def unrestricted_apply(function, args=(), kw={}):
"""Function to bypass all security checks
This function is as dangerous as 'UnrestrictedMethod' decorator. Read its
docstring for more information. Never use this, until you are 100% certain
that you have no other way.
"""
security_manager = getSecurityManager()
user = security_manager.getUser()
anonymous = (user.getUserName() == 'Anonymous User')
if user.getId() is None and not anonymous:
# This is a special user, thus the user is not allowed to own objects.
super_user = UnrestrictedUser(user.getUserName(), None,
user.getRoles(), user.getDomains())
else:
try:
# XXX is it better to get roles from the parent (i.e. portal)?
uf = user.aq_inner.aq_parent
except AttributeError:
uf = app().acl_users
role_list = uf.valid_roles()
if anonymous:
# If the user is anonymous, use the id of the system user,
# so that it would not be treated as an unauthorized user.
user_id = str(system)
else:
user_id = user.getId()
super_user = PrivilegedUser(user_id, None,
role_list, user.getDomains()).__of__(uf)
newSecurityManager(None, super_user)
try:
return apply(function, args, kw)
finally:
# Make sure that the original user is back.
setSecurityManager(security_manager)
def getSite():
site = getSiteHook()
if site is None:
# user might be at zope root level. Try to guess site
zope_root = app()
plone_sites = zope_root.objectIds('Plone Site')
if len(plone_sites) == 1:
# just one plone site, safe bet
site = zope_root[plone_sites[0]]
elif len(plone_sites) > 1:
# many sites. Might be an undo attempt
request = getRequest()
if request and 'transaction_info' in request.other:
info = ' '.join(request.other['transaction_info'])
for plone_site in plone_sites:
if " /{}/".format(plone_site) in info:
site = zope_root[plone_site]
return site
from Zope2 import app
from amp.ezupgrade.browser.system import UpgradeProductsForAllSites
from zope.globalrequest import getRequest
if __name__ == "__main__":
root = app()
view = UpgradeProductsForAllSites(root, getRequest())
view.render()
