) sendNotification(ob, members, operation)
def setContentCategory(self, obj, new_cat_id): cutted = obj.aq_inner.aq_parent.manage_cutObjects(obj.getId()) new_cat = getattr(self.context, new_cat_id).aq_inner # 解决权限的问题 originalSecurityManager = SecurityManagement.getSecurityManager() username = originalSecurityManager.getUser().getUserName() deliverUser = User.SimpleUser(username,'', ['Manager', 'Owner'], '') acl_users = obj.acl_users.aq_inner deliverUser = deliverUser.__of__(acl_users) SecurityManagement.newSecurityManager(None, deliverUser) new_cat.manage_pasteObjects(cutted) SecurityManagement.setSecurityManager(originalSecurityManager) return getattr(new_cat, obj.getId())
def SecurityCalledByExecutable(md): """Return a boolean value indicating if this context was called by an executable""" r = (SecurityManagement.getSecurityManager().calledByExecutable()) if r > 0: return r - 1 return r
def editSyInformationProperties(self, obj, updatePeriod=None, updateFrequency=None, updateBase=None, max_items=None, REQUEST=None): """ Edit syndication properties for the obj being passed in. These are held on the syndication_information object. Not Sitewide Properties. """ mgr = SecurityManagement.getSecurityManager() if not _checkPermission(ManageProperties, obj): raise Unauthorized #import pdb; pdb.set_trace() syInfo = getattr(obj, 'syndication_information', None) if syInfo is None: raise 'Syndication is Disabled' if updatePeriod: syInfo.syUpdatePeriod = updatePeriod else: syInfo.syUpdatePeriod = self.syUpdatePeriod if updateFrequency: syInfo.syUpdateFrequency = updateFrequency else: syInfo.syUpdateFrequency = self.syUpdateFrequency if updateBase: syInfo.syUpdateBase = updateBase else: syInfo.syUpdateBase = self.syUpdateBase if max_items: syInfo.max_items = max_items else: syInfo.max_items = self.max_items
def setContentCategory(self, obj, new_cat_id): cutted = obj.aq_inner.aq_parent.manage_cutObjects(obj.getId()) new_cat = getattr(self.context, new_cat_id).aq_inner # 解决权限的问题 originalSecurityManager = SecurityManagement.getSecurityManager() username = originalSecurityManager.getUser().getUserName() deliverUser = User.SimpleUser(username, '', ['Manager', 'Owner'], '') acl_users = obj.acl_users.aq_inner deliverUser = deliverUser.__of__(acl_users) SecurityManagement.newSecurityManager(None, deliverUser) new_cat.manage_pasteObjects(cutted) SecurityManagement.setSecurityManager(originalSecurityManager) return getattr(new_cat, obj.getId())
def kss_obj_delete(self, selector='.kssDeletionRegion'): obj = self.context.aq_inner if obj.getPortalTypeName() == 'Discussion Item': parent = obj.inReplyTo() if parent is not None: portal_discussion = getUtility(IDiscussionTool) talkback = portal_discussion.getDiscussionFor(parent) else: talkback = obj.aq_parent # remove the discussion item talkback.deleteReply(str(obj.getId())) else: # 被锁定时先解锁 if HAS_LOCKING: lockable = ILockable(obj) if lockable.locked(): lockable.unlock() parent = obj.aq_parent # archetypes的manage_delObjects会检查每个item的删除权限 originalSecurityManager = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager( None, User.SimpleUser('admin', '', ('Manager', ), '')) parent.manage_delObjects(str(obj.getId())) SecurityManagement.setSecurityManager(originalSecurityManager) if selector.startswith('redirect2'): # 跳转到某个地址 # 需要定义 # class="kssattr-delSelector-redirect2http://test.everydo.com" redirect2url = selector[len('redirect2'):] self.getCommandSet('zopen').redirect(url=redirect2url) else: core = self.getCommandSet('core') effects = self.getCommandSet('effects') selector = core.getParentNodeSelector(selector) # effects.effect(selector, 'fade') core.deleteNode(selector) self.getCommandSet('plone').issuePortalMessage( translate(_(u'Deleted.'), default="Deleted.", context=self.request), translate(_(u'Info'), default="Info", context=self.request)) return self.render()
def kss_obj_delete(self, selector='.kssDeletionRegion'): obj = self.context.aq_inner if obj.getPortalTypeName() == 'Discussion Item': parent = obj.inReplyTo() if parent is not None: portal_discussion = getUtility(IDiscussionTool) talkback = portal_discussion.getDiscussionFor(parent) else: talkback = obj.aq_parent # remove the discussion item talkback.deleteReply( str(obj.getId()) ) else: # 被锁定时先解锁 if HAS_LOCKING: lockable = ILockable(obj) if lockable.locked(): lockable.unlock() parent = obj.aq_parent # archetypes的manage_delObjects会检查每个item的删除权限 originalSecurityManager = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager(None, User.SimpleUser('admin','',('Manager',), '')) parent.manage_delObjects(str(obj.getId())) SecurityManagement.setSecurityManager(originalSecurityManager) if selector.startswith('redirect2'): # 跳转到某个地址 # 需要定义 # class="kssattr-delSelector-redirect2http://test.everydo.com" redirect2url = selector[len('redirect2'):] self.getCommandSet('zopen').redirect(url=redirect2url) else: core = self.getCommandSet('core') effects = self.getCommandSet('effects') selector = core.getParentNodeSelector(selector) # effects.effect(selector, 'fade') core.deleteNode(selector) self.getCommandSet('plone').issuePortalMessage( translate(_(u'Deleted.'), default="Deleted.", context=self.request), translate(_(u'Info'), default="Info", context=self.request)) return self.render()
def guarded_getattr(inst, name, default=_marker): """Retrieves an attribute, checking security in the process. Raises Unauthorized if the attribute is found but the user is not allowed to access the attribute. """ if name[:1] == '_': raise Unauthorized, name # Try to get the attribute normally so that unusual # exceptions are caught early. try: v = getattr(inst, name) except AttributeError: if default is not _marker: return default raise try: container = v.im_self except AttributeError: container = aq_parent(aq_inner(v)) or inst assertion = Containers(type(container)) if isinstance(assertion, dict): # We got a table that lets us reason about individual # attrs assertion = assertion.get(name) if assertion: # There's an entry, but it may be a function. if callable(assertion): return assertion(inst, name) # Nope, it's boolean return v raise Unauthorized, name if assertion: if callable(assertion): factory = assertion(name, v) if callable(factory): return factory(inst, name) assert factory == 1 else: assert assertion == 1 return v # See if we can get the value doing a filtered acquire. # aq_acquire will either return the same value as held by # v or it will return an Unauthorized raised by validate. validate = SecurityManagement.getSecurityManager().validate aq_acquire(inst, name, aq_validate, validate) return v
def test_add_portlet_fails_with_anonymous(self): portal = self.layer['portal'] request = self.layer['request'] request.environ['HTTP_X_BRIDGE_ORIGIN'] = 'client-one' request.form['path'] = '@@watcher-feed?uid=567891234' sm = SecurityManagement.getSecurityManager() SecurityManagement.noSecurityManager() try: view = queryMultiAdapter((portal, request), name='add-watcher-portlet') with self.assertRaises(Exception) as cm: view() self.assertEqual(str(cm.exception), 'Could not find userid.') finally: SecurityManagement.setSecurityManager(sm)
def __call__(self): ticket = self.request.form.get('ticket',None) if ticket is None: # we cannot set post headers in flash, so get the # querystring manually qs = self.request.get('QUERY_STRING','ticket=') ticket = qs.split('=')[-1] or None logger.debug('Ticket being used is "%s"' % str(ticket)) if ticket is None: raise Unauthorized('No ticket specified') context = utils.non_view_context(self.context) url = absoluteURL(context, self.request) username = ticketmod.ticketOwner(url, ticket) if username is None: logger.warn('Ticket "%s" was invalidated, cannot be used ' 'any more.' % str(ticket)) raise Unauthorized('Ticket is not valid') old_sm = SecurityManagement.getSecurityManager() user = utils.find_user(context, username) SecurityManagement.newSecurityManager(self.request, user) logger.debug('Switched to user "%s"' % username) ticketmod.invalidateTicket(url,ticket) if self.request.form.get('Filedata', None) is None: # flash sends a emtpy form in a pre request in flash version 8.0 return "" fileUpload = self.request.form['Filedata'] fileName = self.request.form['Filename'] contentType = self.request.form.get('Content-Type',None) factory = IFileFactory(self.context) f = factory(fileName, contentType, fileUpload) event.notify(FlashUploadedEvent(f)) result = "filename=%s" %f.getId() SecurityManagement.setSecurityManager(old_sm) return result
def deleteTeam(self, selector): obj = self.context.aq_inner parent = obj.aq_parent team_id = obj.getId() originalSecurityManager = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager( None, User.SimpleUser('admin', '', ('Manager', ), '')) parent.manage_delObjects(str(team_id)) SecurityManagement.setSecurityManager(originalSecurityManager) core = self.getCommandSet('core') selector = core.getParentNodeSelector(selector) core.deleteNode(selector) containner = parent.aq_parent teamidstr = ".teamitemroot-" + team_id + "-" + \ containner.getId() teamselector = core.getSelector("css", teamidstr) core.deleteNode(teamselector) containner.manage_delLocalRoles([team_id + '-' + \ containner.getId()]) containner.reindexObjectSecurity() for item in ['messages', 'files', 'todos', 'milestones',\ 'writeboards', 'chatroom', 'time']: obj = containner.unrestrictedTraverse(item) obj.manage_delLocalRoles([team_id + '-' + \ containner.getId()]) obj.reindexObjectSecurity() if item in ['messages', 'files']: for i in obj.contentValues(): i.manage_delLocalRoles([team_id + '-' + \ containner.getId()]) i.reindexObjectSecurity() self.getCommandSet('plone').issuePortalMessage( translate(_(u'Deleted.'), default="Deleted.", context=self.request), translate(_(u'Info'), default="Info", context=self.request)) return self.render()
def edit_collection(self): provider = self.collection() smanager = SecurityManagement.getSecurityManager() allowed = smanager.checkPermission(ChangeTopics, provider) if allowed: provider = self.collection() if provider is not None: if ICollection.providedBy(provider): return provider.absolute_url() + '/edit' return provider.absolute_url() + '/criterion_edit_form' return None
def deleteTeam(self, selector): obj = self.context.aq_inner parent = obj.aq_parent team_id = obj.getId() originalSecurityManager = SecurityManagement.getSecurityManager() SecurityManagement.newSecurityManager(None, User.SimpleUser('admin','',('Manager',), '')) parent.manage_delObjects(str(team_id)) SecurityManagement.setSecurityManager(originalSecurityManager) core = self.getCommandSet('core') selector = core.getParentNodeSelector(selector) core.deleteNode(selector) containner = parent.aq_parent teamidstr = ".teamitemroot-" + team_id + "-" + \ containner.getId() teamselector = core.getSelector("css", teamidstr) core.deleteNode(teamselector) containner.manage_delLocalRoles([team_id + '-' + \ containner.getId()]) containner.reindexObjectSecurity() for item in ['messages', 'files', 'todos', 'milestones',\ 'writeboards', 'chatroom', 'time']: obj = containner.unrestrictedTraverse(item) obj.manage_delLocalRoles([team_id + '-' + \ containner.getId()]) obj.reindexObjectSecurity() if item in ['messages', 'files']: for i in obj.contentValues(): i.manage_delLocalRoles([team_id + '-' + \ containner.getId()]) i.reindexObjectSecurity() self.getCommandSet('plone').issuePortalMessage( translate(_(u'Deleted.'), default="Deleted.", context=self.request), translate(_(u'Info'), default="Info", context=self.request)) return self.render()
def SecurityCheckPermission(md, permission, object): """Check whether the security context allows the given permission on the given object. Arguments: permission -- A permission name object -- The object being accessed according to the permission """ return (SecurityManagement.getSecurityManager().checkPermission( permission, object))
def _auth_with_ticket(self): """ with flashupload authentication is done using a ticket """ context = aq_inner(self.context) request = self.request url = context.absolute_url() ticket = getDataFromAllRequests(request, "ticket") if ticket is None: raise Unauthorized("No ticket specified") logger.info('Authenticate using ticket, the ticket is "%s"' % str(ticket)) username = ticketmod.ticketOwner(url, ticket) if username is None: logger.info('Ticket "%s" was invalidated, cannot be used ' "any more." % str(ticket)) raise Unauthorized("Ticket is not valid") self.old_sm = SecurityManagement.getSecurityManager() user = find_user(context, username) SecurityManagement.newSecurityManager(self.request, user) logger.info('Switched to user "%s"' % username)
def handle_delete(self): mship = getToolByName(self.context, 'portal_membership') user_to_delete = self.viewed_member_info['id'] old_manager = SecurityManagement.getSecurityManager() current_user = old_manager.getUser().getId() from opencore.interfaces.event import MemberDeletedEvent notify(MemberDeletedEvent( self.context.portal_memberdata[user_to_delete])) # To avoid blocking while we traverse the entire contents of the site, # we quickly delete the member and their own content... if current_user == user_to_delete: # Normally, users don't have permission to delete users. # Make an exception for deleting yourself. superuser = UnrestrictedUser('superuser', '', [], []) SecurityManagement.newSecurityManager(self.request, superuser) mship.deleteMembers([user_to_delete], delete_memberareas=True, delete_localroles=False) SecurityManagement.setSecurityManager(old_manager) self.context.acl_users.logout(self.request) else: # Otherwise, rely on normal access controls. This will # allow site admins (and only site admins) to delete # anybody. mship.deleteMembers([user_to_delete], delete_memberareas=True, delete_localroles=False) portal_url = getToolByName(self.context, 'portal_url')() self.addPortalStatusMessage( _(u'psm_account_deleted', u"Account '${deleted_user_id}' has been permanently deleted.", mapping={u'deleted_user_id': user_to_delete} ) ) return self.redirect(portal_url)
def _copyBaseline(self, container): # copy the context from source to the target container source_container = aq_parent(aq_inner(self.context)) with util.adopt_system(): clipboard = source_container.manage_copyObjects( [self.context.getId()]) result = container.manage_pasteObjects(clipboard) # get a reference to the working copy target_id = result[0]['new_id'] target = container._getOb(target_id) security_manager = SecurityManagement.getSecurityManager() target.manage_addLocalRoles(security_manager.getUser().getId(), ('iterate: Check out initiator', )) return target
def SecurityValidate(md, inst, parent, name, value): """Validate access. Arguments: accessed -- the object that was being accessed container -- the object the value was found in name -- The name used to access the value value -- The value retrieved though the access. The arguments may be provided as keyword arguments. Some of these arguments may be ommitted, however, the policy may reject access in some cases when arguments are ommitted. It is best to provide all the values possible. """ return (SecurityManagement.getSecurityManager().validate( inst, parent, name, value))
def editSyInformationProperties(self, obj , updatePeriod=None , updateFrequency=None , updateBase=None , max_items=None , REQUEST=None ): """ Edit syndication properties for the obj being passed in. These are held on the syndication_information object. Not Sitewide Properties. """ mgr = SecurityManagement.getSecurityManager() if not mgr.checkPermission( ManageProperties, obj ): raise Unauthorized #import pdb; pdb.set_trace() syInfo = getattr(obj, 'syndication_information', None) if syInfo is None: raise 'Syndication is Disabled' if updatePeriod: syInfo.syUpdatePeriod = updatePeriod else: syInfo.syUpdatePeriod = self.syUpdatePeriod if updateFrequency: syInfo.syUpdateFrequency = updateFrequency else: syInfo.syUpdateFrequency = self.syUpdateFrequency if updateBase: syInfo.syUpdateBase = updateBase else: syInfo.syUpdateBase = self.syUpdateBase if max_items: syInfo.max_items = max_items else: syInfo.max_items = self.max_items
def authenticateCredentials(self, credentials): """ See IAuthenticationPlugin. """ # Fail if authentication is not permitted for this member. Otherwise, # return the result of verifying the credentials. orig_sm = SecurityManagement.getSecurityManager() try: SecurityManagement.newSecurityManager(None, self.getUser()) if not SecurityManagement.getSecurityManager( ).checkPermission(CAN_AUTHENTICATE_PERMISSION, self): return None finally: SecurityManagement.setSecurityManager(orig_sm) if self.verifyCredentials(credentials): login = credentials.get('login') userid = self.getUserId() return userid, login
def setUp(self): RequestAwareTestCase.setUp(self) user = SimpleUser('john.doe', 'pw', [], []) SecurityManagement.newSecurityManager(object(), user)
def SecurityGetUser(md): """Gen the current authenticated user""" return (SecurityManagement.getSecurityManager().getUser())
def tearDown(self): SecurityManagement.noSecurityManager()
def canSeeEditLink(self): provider = self.collection() smanager = SecurityManagement.getSecurityManager() return smanager.checkPermission(ChangeTopics, provider)
import transaction from AccessControl import SecurityManagement SecurityManagement.newSecurityManager( None, app.acl_users.getUser('admin')) for path, obj in app.ZopeFind(app, search_sub=True, obj_expr="id=='broken'"): try: split_path = path.rsplit('/', 1) if len(split_path) == 2: container_path, broken_id = split_path container = app.unrestrictedTraverse(container_path) else: container = app broken_id, = split_path if broken_id in container.objectIds(): if container.manage_delObjects is not None: container.manage_delObjects([broken_id]) except: import pdb, sys; pdb.post_mortem(sys.exc_info()[2]) raise transaction.commit()
def canSeeEditLink(self, provider): smanager = SecurityManagement.getSecurityManager() return smanager.checkPermission(ChangeTopics, provider)
try: import ipdb as pdb except: import pdb import transaction from AccessControl import SecurityManagement SecurityManagement.newSecurityManager(None, app.acl_users.getUser('admin')) for path, obj in app.ZopeFind(app, search_sub=True, obj_expr="id=='broken'"): try: split_path = path.rsplit('/', 1) if len(split_path) == 2: container_path, broken_id = split_path container = app.unrestrictedTraverse(container_path) else: container = app broken_id, = split_path if broken_id in container.objectIds(): if container.manage_delObjects is not None: container.manage_delObjects([broken_id]) except: import pdb import sys pdb.post_mortem(sys.exc_info()[2]) raise transaction.commit()