def render(self): if self._finishedAdd: can_view = checkPermission( # noqa: P001 'zope2.View', self.content, ) can_edit = checkPermission( # noqa: P001 'cmf.ModifyPortalContent', self.content, ) if IAddFlowSchemaDynamic.providedBy(self.schema) and can_edit: self.request.response.redirect( self.content.absolute_url() + u'/@@edit', ) return u'' elif can_view: self.request.response.redirect(self.content.absolute_url()) return u'' else: return SubmissionView( self.context, self.request, self.content, )() else: can_edit = checkPermission( # noqa: P001 'cmf.ModifyPortalContent', self.context, ) if can_edit and self.submission_impersonation: self.impersonate_url = (self.context.absolute_url() + u'/@@impersonate') return super(FlowSubmitForm, self).render()
def update(self): format = self.request.locale.dates.getFormatter('dateTime', 'short').format convert = lambda d: d is not None and format(d.asdatetime()) or None self.first_publication_date = convert( self.context.get_first_publication_date()) self.publication_date = convert( self.context.get_public_version_publication_datetime()) self.expiration_date = convert( self.context.get_public_version_expiration_datetime()) self.have_unapproved = self.context.get_unapproved_version() != None self.have_next = self.context.get_next_version() != None self.have_closed = self.context.get_last_closed_version() != None self.have_approved = self.context.is_approved() self.have_published = self.context.is_published() self.may_approve = checkPermission('silva.ApproveSilvaContent', self.context) self.may_change = checkPermission('silva.ChangeSilvaContent', self.context)
def __init__(self, source, manager, request, instance): dataManager = [ (None, lambda content: silvaforms.FieldValueDataManager(self, content))] self.manager = manager self.source = source self.__parent__ = manager.context # Enable security checks. if source is not None: fields = source.get_parameters_form() if fields is not None: self.parameterFields = silvaforms.Fields(fields) # This doesn't work because authentication is not done # when __init__ is called. if checkPermission(SETTINGS_PERMISSION, manager.context): self.settingFields += TextField( identifier="source_template", title="Source template", description="<!-- source output --> will be replaced by the HTML code generated by the source.", constrainValue=validateSourceTemplate, required=False) dataManager.append( ('source_template', silvaforms.SilvaDataManager)) self.dataManager = silvaforms.MultiDataManagerFactory(dataManager) super(ExternalSourceController, self).__init__( manager.context, request, instance)
def __call__(self): """Return the children of the <head> tag as a fragment. """ # Check for the registered view permission try: type_ = queryUtility(ITileType, self.context.__name__) permission = type_.view_permission except AttributeError: permission = None if permission: if not checkPermission(permission, self.context): raise Unauthorized() if self.request.getHeader(ESI_HEADER): del self.request.environ[ESI_HEADER_KEY] document = self.context() # render the tile # Disable the theme so we don't <html/>-wrapped self.request.response.setHeader('X-Theme-Disabled', '1') match = BODY_CHILDREN.search(document) if not match: return document return match.group(1).strip()
def getContentLayoutsForType(pt, context=None): result = [] registry = getUtility(IRegistry) hidden = registry.get('plone.app.mosaic.hidden_content_layouts', [])[:] for item in hidden[:]: # undocumented feature right now. # need to figure out how to integrate into UI yet if '::' in item: # seperator to be able to specify hidden for a specific type key, _, hidden_type = item.partition('::') if hidden_type == pt: hidden.append(key) for key, value in getLayoutsFromResources( CONTENT_LAYOUT_MANIFEST_FORMAT).items(): if key in hidden: continue _for = [v for v in (value.get('for') or '').split(',') if v] if _for and pt not in _for: continue preview = value.get('preview', value.get('screenshot')) if preview and not preview.startswith('++'): value['preview'] = '++contentlayout++' + '/'.join( [os.path.dirname(key), preview]) value['path'] = key result.append(value) if context is not None: result = [ value for value in result if not value.get('permission') or checkPermission(value.get('permission'), context) ] result.sort(key=lambda l: l.get('sort_key', '') or l.get('title', '')) return result
def update(self): # If you don't have the permission to edit the content, then # you don't. This can't be done in setContentData, as this is # called before security is verified. content = self.getContentData().content if not checkPermission('silva.ChangeSilvaContent', content): self.widgetFactoryFactory = SMIDisplayWidgetFactory
def __init__(self, source, manager, request, instance): dataManager = [ (None, lambda content: silvaforms.FieldValueDataManager(self, content)) ] self.manager = manager self.source = source self.__parent__ = manager.context # Enable security checks. if source is not None: fields = source.get_parameters_form() if fields is not None: self.parameterFields = silvaforms.Fields(fields) # This doesn't work because authentication is not done # when __init__ is called. if checkPermission(SETTINGS_PERMISSION, manager.context): self.settingFields += TextField( identifier="source_template", title="Source template", description= "<!-- source output --> will be replaced by the HTML code generated by the source.", constrainValue=validateSourceTemplate, required=False) dataManager.append( ('source_template', silvaforms.SilvaDataManager)) self.dataManager = silvaforms.MultiDataManagerFactory(dataManager) super(ExternalSourceController, self).__init__(manager.context, request, instance)
def reply(self): if self.params and len(self.params) > 0: self.content_type = "application/json+schema" try: tile = getUtility(ITileType, name=self.params[0]) return getMultiAdapter( (tile, self.request), ISerializeToJson)() except KeyError: self.content_type = "application/json" self.request.response.setStatus(404) return { 'type': 'NotFound', 'message': 'Tile "{}" could not be found.'.format( self.params[0] ) } result = [] tiles = getUtilitiesFor(ITileType, context=self.context) for name, tile in tiles: serializer = getMultiAdapter( (tile, self.request), ISerializeToJsonSummary) if checkPermission(tile.add_permission, self.context): result.append(serializer()) return result
def reply(self): warnings.warn( "``plone.restapi.services.tiles`` is deprecated and will be removed in plone.restapi 9.", DeprecationWarning, ) if self.params and len(self.params) > 0: self.content_type = "application/json+schema" try: tile = getUtility(ITileType, name=self.params[0]) return getMultiAdapter((tile, self.request), ISerializeToJson)() except KeyError: self.content_type = "application/json" self.request.response.setStatus(404) return { "type": "NotFound", "message": f'Tile "{self.params[0]}" could not be found.', } result = [] tiles = getUtilitiesFor(ITileType, context=self.context) for name, tile in tiles: serializer = getMultiAdapter((tile, self.request), ISerializeToJsonSummary) if checkPermission(tile.add_permission, self.context): result.append(serializer()) return result
def available(self): """ This form do not show if there is no unapproved version or if the current user can directly approve the content """ if checkPermission("silva.ApproveSilvaContent", self.context): return False return not self.context.is_approval_requested()
def wrapped(self, *args, **kwargs): if not checkPermission(permission, self.context): raise Unauthorized( "You don't have access to %s on %s" % ( func.func_name, '/'.join(self.context.getPhysicalPath()))) return func(self, *args, **kwargs)
def available(self): return ( checkPermission("silva.ApproveSilvaContent", self.context) and self.context.get_last_closed_version() is not None and self.context.get_public_version() is None and self.context.get_unapproved_version() is None )
def update(self, preview=None): if preview is None: preview = IPreviewLayer.providedBy(self.request) self.preview = preview self.title = self.context.manager.label self.info = self.context.info self.manage = checkPermission( 'silva.ManageSilvaSettings', self.context.manager.context)
def payload(self): if checkPermission("silva.ChangeSilvaContent", self.context): version = self.context.get_editable() if version is not None: text = version.body.render(version, self.request, type=IInputEditorFilter) return {"ifaces": ["editor"], "name": "body", "text": text, "configuration": self.context.meta_type} view = getMultiAdapter((self.context, self.request), IJSView, name="content-preview") return view(self)
def check_user_can_view(self, card, userid): " if userid then login as that user otherwise logout (use Anonymous User) " if userid: self.login(userid) else: self.logout() # check if the card is viewable self.assertEqual(security.checkPermission('zope2.View', card), 1) # but can't find an equivalent zope2 permission for Modify so # try this way: self.assertEqual(getSecurityManager().checkPermission("View", card), 1)
def payload(self): if checkPermission('silva.ChangeSilvaContent', self.context): version = self.context.get_editable() if version is not None: view = getMultiAdapter( (version, self.request), IJSView, name='content-layout') return view(self, identifier=version.getId()) view = getMultiAdapter( (self.context, self.request), IJSView, name='content-preview') return view(self)
def check_user_can_edit(self, card, userid): " if userid then login as that user otherwise logout (use Anonymous User) " if userid: self.login(userid) else: self.logout() # check if the card is viewable self.assertEqual(security.checkPermission('zope2.View', card), 1) # but can't find an equivalent zope2 permission for Modify so # try this way: self.assertEqual(getSecurityManager().checkPermission( "Modify portal content", card), 1)
def getter(self): if self.__content is not _marker: return self.__content content = None if self.is_preview: content = self.context.get_previewable() if not checkPermission('silva.ReadSilvaContent', self.context): raise Unauthorized( "You need to be authenticated to access this version") if content is None: content = self.context.get_viewable() self.__content = content return content
def is_deletable(self): """is object deletable? a publishable object is only deletable if it's not published it's not approved """ if not checkPermission('silva.ApproveSilvaContent', self): if self.is_published(): raise ContentError(_(u"Content is published."), self) if self.is_approved(): raise ContentError(_(u"Content is approved."), self)
def __call__(self, context=None): context = self.context or context vocabulary = super(AllowedTilesVocabulary, self).__call__(context) if context is None: return vocabulary items = [] for item in vocabulary: if checkPermission(item.value.add_permission, context): items.append(item) return SimpleVocabulary(items)
def check_user_cannot_view_or_edit(self, card, userid): " if userid then login as that user otherwise logout (use Anonymous User) " if userid: self.login(userid) else: self.logout() # some_retrieved_value = card.getComments() # no worky: this doesn't check security! # check if the card is viewable by anon self.assertEqual(security.checkPermission('zope2.View', card), False) # but can't find an equivalent zope2 permission for Modify so # try this way: self.assertEqual(getSecurityManager().checkPermission( "View", card), None) self.assertEqual(getSecurityManager().checkPermission( "Modify portal content", card), None)
def __call__(self, design): if self.context is not None: obj = self.context implements = False if self.addable is not None: obj = self.addable implements = True comply, require = verify_context(design, obj, implements) if not comply: return False permission = grok.require.bind().get(design) if permission: return checkPermission(permission, self.context) return True
def check_user_cannot_view_or_edit(self, card, userid): " if userid then login as that user otherwise logout (use Anonymous User) " if userid: self.login(userid) else: self.logout() # some_retrieved_value = card.getComments() # no worky: this doesn't check security! # check if the card is viewable by anon self.assertEqual(security.checkPermission('zope2.View', card), False) # but can't find an equivalent zope2 permission for Modify so # try this way: self.assertEqual(getSecurityManager().checkPermission("View", card), None) self.assertEqual( getSecurityManager().checkPermission("Modify portal content", card), None)
def is_deletable(self): """is object deletable? a publishable object is only deletable if it's not published it's not approved """ if not checkPermission('silva.ApproveSilvaContent', self): if self.is_published(): raise ContentError( _(u"Content is published."), self) if self.is_approved(): raise ContentError( _(u"Content is approved."), self)
def _get_root_content_url(self): # Redirect to the root of the SMI if we are not already site = IVirtualSite(self.request) settings = getUtility(IUIService) if settings.smi_access_root: top_level = site.get_silva_root() else: top_level = site.get_root() # We lookup for the highest container where we have access root = self.context.get_container() while root != top_level: parent = root.get_real_container() if parent is None or not checkPermission("silva.ReadSilvaContent", parent): # We don't have access at that level break root = parent return getMultiAdapter((root, self.request), IContentURL)
def allow_action(self, action): if action == 'submit': return True if checkPermission('cmf.ManagePortal', self.context): return True usergroups = self.usergroups for town in self.context.keywords(categories=['cat2']): town = town.lower() town = town.replace(' ', '-') town = town.replace(u'ü', 'ue') town = town.replace(u'ö', 'oe') town = town.replace(u'ä', 'ae') if town in usergroups: return True return False
def render_content(content, request, suppress_title=False): """Render a content for inclusion. """ if not (checkPermission('zope2.View', content) or IBrowserRequest.providedBy(request)): # You can't see the content or don't have a valid request. return u'' content = content.get_silva_object() if suppress_title: if IDocument.providedBy(content): version = content.get_viewable() if version is None: return u'' details = getMultiAdapter((version, request), name="details") return details.get_text() if IAutoTOC.providedBy(content): toc = getMultiAdapter((content, request), name="toc") toc.update() return toc.render() # suppress title is not supported for other contents, render them publicly. renderer = queryMultiAdapter((content, request), name='content.html') if renderer is not None: return renderer() return u''
def available(self, form): return checkPermission("silva.ChangeSilvaContent", form.context)
def available(self): return ( checkPermission("silva.ApproveSilvaContent", self.context) and super(RejectApprovalRequestForm, self).available() )
def available(self): if checkPermission("silva.ApproveSilvaContent", self.context): return False return super(WithdrawApprovalRequestForm, self).available()
def available(self): return bool(checkPermission("silva.ApproveSilvaContent", self.context))
def available(self, form): return (len(form.lines) > 1 and bool(checkPermission('silva.ApproveSilvaContent', form.context)))
def update_index_available(self): return checkPermission('silva.ChangeSilvaContent', self.context)
def canedit(self): return checkPermission("cmf.ModifyPortalContent", self.context)
def canView(self, obj): return checkPermission('zope2.View', obj)
def available(self, form): return checkPermission('silva.ChangeSilvaContent', form.context)
def allow_configuration(self, configuration, slot, context): if checkPermission(self.permission, context): return None return False
def allow_controller(self, controller, slot, context): if checkPermission(self.permission, context): return None return False
def update(self): # Redirect to the root of the SMI if we are not already site = IVirtualSite(self.request) settings = getUtility(IUIService) if settings.smi_access_root: top_level = site.get_silva_root() else: top_level = site.get_root() # We lookup for the highest container where we have access root = self.context.get_container() while root != top_level: parent = root.get_real_container() if (parent is None or not checkPermission('silva.ReadSilvaContent', parent)): # We don't have access at that level break root = parent root_content_url = getMultiAdapter((root, self.request), IContentURL) root_url = root_content_url.url() if root != self.context: # Relative path of the content from the root. content_url = getMultiAdapter( (self.context, self.request), IContentURL) root_path = root_content_url.url(relative=True).split('/') content_path = content_url.url(relative=True).split('/') path = '/'.join(relative_path(root_path, content_path)) raise Redirect('/'.join((root_url, 'edit')) + '#!' + path) # Set the proper SMI skin set_smi_skin(self.context, self.request) # Load the extensions for load_entry in iter_entry_points('silva.ui.resources'): resource = load_entry.load() need(resource) # Customization from service if settings.logo is not None: settings_content_url = getMultiAdapter( (settings, self.request), IContentURL) self.logo_url = '/'.join((settings_content_url.url(), 'logo')) else: self.logo_url = self.static['img']['silva.png']() self.background = '#7996ac' self.name = settings.name self.listing_preview = settings.folder_icon_preview self.maintenance_message = settings.maintenance_message self.test_mode = settings.test_mode self.preview_resolutions = [] self.notifications_life = settings.notifications_life if settings.preview_use_resolutions: self.preview_resolutions = list(settings.preview_resolutions) if settings.background: self.background = settings.background # Prepare values for template languages = IUserPreferredLanguages( self.request).getPreferredLanguages() self.language = languages[0] if languages else 'en' self.root_url = root_url self.can_manage = getSecurityManager().checkPermission( 'View Management Screens', self.context)