def modify(self):
""" A traversable method to modify a users local roles"""
CheckAuthenticator(self.request)
token = self.request.get('token', None)
role = self.request.get('role', None)
type_ = self.request.get('type', None)
if not token or not type_:
raise BadRequest('No userid or type provided.')
if role not in MANAGED_ROLES:
raise Unauthorized('Inavlid role provided.')
if type_ == 'user':
user_roles = api.user.get_roles(username=token, obj=self.context,
inherit=False)
if user_roles and 'WorkspaceOwner' not in user_roles:
self.context.manage_setLocalRoles(token, [role])
self.context.setModificationDate()
self.context.reindexObject(idxs=['modified'])
self.request.RESPONSE.setStatus(204)
return ''
else:
raise BadRequest('User does not have any local roles')
elif type_ == 'invitation':
storage = getUtility(IInvitationStorage)
storage.update_invitation(token, role=role)
else:
raise BadRequest('Wrong type')
def __call__(self):
request = self.request
form = request.form
CheckAuthenticator(form)
if form.get('submitted'):
# Validate form submission
csvfile = form.get('csvfile')
data = csvfile.read()
lines = data.splitlines()
filename = csvfile.filename
if not csvfile:
addStatusMessage(request, _("No file selected"))
return self.template()
if len(lines) < 3:
addStatusMessage(request, _("Too few lines in CSV file"))
return self.template()
# Create the arimport object
arimport = _createObjectByType("ARImport", self.context, tmpID())
arimport.processForm()
arimport.setTitle(self.mkTitle(filename))
arimport.schema['OriginalFile'].set(arimport, data)
# Save all fields from the file into the arimport schema
arimport.save_header_data()
arimport.save_sample_data()
# immediate batch creation if required
arimport.create_or_reference_batch()
# Attempt first validation
try:
workflow = getToolByName(self.context, 'portal_workflow')
workflow.doActionFor(arimport, 'validate')
except WorkflowException:
self.request.response.redirect(arimport.absolute_url() +
"/edit")
else:
return self.template()
def handle_scales_action(self, action, data):
CheckAuthenticator(self.request)
number = 0
ctool = getToolByName(self.context, 'portal_catalog')
items = ctool(hasContentLeadImage=True)
for i in items:
obj = i.getObject()
if obj is None:
continue
if not ILeadImageable.providedBy(obj):
continue
try:
state = obj._p_changed
except (ConflictError, KeyboardInterrupt):
raise
except:
state = 0
field = obj.getField(config.IMAGE_FIELD_NAME)
if field is not None:
field.removeScales(obj)
field.createScales(obj)
number = number + 1
if state is None:
obj._p_deactivate()
self.status = _(u"text_scales_recreated",
default=u"${number} scales recreated.",
mapping={'number': number})
def validate_registration(self, action, data):
# CSRF protection
CheckAuthenticator(self.request)
# Validate Captcha
registry = queryUtility(IRegistry)
settings = registry.forInterface(IDiscussionSettings, check=False)
portal_membership = getToolByName(self.context, 'portal_membership')
captcha_enabled = settings.captcha != 'disabled'
anon = portal_membership.isAnonymousUser()
if captcha_enabled and anon:
if 'captcha' not in data:
data['captcha'] = u""
try:
captcha = CaptchaValidator(self.context,
self.request,
None,
ICaptcha['captcha'],
None)
captcha.validate(data['captcha'])
except (WrongCaptchaCode, WrongNorobotsAnswer):
# Error messages are fed in by the captcha widget itself.
pass
del data['captcha'] # delete, so that value isn't stored
super(CaptchaRegistrationForm,
self).validate_registration(action, data)
def save_action(self):
""" Save a script.
"""
PostOnly(self.context.REQUEST)
CheckAuthenticator(self.request)
form = self.request.form
content_type = form['content_type']
field_name = form['field_name']
script = form['script']
body = form['data']
result = 'failure'
if script == 'edit_default':
default_script.updateDefaultScript(content_type, field_name, body)
result = 'success'
elif script == 'edit_validator':
validator_script.updateValidatorScript(content_type, field_name,
body)
result = 'success'
elif script == 'edit_vocabulary':
vocabulary_script.updateVocabularyScript(content_type, field_name,
body)
result = 'success'
elif script == 'edit_view':
ad_view.updateViewTemplate(content_type, body)
result = 'success'
result = dict(result=result)
self.request.RESPONSE.setHeader('Content-Type', 'application/json')
self.request.RESPONSE.setHeader('Cache-Control', 'no-cache')
return json.dumps(result)
def __call__(self):
form = self.request.form
CheckAuthenticator(form)
analysis_uids = form.get("uids", [])
if not analysis_uids:
self.destination_url = self.context.absolute_url()
self.request.response.redirect(self.destination_url)
return
action, came_from = WorkflowAction._get_form_workflow_action(self)
if action == "submit":
# Submit the form. Saves the results, methods, etc.
# Calls to its parent class AnalysesWorkflowAction
self.workflow_action_submit()
elif action == "assign":
# Assign the analyses
self.do_assign(analysis_uids)
elif action == "unassign":
# Unassign analyses
self.do_unassign(analysis_uids)
elif action == "verify":
# default bika_listing.py/WorkflowAction, but then go to view
# screen.
self.destination_url = self.context.absolute_url()
return self.workflow_action_default(
action="verify", came_from=came_from)
else:
# default bika_listing.py/WorkflowAction for other transitions
WorkflowAction.__call__(self)
def handle_restart_action(self, action):
CheckAuthenticator(self.request)
if not self.available():
self.status = _(
u'text_not_allowed_manage_server',
default=u'You are not allowed to manage the Zope server.'
)
return
try:
user = '******' % getSecurityManager().getUser().getUserName()
except:
user = '******'
logger.info("Restart requested by %s" % user)
shutdown(1)
url = self.request.get('URL')
# TODO: returning html has no effect in button handlers
self.request.response.setHeader('X-Theme-Disabled', 'True')
return """<html><head>
<meta http-equiv="refresh" content="5; url={0}">
</head><body>{1}</body></html>""".format(
escape(url, 1),
_('plone_restarting',
default=u"Zope is restarting. This page will refresh in 30"
u" seconds...")
)
def validacion(self, action, data):
# CSRF protection
CheckAuthenticator(self.request)
registration = getToolByName(self.context, 'portal_registration')
portal_props = getToolByName(self.context, 'portal_properties')
props = portal_props.site_properties
portal = getUtility(ISiteRoot)
errors = super(registroForm, self).validate(action, data)
# ConversionErrors have no field_name attribute... :-(
error_keys = [
error.field_name for error in errors
if hasattr(error, 'field_name')
]
form_field_names = [f.field.getName() for f in self.form_fields]
#validar username e email
username = ''
email = ''
try:
email = self.widgets['email'].getInputValue()
except InputErrors, exc:
# WrongType?
errors.append(exc)
def manageGroup(self, groups=[], delete=[]):
CheckAuthenticator(self.request)
context = aq_inner(self.context)
groupstool = context.portal_groups
utils = getToolByName(context, 'plone_utils')
groupstool = getToolByName(context, 'portal_groups')
message = _(u'No changes made.')
for group in groups:
roles = [r for r in self.request.form['group_' + group] if r]
group_obj = groupstool.getGroupById(group)
current_roles = group_obj.getRoles()
if not self.is_zope_manager:
# don't allow adding or removing the Manager role
if ('Manager' in roles) != ('Manager' in current_roles):
raise Forbidden
groupstool.editGroup(group, roles=roles, groups=())
message = _(u'Changes saved.')
if delete:
for group_id in delete:
group = groupstool.getGroupById(group_id)
if 'Manager' in group.getRoles() and not self.is_zope_manager:
raise Forbidden
groupstool.removeGroups(delete)
message = _(u'Group(s) deleted.')
utils.addPortalMessage(message)
def add(self):
"""A traversable method to add new invitations"""
CheckAuthenticator(self.request)
userid = self.request.get('userid', None)
role = self.request.get('role', None)
self._add(userid, role)
return self.__call__()
def manageUser(self, users=None):
if users is None:
users = []
CheckAuthenticator(self.request)
if users:
context = aq_inner(self.context)
mtool = getToolByName(context, "portal_membership")
utils = getToolByName(context, "plone_utils")
unlocked = list()
for user in users:
if user.get("unlock"):
member = mtool.getMemberById(user.id)
member.setMemberProperties(
{
"account_locked_date": DateTime("2000/01/01"),
"account_locked": False,
"password_tries": 0,
}
)
unlocked.append(user["id"])
notify(UserUnlocked(member))
if unlocked:
utils.addPortalMessage(
_(
u"The following users were unlocked: %s"
% ", ".join(unlocked)
)
)
else:
utils.addPortalMessage(_(u"No users were unlocked"))
def __call__(self):
super(AddAnalysesView, self).__call__()
# TODO: Refactor Worfklow
grant = self.is_edit_allowed() and self.is_manage_allowed()
if not grant:
redirect_url = api.get_url(self.context)
return self.request.response.redirect(redirect_url)
# TODO: Refactor this function call
showRejectionMessage(self.context)
# Handle form submission
if self.request.form.get("submitted"):
CheckAuthenticator(self.request)
success = self.handle_submit()
if success:
self.add_status_message(_("Changes saved."))
redirect_url = "{}/{}".format(api.get_url(self.context),
"manage_results")
self.request.response.redirect(redirect_url)
else:
self.add_status_message(
_("No analyses were added to this worksheet."),
level="warning")
return self.template()
# handle subpath calls
if len(self.traverse_subpath) > 0:
return self.handle_subpath()
return self.template()
def manageUser(self, users=None):
if users is None:
users = []
CheckAuthenticator(self.request)
if users:
context = aq_inner(self.context)
mtool = getToolByName(context, 'portal_membership')
utils = getToolByName(context, 'plone_utils')
unlocked = list()
for user in users:
if user.get('unlock'):
member = mtool.getMemberById(user.id)
member.setMemberProperties(
{'account_locked_date': DateTime('2000/01/01'),
'account_locked': False,
'password_tries': 0}
)
unlocked.append(user['id'])
notify(UserUnlocked(member))
if unlocked:
utils.addPortalMessage(
_(u'The following users were unlocked: %s'
% ', '.join(unlocked))
)
else:
utils.addPortalMessage(_(u'No users were unlocked'))
def manageUser(self, users=None):
if users is None:
users = []
CheckAuthenticator(self.request)
if users:
context = aq_inner(self.context)
mtool = getToolByName(context, 'portal_membership')
utils = getToolByName(context, 'plone_utils')
for user in users:
member = mtool.getMemberById(user.id)
password_date = member.getProperty('password_date', '2000/01/01')
new_password_date = DateTime(user.get('password'))
if password_date != new_password_date:
member.setMemberProperties(
{'password_date': new_password_date}
)
notification_date = member.getProperty(
'last_notification_date', '2000/01/01'
)
new_notification = DateTime(user.get('notification'))
if notification_date != new_notification:
member.setMemberProperties(
{'last_notification_date': new_notification}
)
utils.addPortalMessage(_(u'Changes applied.'))
def __call__(self):
request = self.request
form = request.form
CheckAuthenticator(form)
self.newSearch = False
self.searchstring = form.get("searchstring", "")
if form.get("submitted"):
logger.debug("Form Submitted: {}".format(form))
if form.get("unlink_button", False):
self._unlink_user()
elif form.get("delete_button", False):
self._unlink_user(delete=True)
elif form.get("search_button", False):
logger.debug("Search User")
self.newSearch = True
elif form.get("link_button", False):
logger.debug("Link User")
self._link_user(form.get("userid"))
elif form.get("save_button", False):
logger.debug("Create User")
self._create_user()
return self.template()
def __call__(self):
email = self.request.form.get('email')
if email is not None:
CheckAuthenticator(self.request)
PostOnly(self.request)
self.invite_user(email)
return self.index()
def handle_edit_action(self, action, data):
CheckAuthenticator(self.request)
if form.applyChanges(self.context, self.form_fields, data,
self.adapters):
self.status = _("Changes saved.")
self._on_save(data)
else:
self.status = _("No changes made.")
def __call__(self):
self.status = IStatusMessage(self.request)
if self.request.form.has_key('submitted'):
CheckAuthenticator(self.request)
if self.request.form.has_key('add_row'):
self.status.addStatusMessage(u"Added row.", type='info')
self.add_row()
return self.template()
def resource_inventory(self):
""" Return inventory in JSON
"""
CheckAuthenticator(self.request)
self.request.RESPONSE.setHeader('Content-Type', 'application/json')
self.request.RESPONSE.setHeader('Cache-Control', 'no-cache')
return json.dumps(getResourcesInventory())
def __call__(self):
self.status = None
if self.request.form.has_key('submitted'):
CheckAuthenticator(self.request)
if self.request.form.has_key('uploadxnat'):
self.status = 'XNAT window opened.'
self.grant_access_redirect()
return self.template()
def modify(self):
""" A traversable method to modify a users local roles"""
CheckAuthenticator(self.request)
token = self.request.get('token', None)
role = self.request.get('role', None)
type_ = self.request.get('type', None)
self._modify(token, role, type_)
return ''
def update(self):
self.errors = {}
if self.request.method == 'POST':
CheckAuthenticator(self.request)
if 'form.button.Save' in self.request.form:
self.processSave()
elif 'form.button.Cancel' in self.request.form:
self.request.response.redirect("%s/plone_control_panel" %
self.context.absolute_url())
def update(self):
self.errors = {}
self.registry = getUtility(IRegistry)
# self.settings = self.registry.forInterface(ICacheSettings)
if self.request.method == 'POST':
CheckAuthenticator(self.request)
return True
return False
def __call__(self, REQUEST=None, *args, **kwargs):
if REQUEST['SERVER_NAME'] != 'Zope Clock Server':
PostOnly(REQUEST)
CheckAuthenticator(REQUEST)
elif IDisableCSRFProtection:
alsoProvides(REQUEST, IDisableCSRFProtection)
self.output = self.context.restrictedTraverse(
'publisher.executeQueue')()
self.output = self.output.replace('\n', '<br/>')
return super(ExecuteJobs, self).__call__(self, *args, **kwargs)
def handle_save_action(self, action, data):
CheckAuthenticator(self.request)
if form.applyChanges(self.context, self.form_fields, data,
self.adapters):
self.status = _Plone("Changes saved.")
self._on_save(data)
else:
self.status = _Plone("No changes made.")
setupTool = SetupMultilingualSite()
output = setupTool.setupSite(self.context)
self.status += output
def handle_shutdown_action(self, action):
CheckAuthenticator(self.request)
if not self.available():
self.status = _(
u'text_not_allowed_manage_server',
default=u'You are not allowed to manage the Zope server.')
return
context = aq_inner(self.context)
cpanel = context.unrestrictedTraverse('/Control_Panel')
result = cpanel.manage_shutdown()
return result
def handle_edit_action(self, action, data):
""" Save
"""
CheckAuthenticator(self.request)
if form.applyChanges(self.context, self.form_fields, data,
self.adapters):
self.status = _("Changes saved.")
notify(ConfigurationChangedEvent(self, data))
self._on_save(data)
else:
self.status = _("No changes made.")
def handle_edit_action(self, action, data):
CheckAuthenticator(self.request)
if form.applyChanges(self.context, self.form_fields, data,
self.adapters):
IStatusMessage(self.request).addStatusMessage(
_("Changes saved."), type="info")
notify(ConfigurationChangedEvent(self, data))
self._on_save(data)
else:
IStatusMessage(self.request).addStatusMessage(
_("No changes made."), type="info")
def update(self):
self.errors = {}
self.registry = getUtility(IRegistry)
self.settings = self.registry.forInterface(ICacheSettings)
self.ploneSettings = self.registry.forInterface(IPloneCacheSettings)
self.purgingSettings = self.registry.forInterface(ICachePurgingSettings)
self.ramCache = queryUtility(IRAMCache)
if self.request.method == 'POST':
CheckAuthenticator(self.request)
return True
return False
def __call__(self):
template = super(AddDuplicateView, self).__call__()
# TODO: Refactor Worfklow
grant = self.is_edit_allowed() and self.is_manage_allowed()
if not grant:
redirect_url = api.get_url(self.context)
return self.request.response.redirect(redirect_url)
# TODO: Refactor this function call
showRejectionMessage(self.context)
# Handle form submission
if self.request.form.get("submitted"):
CheckAuthenticator(self.request)
self.handle_submit()
return template