def restore_backrefs(portal, obj):
"""Restore backreferences stored in the attribute _backrefs.
"""
intids = getUtility(IIntIds)
uid_catalog = getToolByName(portal, 'uid_catalog')
try:
backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
for backrefobj in backrefobjs:
# Dexterity and
if IDexterityContent.providedBy(backrefobj):
relitems = getattr(backrefobj, 'relatedItems', None)
if not relitems:
backrefobj.relatedItems = PersistentList()
elif not isinstance(obj.relatedItems, PersistentList):
backrefobj.relatedItems = PersistentList(
obj.relatedItems
)
to_id = intids.getId(obj)
backrefobj.relatedItems.append(RelationValue(to_id))
# Archetypes
elif IATContentType.providedBy(backrefobj):
# reindex UID so we are able to set the reference
path = '/'.join(obj.getPhysicalPath())
uid_catalog.catalog_object(obj, path)
backrefobj.setRelatedItems(obj)
logger.info(
'Restored BackRelation from %s to %s' % (backrefobj, obj))
except AttributeError:
pass
def restore_backrefs(portal, obj):
"""Restore backreferences stored in the attribute _backrefs.
"""
intids = getUtility(IIntIds)
uid_catalog = getToolByName(portal, 'uid_catalog')
try:
backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
for backrefobj in backrefobjs:
# Dexterity and
if IDexterityContent.providedBy(backrefobj):
relitems = getattr(backrefobj, 'relatedItems', None)
if not relitems:
backrefobj.relatedItems = PersistentList()
elif not isinstance(obj.relatedItems, PersistentList):
backrefobj.relatedItems = PersistentList(obj.relatedItems)
to_id = intids.getId(obj)
backrefobj.relatedItems.append(RelationValue(to_id))
# Archetypes
elif IATContentType.providedBy(backrefobj):
# reindex UID so we are able to set the reference
path = '/'.join(obj.getPhysicalPath())
uid_catalog.catalog_object(obj, path)
backrefobj.setRelatedItems(obj)
logger.info('Restored BackRelation from %s to %s' %
(backrefobj, obj))
except AttributeError:
pass
def __init__(self, context, request, brain):
self.context = context
self.request = request
self.brain = brain
self.has_protection_enabled = False
self.is_protected = False
portal_types = self.context.portal_types
portal_type = self.brain.portal_type
behaviors = getattr(portal_types[portal_type], 'behaviors', None)
if (behaviors and
'collective_folderprotection.behaviors.interfaces.IPasswordProtected' in behaviors):
self.has_protection_enabled = True
ob = self.brain.getObject()
passwordprotected = IPasswordProtected(ob)
if passwordprotected.is_password_protected():
self.is_protected = True
else:
ob = self.brain.getObject()
if IATContentType.providedBy(ob) and\
IATPasswordProtected.providedBy(ob):
self.has_protection_enabled = True
ob = self.brain.getObject()
adapter = queryAdapter(ob, IATPasswordProtected)
if adapter.is_password_protected():
self.is_protected = True
def set_text(item, text, ref=""):
if ref:
text = text.format(uid=ref)
if HAS_ARCHETYPES:
if IATContentType.providedBy(item):
item.setText(text, mimetype="text/html")
else:
item.text = RichTextValue(text, "text/html", "text/html")
def can_enable_at_pw_protection(self):
can_enable = False
if IATContentType.providedBy(self.context):
if not IATPasswordProtected.providedBy(self.context):
pm = self.context.portal_membership
roles = pm.getAuthenticatedMember().getRolesInContext(self.context)
if ('Manager' in roles or 'Owner' in roles):
can_enable = True
return can_enable
def traverse(self, path, response=None, validated_hook=None):
object = self.__old_traverse(path, response, validated_hook)
context = aq_parent(object)
if (context is None or
not IATContentType.providedBy(context) or
getSecurityManager().checkPermission(permissions.ModifyPortalContent, context)):
return object
languageTool = getToolByName(context, 'portal_languages', None)
if languageTool.getPreferredLanguage() in context.Schema()['language_constraint'].get(context):
return object
return getMultiAdapter((context, self), name='notavailable')
def languages_vocabulary_factory(context):
parent = aq_parent(context)
if IATContentType.providedBy(parent):
selected = parent.Schema()['language_constraint'].get(parent)
languages = languages_vocabulary_factory(parent)
filtered = []
for term in languages:
if not term.value in selected:
continue
filtered.append(term)
return vocabulary.SimpleVocabulary(filtered)
return getUtility(IVocabularyFactory, 'plone.app.vocabularies.SupportedContentLanguages')(parent)
def traverse(self, path, response=None, validated_hook=None):
object = self.__old_traverse(path, response, validated_hook)
context = aq_parent(object)
if (context is None or not IATContentType.providedBy(context)
or getSecurityManager().checkPermission(
permissions.ModifyPortalContent, context)):
return object
languageTool = getToolByName(context, 'portal_languages', None)
if languageTool.getPreferredLanguage() in context.Schema(
)['language_constraint'].get(context):
return object
return getMultiAdapter((context, self), name='notavailable')
def __call__(self):
if IATContentType.providedBy(self.context) and\
IATPasswordProtected.providedBy(self.context):
pm = self.context.portal_membership
roles = pm.getAuthenticatedMember().getRolesInContext(self.context)
if not ('Manager' in roles or 'Owner' in roles):
raise Unauthorized("You are not authorized to disable password protection for this item")
noLongerProvides(self.context, IATPasswordProtected)
messages = IStatusMessage(self.request)
messages.add(_(u"Password protection has been disabled"), type=u"info")
self.request.response.redirect(self.context.absolute_url())
def restoreReferences(portal):
""" iterate over all Dexterity Objs and restore es Dexterity Reference. """
out = ''
catalog = getToolByName(portal, "portal_catalog")
# Seems that these newly created objs are not reindexed
catalog.clearFindAndRebuild()
intids = getUtility(IIntIds)
results = catalog.searchResults(
object_provides=IDexterityContent.__identifier__)
for brain in results:
obj = brain.getObject()
# refs
try:
if not getattr(obj, 'relatedItems', None):
obj.relatedItems = PersistentList()
elif type(obj.relatedItems) != type(PersistentList()):
obj.relatedItems = PersistentList(obj.relatedItems)
for uuid in obj._relatedItems:
to_obj = uuidToObject(uuid)
to_id = intids.getId(to_obj)
obj.relatedItems.append(RelationValue(to_id))
out += str('Restore Relation from %s to %s \n' % (obj, to_obj))
del obj._relatedItems
except AttributeError:
pass
# backrefs
try:
backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
for backrefobj in backrefobjs:
# Dexterity and
if IDexterityContent.providedBy(backrefobj):
if not getattr(backrefobj, 'relatedItems', None):
backrefobj.relatedItems = PersistentList()
elif type(backrefobj.relatedItems) != type(PersistentList()):
backrefobj.relatedItems = PersistentList(
obj.relatedItems)
to_id = intids.getId(obj)
backrefobj.relatedItems.append(RelationValue(to_id))
# Archetypes
elif IATContentType.providedBy(backrefobj):
backrefobj.setRelatedItems(obj)
out += str(
'Restore BackRelation from %s to %s \n' % (backrefobj, obj))
del obj._backrefs
except AttributeError:
pass
return out
def save(self):
"""Save the image"""
context, request, form = self.context, self.request, self.request.form
check(self.request) # raise an error if not authenficated
if not "image" in form:
raise Exception("invalid request")
data = self.fetch(form["image"])
if not data:
raise Exception("image download fails")
if IATImage.providedBy(self.context):
self.at_store(self.context, data)
parent = aq_parent(self.context)
if IATContentType.providedBy(parent):
self.at_store(parent, data, self.context.id())
def get_infos_for(self, context):
data = {'embedded_images' : False,
'contexts_info' : []}
contexts_info = data['contexts_info']
if IATImage.providedBy(self.context):
contexts_info.append({'c':self.context, 'type': 'image'})
if IATContentType.providedBy(self.context):
for f in self.context.schema.keys():
field = self.context.schema[f]
if 'image' == field.type:
data['embedded_images'] = True
contexts_info.append(
{'c':field.get(self.context), 'type': 'atimage'}
)
for context_info in contexts_info:
request = self.request
adapters = getAdapters((context_info['c'], request), provided=i.IExternalImageEditor)
context_info['infos'] = []
for name, a in adapters:
if a.enabled:
context_info['infos'].append(a.link_infos)
return data
def _adjustFields(context=None, fields=None):
remove =[
'target_collection',
'show_footer',
'show_leadimage',
'alternate_footer_link',
'feeds',
'reverse_feed',
'header', 'limit', 'show_dates', 'show_location'
]
if context:
for i in aq_chain(context):
if IATContentType.providedBy(i):
portal_catalog = getToolByName(i, "portal_catalog")
indexes = portal_catalog.indexes()
for (field, index) in [
('query_research_areas', 'department_research_areas'),
('query_counties', 'Counties'),
('query_programs', 'Topics'),
('query_topics', 'Subtopiocs'),
('query_courses', 'Courses'),
('query_public_tags', 'Tags'),
('query_plone_tags', 'Subject'),
('limit_radius', 'zip_code'),
]:
if index not in indexes:
remove.append(field)
break
return _getFields(fields=fields,
order=['title', 'show_header', 'cache_timeout', 'items_shown',],
remove=remove)
def backrefs(portal, obj):
intids = getUtility(IIntIds)
uid_catalog = getToolByName(portal, 'uid_catalog')
out = ''
try:
backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
for backrefobj in backrefobjs:
# Dexterity and
if IDexterityContent.providedBy(backrefobj):
relitems = getattr(backrefobj, 'relatedItems', None)
if not relitems:
backrefobj.relatedItems = PersistentList()
elif type(relitems) != type(PersistentList()):
backrefobj.relatedItems = PersistentList(
obj.relatedItems
)
to_id = intids.getId(obj)
backrefobj.relatedItems.append(RelationValue(to_id))
# Archetypes
elif IATContentType.providedBy(backrefobj):
# reindex UID so we are able to set the reference
path = '/'.join(obj.getPhysicalPath())
uid_catalog.catalog_object(obj, path)
backrefobj.setRelatedItems(obj)
out += str(
'Restore BackRelation from %s to %s \n' % (
backrefobj,
obj
)
)
del obj._backrefs
except AttributeError:
pass
return out
def allowed(self):
obj_is_protected = False
authorized = False
# First we check if the current context has the password protection enabled
try:
# This will be true if DX and pw-protected enabled
IPasswordProtected(self.context)
obj_is_protected = True
except TypeError:
if HAS_AT:
# This will be true if AT and pw-protected enabled
if IATContentType.providedBy(self.context) and\
IATPasswordProtected.providedBy(self.context):
obj_is_protected = True
if obj_is_protected:
# Only allow to set password to Manager or Owner
pm = self.context.portal_membership
roles = pm.getAuthenticatedMember().getRolesInContext(self.context)
if ('Manager' in roles or 'Owner' in roles):
authorized = True
return authorized
def run(self):
"""Download cart content.
Before downloading items are packed into a zip archive (only the
items that are files are included).
"""
cart_view = self.context.restrictedTraverse('cart')
request = self.context.REQUEST
cart = cart_view.cart
if not cart:
api.portal.show_message(message=u"Can't download, no items found.",
request=request,
type="error")
request.response.redirect(self.context.absolute_url() + '/@@cart')
output = StringIO()
zf = zipfile.ZipFile(output, mode='w')
try:
for obj_uuid in cart:
# make sure obj exists
obj = api.content.get(UID=obj_uuid)
if obj is None:
continue
# check if this is a document and potentially has a pdf set
if obj.portal_type == "Document" and obj.restrictedTraverse(
'pdf', None):
data = obj.restrictedTraverse('pdf')()
if obj.REQUEST.response.status != 200:
if obj.REQUEST.response.status == 302:
del obj.REQUEST.response.headers['location']
obj.REQUEST.response.status = 200
# ignore and continue - showing a portal message here is
# useless as we probably won't return html
continue
data = data.read()
filename = '%s.pdf' % obj.getId()
else:
# make sure obj is a file by checking if filename is set
if IATContentType.providedBy(obj):
filename = obj.getFilename()
if not filename:
continue
data = obj.data
else:
blobfile = obj.file
filename = blobfile.filename
data = blobfile.data
zf.writestr(filename, data)
finally:
zf.close()
if zf.filelist:
request.response.setHeader("Content-Type", "application/zip")
now = datetime.now()
zipfilename = "download-%s-%s-%s.zip" % (now.year, now.month,
now.day)
request.response.setHeader('Content-Disposition',
"attachment; filename=%s" % zipfilename)
return output.getvalue()
else:
api.portal.show_message(
message="There are no downloadable items in your cart.",
request=request,
type="warning")
portal = api.portal.get()
request.response.redirect(portal.absolute_url() + '/@@cart')
try:
editor.save()
except Exception, e:
ret = 'An error occured during image record: %s' % e
ret = 'image updated'
else:
ret = 'No edit session!'
if invalid:
if not ret:
ret = 'Invalid edit proxy request!'
logger.info(ret)
if IATImage.providedBy(self.context):
context_url += "/view"
parent = aq_parent(self.context)
if (IATContentType.providedBy(parent)
and IOFSImage.providedBy(self.context)):
context_url = parent.absolute_url()
if service not in ['aviary']:
self.request.response.redirect(context_url)
return ret
class Edit(BrowserView):
"""Redirect to a specific edit service"""
interface.implements(IEdit)
def __call__(self, *args):
islocalhost = (self.request.URL.startswith('http://localhost')
or self.request.URL.startswith('127.0.0.1'))
if self.request.method == 'GET' and not islocalhost:
def run(self):
"""Download cart content.
Before downloading items are packed into a zip archive (only the
items that are files are included).
"""
cart_view = self.context.restrictedTraverse('cart')
request = self.context.REQUEST
cart = cart_view.cart
if not cart:
api.portal.show_message(
message=u"Can't download, no items found.",
request=request,
type="error"
)
request.response.redirect(self.context.absolute_url() + '/@@cart')
output = StringIO()
zf = zipfile.ZipFile(output, mode='w')
try:
for obj_uuid in cart:
# make sure obj exists
obj = api.content.get(UID=obj_uuid)
if obj is None:
continue
# check if this is a document and potentially has a pdf set
if obj.portal_type == "Document" and obj.restrictedTraverse('pdf', None):
data = obj.restrictedTraverse('pdf')()
if obj.REQUEST.response.status != 200:
if obj.REQUEST.response.status == 302:
del obj.REQUEST.response.headers['location']
obj.REQUEST.response.status = 200
# ignore and continue - showing a portal message here is
# useless as we probably won't return html
continue
data = data.read()
filename = '%s.pdf' % obj.getId()
else:
# make sure obj is a file by checking if filename is set
if IATContentType.providedBy(obj):
filename = obj.getFilename()
if not filename:
continue
data = obj.data
else:
blobfile = obj.file
filename = blobfile.filename
data = blobfile.data
zf.writestr(filename, data)
finally:
zf.close()
if zf.filelist:
request.response.setHeader(
"Content-Type",
"application/zip"
)
now = datetime.now()
zipfilename = "download-%s-%s-%s.zip" % (now.year, now.month, now.day)
request.response.setHeader(
'Content-Disposition',
"attachment; filename=%s" % zipfilename
)
return output.getvalue()
else:
api.portal.show_message(
message="There are no downloadable items in your cart.",
request=request,
type="warning")
portal = api.portal.get()
request.response.redirect(portal.absolute_url() + '/@@cart')
def __call__(self):
if self.request.get('submit', False):
# The password was submitted
passw = self.request.get('password', '')
passw_hash = md5(passw).hexdigest()
password_protected = None
context = self.context
try:
# This will be true if DX and pw-protected enabled
password_protected = IPasswordProtected(context)
except TypeError:
if HAS_AT:
# This will be true if AT and pw-protected enabled
if IATContentType.providedBy(context) and\
IATPasswordProtected.providedBy(context):
password_protected = queryAdapter(context, IATPasswordProtected)
if not password_protected:
# It could be that this is the default view for the protected parent, so let's try that
parent_dp = context.aq_parent.getDefaultPage()
if parent_dp == context.id:
context = context.aq_parent
try:
# This will be true if DX and pw-protected enabled
password_protected = IPasswordProtected(context)
except TypeError:
if HAS_AT:
# This will be true if AT and pw-protected enabled
if IATContentType.providedBy(context) and \
IATPasswordProtected.providedBy(context):
password_protected = queryAdapter(context, IATPasswordProtected)
if password_protected:
if password_protected.is_password_protected():
# If this is not true, means the Manager has not set a password
# for this resource yet, then do not authenticate...
# If there's no came_from, then just go to the object itself
came_from = self.request.get('came_from', context.absolute_url())
if passw_hash == password_protected.passw_hash:
# The user has entered a valid password, then we store a
# random hash with a TTL so we know he already authenticated
ann = IAnnotations(context)
hashes = ann.get(HASHES_ANNOTATION_KEY, {})
random_hash = md5(str(random())).hexdigest()
while random_hash in hashes:
# This would be *REALLY* hard to happen, but just in case...
random_hash = md5(str(random())).hexdigest()
hashes[random_hash] = datetime.now() + TIME_TO_LIVE
# Store the hash in the annotation
ann[HASHES_ANNOTATION_KEY] = hashes
if context is not self.context:
# Also store the hash in the default view object, if that's the case
ann = IAnnotations(self.context)
ann[HASHES_ANNOTATION_KEY] = hashes
# Save the hash in a cookie
path = context.getPhysicalPath()
virtual_path = self.request.physicalPathToVirtualPath(path)
options = {'path': '/'.join(('',)+virtual_path),
'expires': (DateTime("GMT") + 5).rfc822()}
self.request.response.setCookie(HASH_COOKIE_KEY, random_hash, **options)
# Now that we have our cookie set, go to the original url
self.request.response.redirect(came_from)
return
else:
# Invalid password, stay here, but mantain the "came_from"
self.request.set('came_from', came_from)
self.request.response.setStatus(401, lock=True)
return self.index()
