def __init__(self, subject, template_name, recipients, from_address, delta=None, message_id=None, notification_type=None, mail_controller_class=None, request=None, wrap=False, force_wrap=False): """Constructor. :param subject: A Python dict-replacement template for the subject line of the email. :param template: Name of the template to use for the message body. :param recipients: A dict of recipient to Subscription. :param from_address: The from_address to use on emails. :param delta: A Delta object with members "delta_values", "interface" and "new_values", such as BranchMergeProposalDelta. :param message_id: The Message-Id to use for generated emails. If not supplied, random message-ids will be used. :param mail_controller_class: The class of the mail controller to use to send the mails. Defaults to `MailController`. :param request: An optional `IErrorReportRequest` to use when logging OOPSes. :param wrap: Wrap body text using `MailWrapper`. :param force_wrap: See `MailWrapper.format`. """ # Running mail notifications with web security is too fragile: it's # easy to end up with subtle bugs due to such things as # subscriptions from private teams that are inaccessible to the user # with the current interaction. BaseMailer always sends one mail # per recipient and thus never leaks information to other users, so # it's safer to require a permissive security policy. # # When converting other notification code to BaseMailer, it may be # necessary to move notifications into jobs, to move unit tests to a # Zopeless-based layer, or to use the permissive_security_policy # context manager. assert getSecurityPolicy() == LaunchpadPermissiveSecurityPolicy, ( "BaseMailer may only be used with a permissive security policy.") self._subject_template = subject self._template_name = template_name self._recipients = NotificationRecipientSet() for recipient, reason in recipients.iteritems(): self._recipients.add(recipient, reason, reason.mail_header) self.from_address = from_address self.delta = delta self.message_id = message_id self.notification_type = notification_type self.logger = logging.getLogger('lp.services.mail.basemailer') if mail_controller_class is None: mail_controller_class = MailController self._mail_controller_class = mail_controller_class self.request = request self._wrap = wrap self._force_wrap = force_wrap
def test_securityPolicy(self): from zope.security.management import setSecurityPolicy from zope.security.management import getSecurityPolicy from zope.security.simplepolicies import PermissiveSecurityPolicy policy = PermissiveSecurityPolicy setSecurityPolicy(policy) self.assert_(getSecurityPolicy() is policy)
def test_securityPolicy(self): from zope.security.management import setSecurityPolicy from zope.security.management import getSecurityPolicy from zope.security.simplepolicies import PermissiveSecurityPolicy policy = PermissiveSecurityPolicy setSecurityPolicy(policy) self.assertTrue(getSecurityPolicy() is policy)
def checkSecurityPolicy(event): """Warn if the configured security policy is ParanoidSecurityPolicy Between Zope X3 3.0 and Zope 3.1, the security policy configuration was refactored and now it needs to be included from site.zcml. """ if getSecurityPolicy() is ParanoidSecurityPolicy: logging.getLogger('zope.app.appsetup').warn( 'Security policy is not configured.\n' 'Please make sure that securitypolicy.zcml is included' ' in site.zcml immediately\n' 'before principals.zcml')
def isConstructionAllowed(self, container, request=None): if not self.add_permission: return False permission = queryUtility(IPermission, name=self.add_permission) if permission is None: return False if request: return request.security.checkPermission(permission.id, container) else: return bool(getSecurityPolicy()().checkPermission( # noqa permission.title, container))
def close_bugs_for_sourcepackagerelease(distroseries, source_release, changesfile_object, since_version=None): """Close bugs for a given source. Given an `IDistroSeries`, an `ISourcePackageRelease`, and a corresponding changesfile object, close bugs mentioned in the changesfile in the context of the source. If changesfile_object is None and since_version is supplied, close all the bugs in changelog entries made after that version and up to and including the source_release's version. It does this by parsing the changelog on the sourcepackagerelease. This could be extended in the future to deal with the changes file as well but there is no requirement to do so right now. """ if since_version and source_release.changelog: bug_ids_to_close = get_bug_ids_from_changelog_entry( source_release, since_version=since_version) elif changesfile_object: bug_ids_to_close = get_bug_ids_from_changes_file(changesfile_object) else: return # No bugs to be closed by this upload, move on. if not bug_ids_to_close: return if getSecurityPolicy() == LaunchpadPermissiveSecurityPolicy: # We're already running in a script, so we can just close the bugs # directly. close_bug_ids_for_sourcepackagerelease(distroseries, source_release, bug_ids_to_close) else: job_source = getUtility(IProcessAcceptedBugsJobSource) job_source.create(distroseries, source_release, bug_ids_to_close)
def close_bugs_for_sourcepackagerelease(distroseries, source_release, changesfile_object, since_version=None): """Close bugs for a given source. Given an `IDistroSeries`, an `ISourcePackageRelease`, and a corresponding changesfile object, close bugs mentioned in the changesfile in the context of the source. If changesfile_object is None and since_version is supplied, close all the bugs in changelog entries made after that version and up to and including the source_release's version. It does this by parsing the changelog on the sourcepackagerelease. This could be extended in the future to deal with the changes file as well but there is no requirement to do so right now. """ if since_version and source_release.changelog: bug_ids_to_close = get_bug_ids_from_changelog_entry( source_release, since_version=since_version) elif changesfile_object: bug_ids_to_close = get_bug_ids_from_changes_file(changesfile_object) else: return # No bugs to be closed by this upload, move on. if not bug_ids_to_close: return if getSecurityPolicy() == LaunchpadPermissiveSecurityPolicy: # We're already running in a script, so we can just close the bugs # directly. close_bug_ids_for_sourcepackagerelease( distroseries, source_release, bug_ids_to_close) else: job_source = getUtility(IProcessAcceptedBugsJobSource) job_source.create(distroseries, source_release, bug_ids_to_close)
def setUp(self): super(TestMaloneHandler, self).setUp() self._old_policy = getSecurityPolicy() setSecurityPolicy(LaunchpadSecurityPolicy)
def getAllowance(self, userid, view): participations = [Participation(Principal(userid))] interaction = getSecurityPolicy()(*participations) permission = grok.require.bind().get(view) allowed = interaction.checkPermission(permission, view) return {"permission": permission, "access": allowed}