def __call__(self):
self.iu = get_import_utility()
json_data = self.request.get("BODY", "")
if not json_data:
return
data = json.loads(json_data)
# SWITCH to Manager
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(
old_sm.getUser().getId(),
'', ['Manager'],
''
)
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
# DO Stuff as Manager
self.iu.create_content(data, self.context)
# @TODO: Maybe add option to commit after all created
# SWITCH Back
setSecurityManager(old_sm)
return ""
def handle_modified(self, content):
fieldmanager = ILanguageIndependentFieldsManager(content)
if not fieldmanager.has_independent_fields():
return
sm = getSecurityManager()
try:
# Do we have permission to sync language independent fields?
if self.bypass_security_checks():
# Clone the current user and assign a new editor role to
# allow edition of all translated objects even if the
# current user whould not have permission to do that.
tmp_user = UnrestrictedUser(
sm.getUser().getId(), '', ['Editor', ], '')
# Wrap the user in the acquisition context of the portal
# and finally switch the user to our new editor
acl_users = getToolByName(content, 'acl_users')
tmp_user = tmp_user.__of__(acl_users)
newSecurityManager(None, tmp_user)
# Copy over all language independent fields
transmanager = ITranslationManager(content)
for translation in self.get_all_translations(content):
trans_obj = transmanager.get_translation(translation)
if fieldmanager.copy_fields(trans_obj):
self.reindex_translation(trans_obj)
finally:
# Restore the old security manager
setSecurityManager(sm)
def __call__(self):
om = IOrderManagement(self.context)
tid = self.request.get('TID','')
order = getattr(om.orders,tid,None)
log("\n%s\n%s\n%s" % (order, tid, self.request.get('STATUS')))
if order and self.request.get('STATUS') in ['RESERVED','BILLED']:
# Set order to payed (Mails will be sent)
wftool = getToolByName(self.context, "portal_workflow")
# We need a new security manager here, because this transaction
# should usually just be allowed by a Manager except here.
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(
old_sm.getUser().getId(),
'', ['Manager'],
''
)
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
try:
# set to pending (send emails)
wftool.doActionFor(order, "submit")
# set to payed
wftool.doActionFor(order, "pay_not_sent")
except Exception, msg:
self.status = msg
# Reset security manager
setSecurityManager(old_sm)
def receivePayment(self):
"""
"""
shop = self.context
# Get cart - Note: self.request.get("order") doesn't work!
order_uid = self.request.get("QUERY_STRING")[6:]
order = IOrderManagement(shop).getOrderByUID(order_uid)
# change order state to "payed_not_sent"
wftool = getToolByName(self, "portal_workflow")
# We need a new security manager here, because this transaction should
# usually just be allowed by a Manager except here.
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(
old_sm.getUser().getId(),
'', ['Manager'],
''
)
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
wftool.doActionFor(order, "pay_not_sent")
## Reset security manager
setSecurityManager(old_sm)
def switchToManager(self):
"""
assume the security context of a Manager
"""
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser('temp_usr', '', ['Manager'], '')
tmp_user = tmp_user.__of__(self.acl_users)
newSecurityManager(None, tmp_user)
return old_sm
def wrapper(*args, **kwargs):
sm = getSecurityManager()
acl_users = getSite().acl_users
tmp_user = UnrestrictedUser(
sm.getUser().getId(), '', [role], ''
)
tmp_user = tmp_user.__of__(acl_users)
newSecurityManager(None, tmp_user)
ret = fct(*args, **kwargs)
setSecurityManager(sm)
return ret
def _validate_sudo(self, request):
sm = getSecurityManager()
acl_users = getToolByName(self.context, 'acl_users')
tmp_user = UnrestrictedUser(
sm.getUser().getId(), '', ['Manager'], ''
)
tmp_user = tmp_user.__of__(acl_users)
newSecurityManager(None, tmp_user)
role = request.role
target = uuidToObject(request.target)
target.manage_setLocalRoles(
request.userid,
[role]
)
target.reindexObject()
setSecurityManager(sm)
def wrapper(*args, **kwargs):
context = args[0]
if checkPermission("collective.spaces.AddSpace", context):
result = fn(*args, **kwargs)
else:
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(old_sm.getUser().getId(), "", ["Contributor"], "")
tmp_user = tmp_user.__of__(getToolByName(context, "acl_users"))
try:
newSecurityManager(None, tmp_user)
result = fn(*args, **kwargs)
except:
raise
finally:
setSecurityManager(old_sm)
return result
def __call__(self):
self.iu = get_import_utility()
json_data = self.request.get("BODY", "")
if not json_data:
return
data = json.loads(json_data)
# SWITCH to Manager
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(old_sm.getUser().getId(), '', ['Manager'],
'')
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
# DO Stuff as Manager
self.iu.create_content(data, self.context)
# @TODO: Maybe add option to commit after all created
# SWITCH Back
setSecurityManager(old_sm)
return ""
def test_authenticate_emergency_user_with_broken_extractor( self ):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser( 'foo', 'bar', ( 'manage', ), () )
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne( plugins )
borked = DummyPlugin()
directlyProvides( borked, ( IExtractionPlugin, ) )
borked.extractCredentials = lambda req: 'abc'
zcuf._setObject( 'borked', borked )
plugins = zcuf._getOb( 'plugins' )
plugins.activatePlugin( IExtractionPlugin, 'borked' )
request = FauxRequest( form={ 'login' : eu.getUserName()
, 'password' : eu._getPassword() } )
user_ids = zcuf._extractUserIds( request=request
, plugins=zcuf.plugins
)
self.assertEqual( len( user_ids ), 1 )
self.assertEqual( user_ids[ 0 ][0], 'foo' )
PluggableAuthService.emergency_user = old_eu
def execute_under_special_role(role, function, *args, **kwargs):
""" Blatantly copied for reference, of:
http://pydoc.net/Python/Products.EasyNewsletter/2.6.15/Products.EasyNewsletter.content.EasyNewsletter/ #noqa
Execute code under special role priviledges.
Example how to call::
execute_under_special_role(portal, "Manager",
doSomeNormallyNotAllowedStuff,
source_folder, target_folder)
@param portal: Reference to ISiteRoot obj whose access ctls we are using
@param function: Method to be called with special priviledges
@param role: User role we are using for the security context when calling \
the priviledged code. For example, use "Manager".
@param args: Passed to the function
@param kwargs: Passed to the function
"""
portal = getSite()
sm = getSecurityManager()
try:
try:
# Clone the current access control user and assign a new role
# for him/her. Note that the username (getId()) is left in
# exception tracebacks in error_log
# so it is important thing to store
tmp_user = UnrestrictedUser(
sm.getUser().getId(), '', [role], '')
# Act as user of the portal
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
# Call the function
return function(*args, **kwargs)
except:
# If special exception handlers are needed, run them here
raise
finally:
setSecurityManager(sm)
def afterSetUp(self):
setSite(self.app.site)
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
self.site = self.app.site
self.site.invokeFactory('File', id='file')
self.site.portal_workflow.doActionFor(self.site.file, 'publish')
self.site.invokeFactory('Image', id='image')
self.site.portal_workflow.doActionFor(self.site.image, 'publish')
self.site.invokeFactory('Folder', id='subfolder')
self.subfolder = self.site.subfolder
self.workflow = self.site.portal_workflow
transaction.commit() # Make sure we have _p_jars
def test_authenticate_emergency_user_with_broken_extractor(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser('foo', 'bar', ('manage', ), ())
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
borked = DummyPlugin()
directlyProvides(borked, (IExtractionPlugin, ))
borked.extractCredentials = lambda req: 'abc'
zcuf._setObject('borked', borked)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'borked')
request = FauxRequest(form={
'login': eu.getUserName(),
'password': eu._getPassword()
})
user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins)
self.assertEqual(len(user_ids), 1)
self.assertEqual(user_ids[0][0], 'foo')
PluggableAuthService.emergency_user = old_eu
def setUp(self):
RequestTest.setUp(self)
try:
newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], []))
self.root.manage_addProduct['CMFDefault'].manage_addCMFSite('cmf')
self.site = self.root.cmf
self.site.invokeFactory('File', id='file')
self.site.portal_workflow.doActionFor(self.site.file, 'publish')
self.site.invokeFactory('Image', id='image')
self.site.portal_workflow.doActionFor(self.site.image, 'publish')
self.site.invokeFactory('Folder', id='subfolder')
self.subfolder = self.site.subfolder
self.workflow = self.site.portal_workflow
transaction.commit(1) # Make sure we have _p_jars
except:
self.tearDown()
raise
def migrateImages322to400(article, out):
## looking for old images
intImages = get322Contents(article,
"__ordered_image_refs__",
internal=True)
extImages = get322Contents(article,
"__ordered_image_refs__",
internal=False)
## article
## images (ImageInnerContent)
## ImageInnerContentProxies (as many as images)
## attachedImage or
## referencedContent
## (image) -> just a computed field
## title
## description
##
## links
## files
values = []
for image in intImages:
value = { ## this are the fields of ImageInnerContentProxy
"attachedImage": (image.getImage(), {}),
"title": (image.Title(), {}),
"description": (image.Description(), {}),
"id": (generateUniqueId("imageProxy"), {}),
}
values.append(value)
for image in extImages:
value = { ## this are the fields of ImageInnerContentProxy
"referencedContent": (image, {}),
"title": (image.Title(), {}),
"description": (image.Description(), {}),
"id": (generateUniqueId("imageProxy"), {}),
}
values.append(value)
# XXX Something make us loose right, but we are pragmatic
current_user = getSecurityManager().getUser()
newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], []))
article.setImages(values)
newSecurityManager(None, current_user)
def test__findEmergencyUser_no_plugins(self):
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser('foo', 'bar', ('manage', ), ())
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne()
zcuf._emergency_user = eu
user = zcuf._findUser(plugins, 'foo')
self.assertEqual(aq_base(zcuf._getEmergencyUser()), aq_base(user))
PluggableAuthService.emergency_user = old_eu
def unrestricted_apply(function, args=(), kw={}): # XXX-JPS: naming
"""Function to bypass all security checks
This function is as dangerous as 'UnrestrictedMethod' decorator. Read its
docstring for more information. Never use this, until you are 100% certain
that you have no other way.
"""
security_manager = getSecurityManager()
user = security_manager.getUser()
anonymous = (user.getUserName() == 'Anonymous User')
if user.getId() is None and not anonymous:
# This is a special user, thus the user is not allowed to own objects.
super_user = UnrestrictedUser(user.getUserName(), None,
user.getRoles(), user.getDomains())
else:
try:
# XXX is it better to get roles from the parent (i.e. portal)?
uf = user.aq_inner.aq_parent
except AttributeError:
# XXX: local imports are bad, getSite should be moved to ERP5Type.
from Products.ERP5.ERP5Site import getSite
uf = getSite().acl_users
role_list = uf.valid_roles()
if anonymous:
# If the user is anonymous, use the id of the system user,
# so that it would not be treated as an unauthorized user.
user_id = str(system)
else:
user_id = user.getId()
super_user = PrivilegedUser(user_id, None, role_list,
user.getDomains()).__of__(uf)
newSecurityManager(None, super_user)
try:
return apply(function, args, kw)
finally:
# Make sure that the original user is back.
setSecurityManager(security_manager)
def setUp(self):
self._trap_warning_output()
self._oldSkindata = Skinnable.SKINDATA.copy()
transaction.begin()
app = self.app = makerequest(Zope2.app())
# Log in as a god :-)
newSecurityManager(None, UnrestrictedUser('god', 'god', ['Manager'],
''))
#app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest')
addConfiguredSite(app, 'CalendarTest', 'CMFDefault:default')
self.Site = app.CalendarTest
manage_addExternalMethod(app.CalendarTest,
id='install_events',
title="Install Events",
module="CMFCalendar.Install",
function="install")
ExMethod = app.restrictedTraverse('/CalendarTest/install_events')
ExMethod()
self.Tool = app.CalendarTest.portal_calendar
self.Site.clearCurrentSkin()
self.Site.setupCurrentSkin(app.REQUEST)
# sessioning setup
if getattr(app, 'temp_folder', None) is None:
temp_folder = MountedTemporaryFolder('temp_folder')
app._setObject('temp_folder', temp_folder)
if getattr(app.temp_folder, 'session_data', None) is None:
session_data = TransientObjectContainer('session_data')
app.temp_folder._setObject('session_data', session_data)
app.REQUEST.set_lazy('SESSION',
app.session_data_manager.getSessionData)
def setUp(self):
get_transaction().begin()
self.app = makerequest(Zope.app())
# Log in as a god :-)
newSecurityManager(None, UnrestrictedUser('god',
'god',
[],
''))
app = self.app
app.REQUEST.set('URL1','http://foo/sorcerertest/test')
try: app._delObject('CalendarTest')
except AttributeError: pass
app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest')
self.Site = app.CalendarTest
manage_addExternalMethod(app.CalendarTest,
id='install_events',
title="Install Events",
module="CMFCalendar.Install",
function="install")
ExMethod = app.restrictedTraverse('/CalendarTest/install_events')
ExMethod()
self.Tool = app.restrictedTraverse('/CalendarTest/portal_calendar')
# sessioning bodge until we find out how to do this properly
self.have_session = hasattr( app, 'session_data_manager' )
if self.have_session:
app.REQUEST.set_lazy( 'SESSION'
, app.session_data_manager.getSessionData )
def setUp(self):
PlacelessSetup.setUp(self)
RequestTest.setUp(self)
zcml.load_config('meta.zcml', Products.Five)
zcml.load_config('configure.zcml', Products.GenericSetup)
zcml.load_config('configure.zcml', Products.CMFCore)
try:
newSecurityManager(
None, UnrestrictedUser('manager', '', ['Manager'], []))
factory = self.root.manage_addProduct[
'CMFDefault'].addConfiguredSite
factory('cmf', 'CMFDefault:default', snapshot=False)
self.site = self.root.cmf
self.site.invokeFactory('File', id='file')
self.site.portal_workflow.doActionFor(self.site.file, 'publish')
self.site.invokeFactory('Image', id='image')
self.site.portal_workflow.doActionFor(self.site.image, 'publish')
self.site.invokeFactory('Folder', id='subfolder')
self.subfolder = self.site.subfolder
self.workflow = self.site.portal_workflow
transaction.commit(1) # Make sure we have _p_jars
except:
self.tearDown()
raise
# NALLIMS Extract Script
# 07/13/2020
# Paul VanderWeele
from AccessControl import getSecurityManager
from AccessControl.User import UnrestrictedUser
from AccessControl.SecurityManagement import newSecurityManager
from bika.lims import api
from datetime import datetime
portal = api.get_portal()
me = UnrestrictedUser(getSecurityManager().getUser().getUserName(), '',
['LabManager'], '')
me = me.__of__(portal.acl_users)
newSecurityManager(None, me)
#Open File
file = open("/home/naladmin/NALLIMS_EXPORT.csv", "w", 1)
#Write headers
file.write("Status;\
Batch;\
Received Date;\
Received Time;\
Client ID;\
Client Name;\
Sample ID;\
Sample Name;\
Sample Type;\
Sample Location;\
Sampler;\
Sampling Date;\
Sampling Time;\
def afterSetUp(self):
self.root = self.app
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
def handleApply(self, actions):
"""
:param actions:
:return:
"""
context = self.context
data, errors = self.extractData()
current_member = api.user.get_current()
current_member_id = current_member.getId()
portal = api.portal.get()
events_obj = portal.get('events')
date = data.get('date') or None
if not date:
api.portal.show_message(message="No date selected. Could not reserve the Club House.",
request=self.request,
type='warn')
return
date_string = date.strftime('%m-%d-%Y')
today = getTodaysDate()
today_string = today.strftime('%m-%d-%Y')
if date_string == today_string:
raise ActionExecutionError(Invalid(_(u"You may not reserve the Clubhouse on the same day as the event.")))
logger.info("Datestring is %s" % date_string)
date_dt = datetime.combine(date, datetime.min.time())
tz = pytz.timezone('America/Los_Angeles')
date_tz_dt = tz.localize(date_dt)
fullname = data.get('fullname') or getattr(self, 'member_fullname', 'Unknown Member')
hoa_account = data.get('account') or getattr(self, 'management_trust_account', 'Unknown Management Trust Account')
address = data.get('address') or getattr(self, 'address', 'Unknown Address')
lot = data.get('lot') or getattr(self, 'lot', 'Unknown Lot')
division = data.get('division') or getattr(self, 'division', 'Unknown Division')
phone = data.get('phone') or 'Unknown Phone'
email = data.get('email') or getattr(self, 'member_email', '')
member_type = data.get('member_type') or getattr(self, 'member_type', 'Unknown Member Type')
accept_rental_agreement = data.get('accept_rental_agreement')
initials = data.get('initials') or 'Unknown Initials'
sm = getSecurityManager()
role = 'Manager'
tmp_user = BaseUnrestrictedUser(sm.getUser().getId(), '', [role], '')
portal = api.portal.get()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
try:
event_id = 'club-house-event-%s' % date_string
new_event_obj = createContent('docent.hoa.clubhouse.clubhouse_event',
id=event_id,
title='Private Event')
events_obj._setObject(event_id, new_event_obj)
start_date = date_tz_dt + timedelta(hours=10)
end_date = date_tz_dt + timedelta(hours=22)
event_obj = events_obj.get(event_id, None)
setattr(event_obj, 'start', start_date)
setattr(event_obj, 'end', end_date)
setattr(event_obj, 'renter_id', current_member_id)
setattr(event_obj, 'location', 'Clubhouse')
setattr(event_obj, 'contact_name', fullname)
setattr(event_obj, 'contact_email', email)
setattr(event_obj, 'contact_phone', phone)
event_obj.reindexObject()
setSecurityManager(sm)
except Exception as e:
setSecurityManager(sm)
logger.warn("CLUBHOUSE RENTAL FORM ERROR: COULD NOT SAVE EVENT: %s" % e)
#send emails
email_contacts = getattr(context, 'email_contacts', []) or []
subject = "The Meadows Clubhouse Rental Request %s" % date_string
msg = u"Hi %s,\n\n" % fullname
msg += u"Your clubhouse rental is confirmed for %s.\n\n" % date_string
msg += u"Your rental period is from 10 am to 10 pm for guests. To get ready for your event, you may enter the clubhouse the day before your event and before 10 am day of the event.\n"
msg += u"\n=========================\n\n"
msg += u"TO ENSURE YOUR RESERVATION ISN’T CANCELED, PLEASE ENSURE YOU HAVE COMPLETED THE FOLLOWING. (Note: These actions should have been completed during your reservation. If you have completed them, no action is required.)\n\n"
msg += u" 1) Ensure you've made your payment: https://www.paydici.com/tmt/pay\n"
msg += u" 2) Send the signed paper agreement (http://themeadowsofredmond.org/amenities/clubhouse-rental-agreement.pdf) to our property manager ([email protected])\n\n"
msg += u"For your reference, these are details collected during your reservation\n\n"
msg += u"Fullname: %s\n" % fullname
msg += u"HOA Account: %s\n" % hoa_account
msg += u"Address: %s\n" % address
msg += u"Div/Lot: %s_%s\n" % (division, lot)
msg += u"Phone: %s\n" % phone
msg += u"Email: %s\n" % email or "Unknown Email"
msg += u"Member Type: %s\n" % member_type
msg += u"Rental Data: %s\n" % date_string
msg += u"Accept Rental Agreement: %s\n" % accept_rental_agreement
msg += u"Initials: %s\n" % initials
msg += u"\nWe hope you have a great event.\n"
msg += u"\nThe Meadows Board\n"
msg += u"[email protected]\n"
send_to = email_contacts[:]
if email:
send_to.append(email)
for ec in send_to:
try:
api.portal.send_email(recipient=ec,
subject=subject,
body=msg,
immediate=True)
api.portal.show_message(message="Club House Reserved. Please complete the important steps below.",
request=self.request,
type='info')
except Exception as e:
logger.warn("Could Not Send Clubhouse Registration Emails.")
api.portal.show_message(message="An error occured, could not send reservation emails. Please confirm your"
"reservation with the property manager.",
request=self.request,
type='warn')
return self.request.response.redirect('%s?form_action=thanks&rental_date=%s' % (context.absolute_url(),
date_string))
def updateFields(self):
super(RentClubHousesForm, self).updateFields()
current_member = api.user.get_current()
member_fullname = current_member.getProperty('fullname')
management_trust_account = current_member.getProperty('management_trust_account')
member_email = current_member.getProperty('email')
member_id = current_member.getId()
member_groups = api.group.get_groups(user=current_member)
owner_group = [True for i in member_groups if i.id == 'home_owners']
renter_group = [True for i in member_groups if i.id == 'renters']
member_type = "Unknown"
if renter_group:
member_type = "Resident"
if owner_group:
member_type = "Owner"
self.member_fullname = member_fullname
self.management_trust_account = management_trust_account
self.member_email = member_email
self.member_id = member_id
self.member_type = member_type
sm = getSecurityManager()
role = 'Manager'
tmp_user = BaseUnrestrictedUser(sm.getUser().getId(), '', [role], '')
portal = api.portal.get()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
street_number = ''
street_address = ''
division = ''
lot = ''
try:
catalog = api.portal.get_tool('portal_catalog')
query_owner_one = {"portal_type": "hoa_house",}
home_brains = catalog.searchResults(query_owner_one)
member_homes = [i for i in home_brains if i.owner_one == member_id
or i.owner_two == member_id
or i.resident_one == member_id
or i.resident_two == member_id]
if member_homes:
if len(member_homes) > 1:
api.portal.show_message(message="%s, We show multiple homes for you. Please contact Meadows "
"Management." % member_fullname,
request=self.request,
type='warn')
member_home = member_homes[0]
street_number = member_home.street_number
street_address = member_home.street_address
member_home_id = member_home.id
division, lot = member_home_id.split('_')
self.fields['fullname'].field.default = member_fullname
self.fields['account'].field.default = management_trust_account
self.fields['address'].field.default = u'%s %s' % (street_number, street_address)
self.fields['division'].field.default = division
self.fields['lot'].field.default = lot
self.fields['email'].field.default = member_email
self.fields['member_type'].field.default = member_type
else:
self.fields['address'].mode = interfaces.INPUT_MODE
self.fields['division'].mode = interfaces.INPUT_MODE
self.fields['lot'].mode = interfaces.INPUT_MODE
self.fields['fullname'].field.default = member_fullname
self.fields['account'].field.default = management_trust_account
self.fields['email'].field.default = member_email
self.fields['member_type'].field.default = member_type
setSecurityManager(sm)
except Exception as e:
setSecurityManager(sm)
logger.warn("CLUBHOUSE RENTAL FORM ERROR: %s" % e)
self.street_number = street_number
self.street_address = street_address
self.address = u'%s %s' % (street_number, street_address)
self.division = division
self.lot = lot
self.div_lot = u"%s_%s" % (division, lot)
def afterSetUp(self):
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
# sessioning setup
sdm = self.app.session_data_manager
self.app.REQUEST.set_lazy('SESSION', sdm.getSessionData)
def handle_buy_action(self, action, data):
"""Buys a cart.
"""
putils = getToolByName(self.context, "plone_utils")
# add order
om = IOrderManagement(self.context)
new_order = om.addOrder()
# Set message to shop owner
new_order.setMessage(self.context.request.get("form.message", ""))
# process payment
result = IPaymentProcessing(new_order).process()
# Need error for payment methods for which the customer has to pay at
# any case The order process should not go on if the customer is not
# able to pay.
if result.code == ERROR:
om.deleteOrder(new_order.id)
putils.addPortalMessage(result.message, type=u"error")
ICheckoutManagement(
self.context).redirectToNextURL("ERROR_PAYMENT")
return ""
else:
cm = ICartManagement(self.context)
# Decrease stock
IStockManagement(self.context).removeCart(cm.getCart())
# Delete cart
cm.deleteCart()
# Set order to pending (Mails will be sent)
wftool = getToolByName(self.context, "portal_workflow")
wftool.doActionFor(new_order, "submit")
putils.addPortalMessage(MESSAGES["ORDER_RECEIVED"])
if result.code == PAYED:
# Set order to payed (Mails will be sent)
wftool = getToolByName(self.context, "portal_workflow")
# We need a new security manager here, because this transaction
# should usually just be allowed by a Manager except here.
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(old_sm.getUser().getId(), '',
['Manager'], '')
portal = getToolByName(self.context,
'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
wftool.doActionFor(new_order, "pay_not_sent")
## Reset security manager
setSecurityManager(old_sm)
# Redirect
customer = \
ICustomerManagement(self.context).getAuthenticatedCustomer()
selected_payment_method = \
IPaymentInformationManagement(customer).getSelectedPaymentMethod()
if not IAsynchronPaymentMethod.providedBy(selected_payment_method):
ICheckoutManagement(self.context).redirectToNextURL("BUYED_ORDER")
def afterSetUp(self):
setSite(self.app.site)
self.app.site.setupCurrentSkin(self.app.REQUEST)
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
def loginUnrestricted():
""" """
noSecurityManager()
god = UnrestrictedUser('god', 'god', [], '')
newSecurityManager(None, god)
return god
def handleApply(self, action):
data, errors = self.extractData()
if errors:
self.status = self.formErrorsMessage
return
# Do something with valid data here
context = self.context
current_member_data = api.user.get_current()
current_member_id = current_member_data.getUser()
club_title = data.get('title', u'')
booster_organization = data.get('booster_organization', u'')
club_president = data.get('club_president', u'')
club_secretary = data.get('club_secretary', u'')
club_treasurer = data.get('club_treasurer', u'')
club_advisor = data.get('club_advisor', u'')
#agreement_file = data.get('agreement_file', None)
dedicated_checking = data.get('dedicated_checking', False)
review_officers = data.get('review_officers', False)
review_revenue = data.get('review_revenue', False)
review_officer_one = data.get('review_officer_one', u'')
review_officer_two = data.get('review_officer_two', u'')
agreement_bool = data.get('agreement_bool', False)
#create a temporary security manage
sm = getSecurityManager()
role = 'Manager'
tmp_user = BaseUnrestrictedUser(sm.getUser().getId(), '', [role], '')
portal = api.portal.get()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
exception_caught = False
try:
#create a new club in container
proposed_club_obj = api.content.create(container=context,
type='booster_club',
title=club_title,
safe_id=True)
#set attributes
setattr(proposed_club_obj, 'booster_organization',
booster_organization)
setattr(proposed_club_obj, 'club_president', club_president)
setattr(proposed_club_obj, 'club_secretary', club_secretary)
setattr(proposed_club_obj, 'club_treasurer', club_treasurer)
setattr(proposed_club_obj, 'club_advisor', club_advisor)
#setattr(proposed_club_obj, 'agreement_file', agreement_file)
setattr(proposed_club_obj, 'dedicated_checking',
dedicated_checking)
setattr(proposed_club_obj, 'review_officers', review_officers)
setattr(proposed_club_obj, 'review_revenue', review_revenue)
setattr(proposed_club_obj, 'review_officer_one',
review_officer_one)
setattr(proposed_club_obj, 'review_officer_two',
review_officer_two)
setattr(proposed_club_obj, 'agreement_bool', agreement_bool)
#set ownership
proposed_club_obj.changeOwnership(current_member_id,
recursive=True)
api.user.grant_roles(user=current_member_data,
obj=proposed_club_obj,
roles=[
'Owner',
])
proposed_club_obj.reindexObject()
proposed_club_obj.reindexObjectSecurity()
#reset security manager!
setSecurityManager(sm)
except Exception as e:
setSecurityManager(sm)
exception_caught = True
logger.warn(
"BoosterClubProposal: There was an error creating a club proposal for: %s"
% current_member_id)
logger.warn("BoosterClubProposal: The error was: %s" % e.message)
#all done!
# Set status on this form page
# (this status message is not bind to the session and does not go thru redirects)
self.status = ""
else:
self.status = "Your proposal has been submitted."
request = context.REQUEST
response = request.response
response.redirect(context.absolute_url())
if exception_caught:
info_message = "There was a problem with your proposal, please contact the site administrator."
else:
info_message = "Your proposal for the club, %s, The Executive Board will review the " \
"proposal shortly." % club_title
api.portal.show_message(message=info_message,
request=request,
type='info')
def site_login(self):
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
def handle_buy_action(self, action, data):
"""Buys a cart.
"""
putils = getToolByName(self.context, "plone_utils")
# add order
om = IOrderManagement(self.context)
new_order = om.addOrder()
# Set message to shop owner
new_order.setMessage(self.context.request.get("form.message", ""))
# process payment
result = IPaymentProcessing(new_order).process()
# Need error for payment methods for which the customer has to pay at
# any case The order process should not go on if the customer is not
# able to pay.
if result.code == ERROR:
om.deleteOrder(new_order.id)
putils.addPortalMessage(result.message, type=u"error")
ICheckoutManagement(self.context).redirectToNextURL("ERROR_PAYMENT")
return ""
else:
cm = ICartManagement(self.context)
# Decrease stock
IStockManagement(self.context).removeCart(cm.getCart())
# Delete cart
cm.deleteCart()
# Set order to pending (Mails will be sent)
wftool = getToolByName(self.context, "portal_workflow")
wftool.doActionFor(new_order, "submit")
putils.addPortalMessage(MESSAGES["ORDER_RECEIVED"])
if result.code == PAYED:
# Set order to payed (Mails will be sent)
wftool = getToolByName(self.context, "portal_workflow")
# We need a new security manager here, because this transaction
# should usually just be allowed by a Manager except here.
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(
old_sm.getUser().getId(),
'', ['Manager'],
''
)
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
wftool.doActionFor(new_order, "pay_not_sent")
## Reset security manager
setSecurityManager(old_sm)
# Redirect
customer = \
ICustomerManagement(self.context).getAuthenticatedCustomer()
selected_payment_method = \
IPaymentInformationManagement(customer).getSelectedPaymentMethod()
if not IAsynchronPaymentMethod.providedBy(selected_payment_method):
ICheckoutManagement(self.context).redirectToNextURL("BUYED_ORDER")
