def test_security_defined_on_class(self): # wrapping a method in an interaction workflow adds a default security to # this method, but does not override existing security definition (defined # on the class) from erp5.component.document.Organisation import Organisation security = ClassSecurityInfo() security.declarePrivate('doSomethingStupid') security.apply(Organisation) self.createInteractionWorkflow() self.interaction.setProperties('default', method_id='doSomethingStupid', after_script_name=('afterEdit', )) self.script.ZPythonScript_edit('sci', '') self.assertEqual(self.organisation.doSomethingStupid__roles__, ())
def test_security_defined_on_class(self): # wrapping a method in an interaction workflow adds a default security to # this method, but does not override existing security definition (defined # on the class) Organisation = Products.ERP5.Document.Organisation.Organisation security = ClassSecurityInfo() security.declarePrivate('doSomethingStupid') security.apply(Organisation) self.createInteractionWorkflow() self.interaction.setProperties( 'default', method_id='doSomethingStupid', after_script_name=('afterEdit',)) self.script.ZPythonScript_edit('sci', '') self.createData() self.assertEqual(self.organisation.doSomethingStupid__roles__, ())
class ZClassSecurityInfo(object): """Use AccessControl.ClassSecurityInfo as a function decorator.""" def __init__(self): """Initialize a ZClassSecurityInfo instance.""" self.__csi = ClassSecurityInfo() def private(self, f): """Declare the given function as private.""" self.__csi.declarePrivate(f.func_name) return f def protected(self, permission): """Declare the given function as protected.""" def wrap(f): self.__csi.declareProtected(permission, f.func_name) return f return wrap def __getattr__(self, name): """Return the value of the named attribute.""" return getattr(self.__csi, name)
def DCWorkflowDefinition_notifyBefore(self, ob, transition_list, args=None, kw=None): ''' Notifies this workflow of an action before it happens, allowing veto by exception. Unless an exception is thrown, either a notifySuccess() or notifyException() can be expected later on. The action usually corresponds to a method name. ''' pass def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=None, kw=None): ''' Notifies this workflow that an action has taken place. ''' pass security.declarePrivate('notifyWorkflowMethod') DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess WORKLIST_METADATA_KEY = 'metadata' SECURITY_PARAMETER_ID = 'local_roles' COUNT_COLUMN_TITLE = 'count' class ExclusionList(list): """ This is a dummy subclass of list. It is only used to detect wether contained values must be negated. It is not to be used outside of the scope of this document nor outside of the scope of worklist criterion handling. """
if state_definition is not None: if action in state_definition.transitions: transition_definition = workflow.transitions.get(action, None) if transition_definition is not None and \ transition_definition.trigger_type == TRIGGER_USER_ACTION: return workflow._checkTransitionGuard( transition_definition, ob, **guard_kw) raise WorkflowException( _(u"No workflow provides the '${action_id}' action.", mapping={'action_id': action})) WorkflowTool.canDoActionFor = canDoActionFor security.declarePrivate('_listTypeInfo') def _listTypeInfo(self): """ List the portal types which are available. """ # <patch> ttool = getattr(self.getPortalObject(), "portal_types", None) # </patch> if ttool is not None: return ttool.listTypeInfo() return () WorkflowTool._listTypeInfo = _listTypeInfo
return msg templates = ('zpt/tabComments', 'zpt/editCommentsForm', 'zpt/mail_newCommentToWebmaster', 'zpt/mail_newCommentToParent', 'zpt/mail_rejectCommentToAuthor', 'zpt/mail_deleteCommentToAuthor', 'zpt/mail_approveCommentToAuthor', ) addTemplates2Class(CommentsStorage, templates, globals_=globals()) security = ClassSecurityInfo() security.declareProtected(VMS, 'tabComments') security.declareProtected(MANAGE_CONTENT_PERMISSIONS, 'editCommentsForm') security.declarePrivate('mail_newCommentToWebmaster') security.declarePrivate('mail_newCommentToParent') security.declarePrivate('mail_rejectCommentToAuthor') security.declarePrivate('mail_deleteCommentToAuthor') security.declarePrivate('mail_approveCommentToAuthor') security.apply(CommentsStorage) import unittest import sys class CommentsStorageTests(unittest.TestCase): """ Test class for CommentsStorage class """ def test_addComment1(self):
return result def DA_upgradeSchema(self, connection_id=None, create_if_not_exists=False, initialize=None, src__=0, **kw): return self.getPortalObject()[connection_id or self.connection_id]() \ .upgradeSchema(self(src__=1, **kw), create_if_not_exists, initialize, src__) DA.__call__ = DA__call__ security.declarePrivate('fromFile') DA.fromFile = DA_fromFile security.declarePrivate('fromText') DA.fromText = DA_fromText DA.manage_FTPget = DA_manage_FTPget DA.PUT = DA_PUT DA._upgradeSchema = DA_upgradeSchema # Patch to allow using ZODB components for brains def getObjectMeta(original_function): def getObject(module, name, reload=0): # Modified version that ignore errors as long as the module can be be # imported, which is enough to use a ZODB Extension as a brain. try: m = __import__('erp5.component.extension.%s' % module, globals(),
def om_icons(self): """Return a list of icon URLs to be displayed by an ObjectManager""" icons = ({'path': 'misc_/PythonScripts/pyscript.gif', 'alt': self.meta_type, 'title': self.meta_type},) if self.haveProxyRole(): icons = ({'path': 'p_/PythonScript_ProxyRole_icon', 'alt': 'Proxy Roled Python Script', 'title': 'This script has proxy role.'},) return icons pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals()) # # Add proxy role icon in ZMI # security.declarePrivate('haveProxyRole') PythonScript.haveProxyRole = haveProxyRole PythonScript.om_icons = om_icons p_.PythonScript_ProxyRole_icon = pyscript_proxyrole # Patch for displaying textearea in full window instead of # remembering a quantity of lines to display in a cookie manage_editForm = DTMLFile("pyScriptEdit", _dtmldir) manage_editForm._setName('manage_editForm') PythonScript.ZPythonScriptHTML_editForm = manage_editForm PythonScript.manage_editForm = manage_editForm PythonScript.manage = manage_editForm PythonScript.manage_main = manage_editForm PythonScript.manage_editDocument = manage_editForm
'value_class':<dtml-var "value_classes[0].getCleanName()">, </dtml-if> </dtml-let> <dtml-if "klass.getTaggedValue('validation_expression')"> 'validators':(ExpressionValidator('''python:<dtml-var "klass.getTaggedValue('validation_expression')">'''),), </dtml-if> <dtml-var "generator.getProtectedSection(parsed_class,'field-properties',2)"> }) security = ClassSecurityInfo() <dtml-if "parentname=='CompoundField'"> schema=schema </dtml-if> security.declarePrivate('set') security.declarePrivate('get') <dtml-if "not parsed_class"> def get(self, instance, **kwargs): return <dtml-var parentname>.get(self, instance, **kwargs) def getRaw(self, instance, **kwargs): return <dtml-var parentname>.getRaw(self, instance, **kwargs) security.declarePrivate('set') def set(self, instance, value, **kwargs): return <dtml-var parentname>.set(self, instance, value, **kwargs) </dtml-if>
Notifies this workflow of an action before it happens, allowing veto by exception. Unless an exception is thrown, either a notifySuccess() or notifyException() can be expected later on. The action usually corresponds to a method name. """ pass def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=None, kw=None): """ Notifies this workflow that an action has taken place. """ pass security.declarePrivate("notifyWorkflowMethod") DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess WORKLIST_METADATA_KEY = "metadata" SECURITY_PARAMETER_ID = "local_roles" COUNT_COLUMN_TITLE = "count" class ExclusionList(list): """ This is a dummy subclass of list. It is only used to detect wether contained values must be negated. It is not to be used outside of the scope of this document nor outside of the scope of worklist criterion handling.
""" Patches for Products.CMFCore """ from AccessControl import ClassSecurityInfo from eea.workflow.events import InitialStateCreatedEvent from zope.event import notify security = ClassSecurityInfo() security.declarePrivate('notifyCreated') def notifyCreated(self, ob): """ Notify all applicable workflows that an object has been created and put in its new place. The patch adds a single line that uses zope.event to notify of the IInitialStateCreatedEvent event """ self._old_notifyCreated(ob) notify(InitialStateCreatedEvent(ob))
if test__ and columns != self._col: self._col=columns # If run in test mode, return both the query and results so # that the template doesn't have to be rendered twice! if test__: return query, result return result def DA_upgradeSchema(self, connection_id=None, create_if_not_exists=False, initialize=None, src__=0, **kw): return self.getPortalObject()[connection_id or self.connection_id]() \ .upgradeSchema(self(src__=1, **kw), create_if_not_exists, initialize, src__) DA.__call__ = DA__call__ security.declarePrivate('fromFile') DA.fromFile = DA_fromFile security.declarePrivate('fromText') DA.fromText = DA_fromText DA.manage_FTPget = DA_manage_FTPget DA.PUT = DA_PUT DA._upgradeSchema = DA_upgradeSchema # Patch to allow using ZODB components for brains def getObjectMeta(original_function): def getObject(module, name, reload=0): # Modified version that ignore errors as long as the module can be be # imported, which is enough to use a ZODB Extension as a brain. try: m = __import__('erp5.component.extension.%s' % module, globals(),
}, ) if self.haveProxyRole(): icons = ({ 'path': 'p_/PythonScript_ProxyRole_icon', 'alt': 'Proxy Roled Python Script', 'title': 'This script has proxy role.' }, ) return icons pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals()) # # Add proxy role icon in ZMI # security.declarePrivate('haveProxyRole') PythonScript.haveProxyRole = haveProxyRole PythonScript.om_icons = om_icons p_.PythonScript_ProxyRole_icon = pyscript_proxyrole # Patch for displaying textearea in full window instead of # remembering a quantity of lines to display in a cookie manage_editForm = DTMLFile("pyScriptEdit", _dtmldir) manage_editForm._setName('manage_editForm') PythonScript.ZPythonScriptHTML_editForm = manage_editForm PythonScript.manage_editForm = manage_editForm PythonScript.manage = manage_editForm PythonScript.manage_main = manage_editForm PythonScript.manage_editDocument = manage_editForm PythonScript.manage_editForm = manage_editForm