Esempio n. 1
0
def restore_backrefs(portal, obj):
    """Restore backreferences stored in the attribute _backrefs.
    """
    intids = getUtility(IIntIds)
    uid_catalog = getToolByName(portal, 'uid_catalog')
    try:
        backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
        for backrefobj in backrefobjs:
            # Dexterity and
            if IDexterityContent.providedBy(backrefobj):
                relitems = getattr(backrefobj, 'relatedItems', None)
                if not relitems:
                    backrefobj.relatedItems = PersistentList()
                elif not isinstance(obj.relatedItems, PersistentList):
                    backrefobj.relatedItems = PersistentList(
                        obj.relatedItems
                    )
                to_id = intids.getId(obj)
                backrefobj.relatedItems.append(RelationValue(to_id))

            # Archetypes
            elif IATContentType.providedBy(backrefobj):
                # reindex UID so we are able to set the reference
                path = '/'.join(obj.getPhysicalPath())
                uid_catalog.catalog_object(obj, path)
                backrefobj.setRelatedItems(obj)
            logger.info(
                'Restored BackRelation from %s to %s' % (backrefobj, obj))
    except AttributeError:
        pass
Esempio n. 2
0
def restore_backrefs(portal, obj):
    """Restore backreferences stored in the attribute _backrefs.
    """
    intids = getUtility(IIntIds)
    uid_catalog = getToolByName(portal, 'uid_catalog')
    try:
        backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
        for backrefobj in backrefobjs:
            # Dexterity and
            if IDexterityContent.providedBy(backrefobj):
                relitems = getattr(backrefobj, 'relatedItems', None)
                if not relitems:
                    backrefobj.relatedItems = PersistentList()
                elif not isinstance(obj.relatedItems, PersistentList):
                    backrefobj.relatedItems = PersistentList(obj.relatedItems)
                to_id = intids.getId(obj)
                backrefobj.relatedItems.append(RelationValue(to_id))

            # Archetypes
            elif IATContentType.providedBy(backrefobj):
                # reindex UID so we are able to set the reference
                path = '/'.join(obj.getPhysicalPath())
                uid_catalog.catalog_object(obj, path)
                backrefobj.setRelatedItems(obj)
            logger.info('Restored BackRelation from %s to %s' %
                        (backrefobj, obj))
    except AttributeError:
        pass
    def __init__(self, context, request, brain):
        self.context = context
        self.request = request
        self.brain = brain
        self.has_protection_enabled = False
        self.is_protected = False
        
        portal_types = self.context.portal_types
        portal_type = self.brain.portal_type
        behaviors = getattr(portal_types[portal_type], 'behaviors', None)

        if (behaviors and
            'collective_folderprotection.behaviors.interfaces.IPasswordProtected' in behaviors):
            self.has_protection_enabled = True
            ob = self.brain.getObject()
            passwordprotected = IPasswordProtected(ob)
            
            if passwordprotected.is_password_protected():
                self.is_protected = True
        else:
            ob = self.brain.getObject()
            if IATContentType.providedBy(ob) and\
               IATPasswordProtected.providedBy(ob):
                self.has_protection_enabled = True
                ob = self.brain.getObject()
                adapter = queryAdapter(ob, IATPasswordProtected)
                if adapter.is_password_protected():
                    self.is_protected = True
def set_text(item, text, ref=""):
    if ref:
        text = text.format(uid=ref)
    if HAS_ARCHETYPES:
        if IATContentType.providedBy(item):
            item.setText(text, mimetype="text/html")
    else:
        item.text = RichTextValue(text, "text/html", "text/html")
    def can_enable_at_pw_protection(self):
        can_enable = False
        if IATContentType.providedBy(self.context):
            if not IATPasswordProtected.providedBy(self.context):
                pm = self.context.portal_membership
                roles = pm.getAuthenticatedMember().getRolesInContext(self.context)
                if ('Manager' in roles or 'Owner' in roles):
                    can_enable = True

        return can_enable
def traverse(self, path, response=None, validated_hook=None):
    object = self.__old_traverse(path, response, validated_hook)
    context = aq_parent(object)
    if (context is None or
        not IATContentType.providedBy(context) or
        getSecurityManager().checkPermission(permissions.ModifyPortalContent, context)):
        return object
    languageTool = getToolByName(context, 'portal_languages', None)
    if languageTool.getPreferredLanguage() in context.Schema()['language_constraint'].get(context):
        return object
    return getMultiAdapter((context, self), name='notavailable')
def languages_vocabulary_factory(context):
    parent = aq_parent(context)
    if IATContentType.providedBy(parent):
        selected = parent.Schema()['language_constraint'].get(parent)
        languages = languages_vocabulary_factory(parent)
        filtered = []
        for term in languages:
            if not term.value in selected:
                continue
            filtered.append(term)
        return vocabulary.SimpleVocabulary(filtered)
    return getUtility(IVocabularyFactory, 'plone.app.vocabularies.SupportedContentLanguages')(parent)
def traverse(self, path, response=None, validated_hook=None):
    object = self.__old_traverse(path, response, validated_hook)
    context = aq_parent(object)
    if (context is None or not IATContentType.providedBy(context)
            or getSecurityManager().checkPermission(
                permissions.ModifyPortalContent, context)):
        return object
    languageTool = getToolByName(context, 'portal_languages', None)
    if languageTool.getPreferredLanguage() in context.Schema(
    )['language_constraint'].get(context):
        return object
    return getMultiAdapter((context, self), name='notavailable')
    def __call__(self):
        if IATContentType.providedBy(self.context) and\
           IATPasswordProtected.providedBy(self.context):
            pm = self.context.portal_membership
            roles = pm.getAuthenticatedMember().getRolesInContext(self.context)
            if not ('Manager' in roles or 'Owner' in roles):
                raise Unauthorized("You are not authorized to disable password protection for this item")

            noLongerProvides(self.context, IATPasswordProtected)
            messages = IStatusMessage(self.request)
            messages.add(_(u"Password protection has been disabled"), type=u"info")

        self.request.response.redirect(self.context.absolute_url())
Esempio n. 10
0
def restoreReferences(portal):
    """ iterate over all Dexterity Objs and restore es Dexterity Reference. """
    out = ''
    catalog = getToolByName(portal, "portal_catalog")
    # Seems that these newly created objs are not reindexed
    catalog.clearFindAndRebuild()
    intids = getUtility(IIntIds)
    results = catalog.searchResults(
        object_provides=IDexterityContent.__identifier__)
    for brain in results:
        obj = brain.getObject()

        # refs
        try:
            if not getattr(obj, 'relatedItems', None):
                obj.relatedItems = PersistentList()
            elif type(obj.relatedItems) != type(PersistentList()):
                obj.relatedItems = PersistentList(obj.relatedItems)
            for uuid in obj._relatedItems:
                to_obj = uuidToObject(uuid)
                to_id = intids.getId(to_obj)
                obj.relatedItems.append(RelationValue(to_id))
                out += str('Restore Relation from %s to %s \n' % (obj, to_obj))
            del obj._relatedItems
        except AttributeError:
            pass

        # backrefs
        try:
            backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
            for backrefobj in backrefobjs:
                # Dexterity and
                if IDexterityContent.providedBy(backrefobj):
                    if not getattr(backrefobj, 'relatedItems', None):
                        backrefobj.relatedItems = PersistentList()
                    elif type(backrefobj.relatedItems) != type(PersistentList()):
                        backrefobj.relatedItems = PersistentList(
                            obj.relatedItems)
                    to_id = intids.getId(obj)
                    backrefobj.relatedItems.append(RelationValue(to_id))

                # Archetypes
                elif IATContentType.providedBy(backrefobj):
                    backrefobj.setRelatedItems(obj)
                out += str(
                    'Restore BackRelation from %s to %s \n' % (backrefobj, obj))
            del obj._backrefs
        except AttributeError:
            pass
    return out
 def save(self):
     """Save the image"""
     context, request, form = self.context, self.request, self.request.form
     check(self.request)  # raise an error if not authenficated
     if not "image" in form:
         raise Exception("invalid request")
     data = self.fetch(form["image"])
     if not data:
         raise Exception("image download fails")
     if IATImage.providedBy(self.context):
         self.at_store(self.context, data)
     parent = aq_parent(self.context)
     if IATContentType.providedBy(parent):
         self.at_store(parent, data, self.context.id())
 def get_infos_for(self, context):
     data = {'embedded_images' : False,
             'contexts_info' : []}
     contexts_info = data['contexts_info']
     if IATImage.providedBy(self.context):
         contexts_info.append({'c':self.context, 'type': 'image'})
     if IATContentType.providedBy(self.context):
         for f in self.context.schema.keys():
             field = self.context.schema[f]
             if 'image' == field.type:
                 data['embedded_images'] = True
                 contexts_info.append(
                     {'c':field.get(self.context), 'type': 'atimage'}
                 )
     for context_info in contexts_info:
         request = self.request
         adapters = getAdapters((context_info['c'], request), provided=i.IExternalImageEditor)
         context_info['infos'] = []
         for name, a in adapters:
             if a.enabled:
                 context_info['infos'].append(a.link_infos)
     return data
def _adjustFields(context=None, fields=None):
    remove =[
                'target_collection', 
                'show_footer', 
                'show_leadimage',
                'alternate_footer_link', 
                'feeds', 
                'reverse_feed', 
                'header', 'limit', 'show_dates', 'show_location'
            ]
            
    if context:
        for i in aq_chain(context):
            if IATContentType.providedBy(i):
                portal_catalog = getToolByName(i, "portal_catalog")
                indexes = portal_catalog.indexes()
                
                for (field, index) in [
                    ('query_research_areas', 'department_research_areas'),
                    ('query_counties', 'Counties'),
                    ('query_programs', 'Topics'),
                    ('query_topics', 'Subtopiocs'),
                    ('query_courses', 'Courses'),
                    ('query_public_tags', 'Tags'),
                    ('query_plone_tags', 'Subject'),
                    ('limit_radius', 'zip_code'),
                    ]:
        
                    if index not in indexes:
                        remove.append(field)        

                break

    return _getFields(fields=fields, 
                        order=['title',  'show_header', 'cache_timeout', 'items_shown',],
                        remove=remove)
Esempio n. 14
0
def backrefs(portal, obj):
    intids = getUtility(IIntIds)
    uid_catalog = getToolByName(portal, 'uid_catalog')
    out = ''

    try:
        backrefobjs = [uuidToObject(uuid) for uuid in obj._backrefs]
        for backrefobj in backrefobjs:
            # Dexterity and
            if IDexterityContent.providedBy(backrefobj):
                relitems = getattr(backrefobj, 'relatedItems', None)
                if not relitems:
                    backrefobj.relatedItems = PersistentList()
                elif type(relitems) != type(PersistentList()):
                    backrefobj.relatedItems = PersistentList(
                        obj.relatedItems
                    )
                to_id = intids.getId(obj)
                backrefobj.relatedItems.append(RelationValue(to_id))

            # Archetypes
            elif IATContentType.providedBy(backrefobj):
                # reindex UID so we are able to set the reference
                path = '/'.join(obj.getPhysicalPath())
                uid_catalog.catalog_object(obj, path)
                backrefobj.setRelatedItems(obj)
            out += str(
                'Restore BackRelation from %s to %s \n' % (
                    backrefobj,
                    obj
                )
            )
        del obj._backrefs
    except AttributeError:
        pass
    return out
    def allowed(self):
        obj_is_protected = False
        authorized = False

        # First we check if the current context has the password protection enabled
        try:
            # This will be true if DX and pw-protected enabled
            IPasswordProtected(self.context)
            obj_is_protected = True
        except TypeError:
            if HAS_AT:
                # This will be true if AT and pw-protected enabled
                if IATContentType.providedBy(self.context) and\
                   IATPasswordProtected.providedBy(self.context):
                    obj_is_protected = True

        if obj_is_protected:
            # Only allow to set password to Manager or Owner
            pm = self.context.portal_membership
            roles = pm.getAuthenticatedMember().getRolesInContext(self.context)
            if ('Manager' in roles or 'Owner' in roles):
                authorized = True

        return authorized
Esempio n. 16
0
    def run(self):
        """Download cart content.

        Before downloading items are packed into a zip archive (only the
        items that are files are included).

        """
        cart_view = self.context.restrictedTraverse('cart')
        request = self.context.REQUEST
        cart = cart_view.cart

        if not cart:
            api.portal.show_message(message=u"Can't download, no items found.",
                                    request=request,
                                    type="error")
            request.response.redirect(self.context.absolute_url() + '/@@cart')

        output = StringIO()
        zf = zipfile.ZipFile(output, mode='w')

        try:
            for obj_uuid in cart:
                # make sure obj exists
                obj = api.content.get(UID=obj_uuid)
                if obj is None:
                    continue

                # check if this is a document and potentially has a pdf set
                if obj.portal_type == "Document" and obj.restrictedTraverse(
                        'pdf', None):
                    data = obj.restrictedTraverse('pdf')()
                    if obj.REQUEST.response.status != 200:
                        if obj.REQUEST.response.status == 302:
                            del obj.REQUEST.response.headers['location']
                        obj.REQUEST.response.status = 200
                        # ignore and continue - showing a portal message here is
                        # useless as we probably won't return html
                        continue
                    data = data.read()
                    filename = '%s.pdf' % obj.getId()
                else:
                    # make sure obj is a file by checking if filename is set
                    if IATContentType.providedBy(obj):
                        filename = obj.getFilename()
                        if not filename:
                            continue
                        data = obj.data
                    else:
                        blobfile = obj.file
                        filename = blobfile.filename
                        data = blobfile.data

                zf.writestr(filename, data)
        finally:
            zf.close()

        if zf.filelist:
            request.response.setHeader("Content-Type", "application/zip")
            now = datetime.now()
            zipfilename = "download-%s-%s-%s.zip" % (now.year, now.month,
                                                     now.day)
            request.response.setHeader('Content-Disposition',
                                       "attachment; filename=%s" % zipfilename)
            return output.getvalue()
        else:
            api.portal.show_message(
                message="There are no downloadable items in your cart.",
                request=request,
                type="warning")
            portal = api.portal.get()
            request.response.redirect(portal.absolute_url() + '/@@cart')
                try:
                    editor.save()
                except Exception, e:
                    ret = 'An error occured during image record: %s' % e
                ret = 'image updated'
            else:
                ret = 'No edit session!'
        if invalid:
            if not ret:
                ret = 'Invalid edit proxy request!'
            logger.info(ret)
        if IATImage.providedBy(self.context):
            context_url += "/view"
        parent = aq_parent(self.context)

        if (IATContentType.providedBy(parent)
            and IOFSImage.providedBy(self.context)):
            context_url = parent.absolute_url()
        if service not in ['aviary']:
            self.request.response.redirect(context_url)
        return ret

class Edit(BrowserView):
    """Redirect to a specific edit service"""
    interface.implements(IEdit)


    def __call__(self, *args):
        islocalhost = (self.request.URL.startswith('http://localhost')
                       or self.request.URL.startswith('127.0.0.1'))
        if self.request.method == 'GET' and not islocalhost:
Esempio n. 18
0
    def run(self):
        """Download cart content.

        Before downloading items are packed into a zip archive (only the
        items that are files are included).

        """
        cart_view = self.context.restrictedTraverse('cart')
        request = self.context.REQUEST
        cart = cart_view.cart

        if not cart:
            api.portal.show_message(
                message=u"Can't download, no items found.",
                request=request,
                type="error"
            )
            request.response.redirect(self.context.absolute_url() + '/@@cart')

        output = StringIO()
        zf = zipfile.ZipFile(output, mode='w')

        try:
            for obj_uuid in cart:
                # make sure obj exists
                obj = api.content.get(UID=obj_uuid)
                if obj is None:
                    continue

                # check if this is a document and potentially has a pdf set
                if obj.portal_type == "Document" and obj.restrictedTraverse('pdf', None):
                    data = obj.restrictedTraverse('pdf')()
                    if obj.REQUEST.response.status != 200:
                        if obj.REQUEST.response.status == 302:
                            del obj.REQUEST.response.headers['location']
                        obj.REQUEST.response.status = 200
                        # ignore and continue - showing a portal message here is
                        # useless as we probably won't return html
                        continue
                    data = data.read()
                    filename = '%s.pdf' % obj.getId()
                else:
                    # make sure obj is a file by checking if filename is set
                    if IATContentType.providedBy(obj):
                        filename = obj.getFilename()
                        if not filename:
                            continue
                        data = obj.data
                    else:
                        blobfile = obj.file
                        filename = blobfile.filename
                        data = blobfile.data

                zf.writestr(filename, data)
        finally:
            zf.close()

        if zf.filelist:
            request.response.setHeader(
                "Content-Type",
                "application/zip"
            )
            now = datetime.now()
            zipfilename = "download-%s-%s-%s.zip" % (now.year, now.month, now.day)
            request.response.setHeader(
                'Content-Disposition',
                "attachment; filename=%s" % zipfilename
            )
            return output.getvalue()
        else:
            api.portal.show_message(
                message="There are no downloadable items in your cart.",
                request=request,
                type="warning")
            portal = api.portal.get()
            request.response.redirect(portal.absolute_url() + '/@@cart')
    def __call__(self):
        if self.request.get('submit', False):
            # The password was submitted
            passw = self.request.get('password', '')
            passw_hash = md5(passw).hexdigest()

            password_protected = None

            context = self.context

            try:
                # This will be true if DX and pw-protected enabled
                password_protected = IPasswordProtected(context)
            except TypeError:
                if HAS_AT:
                    # This will be true if AT and pw-protected enabled
                    if IATContentType.providedBy(context) and\
                       IATPasswordProtected.providedBy(context):
                        password_protected = queryAdapter(context, IATPasswordProtected)

            if not password_protected:
                # It could be that this is the default view for the protected parent, so let's try that
                parent_dp = context.aq_parent.getDefaultPage()
                if parent_dp == context.id:
                    context = context.aq_parent

                    try:
                        # This will be true if DX and pw-protected enabled
                        password_protected = IPasswordProtected(context)
                    except TypeError:
                        if HAS_AT:
                            # This will be true if AT and pw-protected enabled
                            if IATContentType.providedBy(context) and \
                                    IATPasswordProtected.providedBy(context):
                                password_protected = queryAdapter(context, IATPasswordProtected)

            if password_protected:
                if password_protected.is_password_protected():
                    # If this is not true, means the Manager has not set a password
                    # for this resource yet, then do not authenticate...
                    # If there's no came_from, then just go to the object itself
                    came_from = self.request.get('came_from', context.absolute_url())
                    if passw_hash == password_protected.passw_hash:
                        # The user has entered a valid password, then we store a
                        # random hash with a TTL so we know he already authenticated
                        ann = IAnnotations(context)
                        hashes = ann.get(HASHES_ANNOTATION_KEY, {})
                        random_hash = md5(str(random())).hexdigest()
                        while random_hash in hashes:
                            # This would be *REALLY* hard to happen, but just in case...
                            random_hash = md5(str(random())).hexdigest()

                        hashes[random_hash] = datetime.now() + TIME_TO_LIVE
                        # Store the hash in the annotation
                        ann[HASHES_ANNOTATION_KEY] = hashes
                        if context is not self.context:
                            # Also store the hash in the default view object, if that's the case
                            ann = IAnnotations(self.context)
                            ann[HASHES_ANNOTATION_KEY] = hashes

                        # Save the hash in a cookie
                        path = context.getPhysicalPath()
                        virtual_path = self.request.physicalPathToVirtualPath(path)
                        options = {'path': '/'.join(('',)+virtual_path),
                                   'expires': (DateTime("GMT") + 5).rfc822()}
                        self.request.response.setCookie(HASH_COOKIE_KEY, random_hash, **options)
                        # Now that we have our cookie set, go to the original url
                        self.request.response.redirect(came_from)
                        return
                    else:
                        # Invalid password, stay here, but mantain the "came_from"
                        self.request.set('came_from', came_from)

        self.request.response.setStatus(401, lock=True)
        return self.index()