def wrapWorkflowMethod(self, ob, method_id, func, args, kw): ''' Allows the user to request a workflow action. This method must perform its own security checks. ''' sdef = self._getWorkflowStateOf(ob) if sdef is None: raise WorkflowException, 'Object is in an undefined state' if method_id not in sdef.transitions: raise Unauthorized(method_id) tdef = self.transitions.get(method_id, None) if tdef is None or tdef.trigger_type != TRIGGER_WORKFLOW_METHOD: raise WorkflowException, ( 'Transition %s is not triggered by a workflow method' % method_id) if not self._checkTransitionGuard(tdef, ob): raise Unauthorized(method_id) res = func(*args, **kw) try: self._changeStateOf(ob, tdef) except ObjectDeleted: # Re-raise with a different result. raise ObjectDeleted(res) except ObjectMoved, ex: # Re-raise with a different result. raise ObjectMoved(ex.getNewObject(), res)
def DCWorkflowDefinition_notifyWorkflowMethod(self, ob, transition_list, args=None, kw=None): ''' Allows the system to request a workflow action. This method must perform its own security checks. ''' if type(transition_list) in StringTypes: method_id = transition_list elif len(transition_list) == 1: method_id = transition_list[0] else: raise ValueError( 'WorkflowMethod should be attached to exactly 1 transition per DCWorkflow instance.' ) sdef = self._getWorkflowStateOf(ob) if sdef is None: raise WorkflowException, 'Object is in an undefined state' if method_id not in sdef.transitions: raise Unauthorized(method_id) tdef = self.transitions.get(method_id, None) if tdef is None or tdef.trigger_type != TRIGGER_WORKFLOW_METHOD: raise WorkflowException, ( 'Transition %s is not triggered by a workflow method' % method_id) if not self._checkTransitionGuard(tdef, ob): raise Unauthorized(method_id) self._changeStateOf(ob, tdef, kw) if getattr(ob, 'reindexObject', None) is not None: if kw is not None: activate_kw = kw.get('activate_kw', {}) else: activate_kw = {} ob.reindexObject(activate_kw=activate_kw)
def _set(self, instance, value, **kw): """Set the value of the field """ logger.debug("ATFieldManager::set: value=%r" % value) # check field permission if not self.field.checkPermission("write", instance): raise Unauthorized( "You are not allowed to write the field {}".format(self.name)) # check if field is writable if not self.field.writeable(instance): raise Unauthorized("Field {} is read only.".format(self.name)) # id fields take only strings if self.name == "id": value = str(value) # get the field mutator mutator = self.field.getMutator(instance) # Inspect function and apply *args and **kwargs if possible. mapply(mutator, value, **kw) return True
def deletelayout(self): layout_resources = queryResourceDirectory( CONTENT_LAYOUT_RESOURCE_NAME, 'custom') layout_path = self.request.form.get('layout') if len(layout_path.split('/')) <= 2: sm = getSecurityManager() # this is a global layout, need to check permissions if not sm.checkPermission('Plone: Manage Content Layouts', api.portal.get()): raise Unauthorized("User not allowed to delete global layout") else: # check this user is allowed to delete this template user_dir = 'custom/user-layouts/{0:s}'.format( api.user.get_current().getId()) if not layout_path.startswith(user_dir): raise Unauthorized("You are not allowed to delete this layout") # find directory filename = layout_path.split('/')[-1] directory = layout_resources for part in layout_path.replace('custom/', '').split('/')[:-1]: directory = directory[part] del directory[filename] # now to modify manifest to not include if MANIFEST_FILENAME in directory.listDirectory(): manifest = loadManifest(directory.readFile(MANIFEST_FILENAME)) removeLayout(manifest, filename) directory.writeFile(MANIFEST_FILENAME, dumpManifest(manifest)) # now reassign if provided replacement = self.request.form.get('replacement') if replacement: replacement = self._get_layout_path(replacement) catalog = api.portal.get_tool('portal_catalog') for brain in catalog(layout=self._get_layout_path(layout_path)): obj = brain.getObject() layout_data = ILayoutAware(obj, None) if layout_data: layout_data.contentLayout = replacement obj.reindexObject(idxs=['layout']) return json.dumps( { 'success': True, 'user_layouts': getUserContentLayoutsForType( self.context.portal_type ), 'available_layouts': getContentLayoutsForType( self.context.portal_type, self.context ) } )
def verify_may_untrash(self, raise_on_violations=True): if not self.check_untrash_permission(): if raise_on_violations: raise Unauthorized() return False if not ITrashed.providedBy(self.context) or self.context.is_removed: if raise_on_violations: raise Unauthorized() return False return True
def _check_add_permission(self, status): permission = "Plone Social: Add Microblog Status Update" try: check_context = status.microblog_context if check_context is None: check_context = self # Fall back to tool except AttributeError: raise Unauthorized("You do not have permission <%s>" % permission) if not api.user.has_permission( permission, obj=check_context): raise Unauthorized("You do not have permission <%s>" % permission)
def untrash(self): if not _checkPermission('opengever.trash: Untrash content', self.context): raise Unauthorized() folder = aq_parent(aq_inner(self.context)) if not _checkPermission('opengever.trash: Trash content', folder): raise Unauthorized() noLongerProvides(self.context, ITrashed) self.reindex() notify(UntrashedEvent(self.context))
def can_write(self, field): """ check if the field is writeable """ # check if the field is read only if field.readonly: raise Unauthorized("Field '%s' is read-only" % field.__name__) # XXX: How to check security on the field level? sm = getSecurityManager() permission = permissions.ModifyPortalContent if not sm.checkPermission(permission, self.context): raise Unauthorized("Not allowed to modify this content") return field
def protect_del_objects(self, ids=None): sm = getSecurityManager() if not sm.checkPermission('Delete objects', self): raise Unauthorized("Do not have permissions to remove this object") if ids is None: ids = [] if isinstance(ids, basestring): ids = [ids] for id_ in ids: item = self._getOb(id_) if not sm.checkPermission("Delete portal content", item): raise Unauthorized("Do not have permissions to remove this object")
def wrapped_fn(f, self, *args, **kwargs): if callable(permission): if not permission(self, *args, **kwargs): args = (f.__name__, permission.__name__) raise Unauthorized('Calling %s requires "%s" permission' % args) return f(self, *args, **kwargs) else: if not Zuul.checkPermission(permission, self.context): args = (f.__name__, permission) raise Unauthorized('Calling %s requires "%s" permission' % args) return f(self, *args, **kwargs)
def __call__(self): sm = getSecurityManager() context = aq_inner(self.context) # If the user has the global Manage Portlets permission, let them # run wild if not sm.checkPermission("Portlets: Manage own portlets", context): raise Unauthorized("You are not allowed to manage portlets") user_id = sm.getUser().getId() if context.__name__ != user_id: raise Unauthorized( "You are only allowed to manage your own portlets")
def __call__(self, *args, **kwargs): request = self.request form = request.form context = self.context putils = getToolByName(context, 'plone_utils') b_start = form.get('b_start', None) if not self.check_labeling_permission(): raise Unauthorized("You can't modify the label") if form.get('cancel'): return request.response.redirect( "%s/edit-table%s" % (context.absolute_url(), b_start and '?b_start:int=%d' % b_start or '')) if form.get('form.submitted'): if not form.get('label'): putils.addPortalMessage(_('Label is required'), type="error") return request.response.redirect( "%s/edit-label%s" % (context.absolute_url(), b_start and '?b_start:int=%d' % b_start or '')) # saving self._save() putils.addPortalMessage(_('Label has been saved')) return request.response.redirect( "%s/edit-table%s" % (context.absolute_url(), b_start and '?b_start:int=%d' % b_start or '')) elif form.get('row-index') is not None and not form.get('addLabel'): # load an existing row self.data = self.storage[form.get('row-index')].get( '__label__', '') return self.index()
def __call__(self, *args, **kwargs): context = self.context request = self.request form = request.form self.row_index = form.get('row-index', None) b_start = form.get('b_start', None) if form.get('cancel'): request.response.redirect( "%s/edit-table%s" % (context.absolute_url(), b_start and '?b_start:int=%d' % b_start or '')) return if form.get('form.submitted'): # saving putils = getToolByName(context, 'plone_utils') self._save() if self.errors: del form['form.submitted'] self.data.update(**form) return self.index() putils.addPortalMessage(_('Row has been saved')) request.response.redirect( "%s/edit-table%s" % (context.absolute_url(), b_start and '?b_start:int=%d' % b_start or '')) return elif self.row_index is not None and not form.get('addRow'): # load an existing row if not self.check_manager_or_mine_record(self.row_index): raise Unauthorized("You can't modify that record") else: self.data = self.storage[self.row_index] return self.index()
def get_batched(context, portal_type=None, uid=None, endpoint=None, **kw): """Get batched results """ # TODO: to move to baobab lims jsonapi ----- pm = getToolByName(context, 'portal_membership') roles = pm.getAuthenticatedMember().getRoles() if 'EMS' in roles or uid == "allowSharing": uid = None if portal_type == 'Sample': kw['object_provides'] = ISharableSample.__identifier__ req.get_request().form["catalog"] = "portal_catalog" else: raise Unauthorized( "You don't have access permission to {}".format(portal_type)) # TODO: ------ # fetch the catalog results results = get_search_results(portal_type=portal_type, uid=uid, **kw) # fetch the batch params from the request size = req.get_batch_size() start = req.get_batch_start() # check for existing complete flag complete = req.get_complete(default=_marker) if complete is _marker: # if the uid is given, get the complete information set complete = uid and True or False # return a batched record return get_batch(results, size, start, endpoint=endpoint, complete=complete)
def listFolderContents(self, spec=None, contentFilter=None, suppressHiddenFiles=0): """ Hook around 'contentValues' to let 'folder_contents' be protected. Duplicating skip_unauthorized behavior of dtml-in. In the world of Plone we do not want to show objects that begin with a . So we have added a simply check. We probably dont want to raise an Exception as much as we want to not show it. """ items = self.contentValues(spec=spec, filter=contentFilter) l = [] for obj in items: id = obj.getId() v = obj try: if suppressHiddenFiles and id[:1] == '.': raise Unauthorized(id, v) if getSecurityManager().validate(self, self, id, v): l.append(obj) except (Unauthorized, 'Unauthorized'): pass return l
def handle_rename(self, action): request = self.request data, errors = self.extractData() if errors: return context = self.context parent = aq_parent(aq_inner(context)) sm = getSecurityManager() if not sm.checkPermission("Copy or Move", parent): raise Unauthorized( _( u"Permission denied to rename ${title}.", mapping={u"title": context.title}, )) newid = data["new_id"] newtitle = data["new_title"] try: notify(events.AsyncBeforeRename(context, newid, newtitle)) except Unauthorized: IStatusMessage(self.request).add( _( u"Permission denied to rename ${title}.", mapping={u"title": context.title}, )) return self.request.response.redirect(context.absolute_url()) except interfaces.AsyncValidationFailed, e: IStatusMessage(request).add(unicode(e)) return request.response.redirect(context.absolute_url())
def get_membrain(self): """return the member as a brain (Products.Membrane)""" if self.memberid is None: raise Unauthorized() brains = self.membrane_tool(exact_getUserId=self.memberid) if len(brains) == 1: return brains[0]
def _generate_doc(self, pod_template, output_format): """ Generate a document of format 'output_format' from the template 'pod_template'. """ if not pod_template.can_be_generated(self.context): raise Unauthorized( 'You are not allowed to generate this document.') if output_format not in pod_template.get_available_formats(): raise Exception("Asked output format '{0}' " "is not available for template '{1}'!".format( output_format, pod_template.getId())) # subtemplates should not refer to each other in a cyclic way. self._check_cyclic_merges(pod_template) # Recursive generation of the document and all its subtemplates. document_path = self._recursive_generate_doc(pod_template, output_format) rendered_document = open(document_path, 'rb') rendered = rendered_document.read() rendered_document.close() os.remove(document_path) filename = u'{}.{}'.format(pod_template.title, output_format) return rendered, filename
def __call__(self): if self.request.method != 'POST': raise Unauthorized() line = self.request.form.get('line', '') if not line.strip(): return '' line = line.rstrip() + '\n' portal = getToolByName(self.context, 'portal_url').getPortalObject() app = portal.getPhysicalRoot() globs = { 'context': self.context, 'request': self.request, 'portal': portal, 'app': app, } globs.update(VARS.get(self.context)) context = evalcontext.EvalContext({}, globs) output = context.exec_expr(line) VARS.update(self.context, globs) line_html = formatter.str2html(line) return ('<code style="color: #060">>>></code> ' '%s<br />\n%s' % (preserveWhitespace( line_html, quote=False), preserveWhitespace(output)))
def replace_interactive_user(self, principal): """Replaces interactive users in the principal. """ if principal == 'responsible': # find the dossier dossier = self.context while not IDossierMarker.providedBy(dossier): if IPloneSiteRoot.providedBy(dossier): raise ValueError('Could not find dossier') dossier = aq_parent(aq_inner(dossier)) # get the responsible of the dossier wrapped_dossier = IDossier(dossier) return wrapped_dossier.responsible elif principal == 'current_user': # get the current user mtool = getToolByName(self.context, 'portal_membership') member = mtool.getAuthenticatedMember() if not member: raise Unauthorized() return member.getId() else: return principal
def addContentToContainer(container, object, checkConstraints=True): """Copy of plone.dexterity.util.addContentToContainer. Modified to check the existing Id on the object before paving over it. """ if not hasattr(aq_base(object), 'portal_type'): raise ValueError('object must have its portal_type set') container = aq_inner(container) if checkConstraints: container_fti = container.getTypeInfo() fti = getUtility(IDexterityFTI, name=object.portal_type) if not fti.isConstructionAllowed(container): raise Unauthorized('Cannot create {0}'.format(object.portal_type)) if container_fti is not None and \ not container_fti.allowType(object.portal_type): raise ValueError('Disallowed subobject type: {0}'.format( object.portal_type)) chooser = INameChooser(container) if hasattr(object, 'id') and chooser.checkName(object.id, object): name = object.id else: name = INameChooser(container).chooseName(None, object) object.id = name newName = container._setObject(name, object) return container._getOb(newName)
def addContentToContainer(container, object, checkConstraints=True): """Add an object to a container. The portal_type must already be set correctly. If checkConstraints is False no check for addable content types is done. The new object, wrapped in its new acquisition context, is returned. """ if not hasattr(aq_base(object), "portal_type"): raise ValueError("object must have its portal_type set") container = aq_inner(container) if checkConstraints: container_fti = container.getTypeInfo() fti = getUtility(IDexterityFTI, name=object.portal_type) if not fti.isConstructionAllowed(container): raise Unauthorized("Cannot create %s" % object.portal_type) if container_fti is not None \ and not container_fti.allowType(object.portal_type): raise ValueError("Disallowed subobject type: %s" % object.portal_type) name = getattr(aq_base(object), 'id', None) name = INameChooser(container).chooseName(name, object) object.id = name newName = container._setObject(name, object) try: return container._getOb(newName) except AttributeError: uuid = IUUID(object) return uuidToObject(uuid)
def _checkConversionFormatPermission(self, format, lock_checking=False, **kw): """Private method to check permission when access specified format. This method raises """ transaction_variable = getTransactionalVariable() if transaction_variable.get(LOCK_PERMISSION_KEY, False): # Permission already checked in convert with final format, # do not check permission for intermediate formats return True # XXX cache result in TV method = self._getTypeBasedMethod( 'checkConversionFormatPermission', fallback_script_id='Document_checkConversionFormatPermission') if '**' not in method.params(): # Backward compatibility code: # Existing Type Based Method doesn't support new **kw argument # in their signature. is_allowed = method(format=format) else: is_allowed = method(format=format, **kw) if not is_allowed: raise Unauthorized('Document: user does not have enough permission'\ ' to access document in %s format' %\ (format or 'original')) transaction_variable[LOCK_PERMISSION_KEY] = lock_checking
def __call__(self): self.portal_properties = getUtility(IPropertiesTool) self.portal_catalog = getToolByName(self.context, 'portal_catalog') # XXX: getUtility call does not work. self.membership_tool = getToolByName(self.context, 'portal_membership') self.portal_state = getMultiAdapter((self.context, self.request), name=u'plone_portal_state') self.feedback_form = AuthorFeedbackForm(self.context, self.request) self.feedback_form.update() self.feedback_form.widgets["author"].mode = HIDDEN_MODE self.feedback_form.widgets["referer"].mode = HIDDEN_MODE self.feedback_form.widgets["author"].value = self.username self.feedback_form.widgets["referer"].value = self.request.get( 'referer', self.request.get('HTTP_REFERER', 'unknown url')) registry = getUtility(IRegistry) security_settings = registry.forInterface(ISecuritySchema, prefix='plone') allow_anonymous_view_about = security_settings.allow_anon_views_about if self.is_anonymous and not allow_anonymous_view_about: raise Unauthorized() return self.index()
def replace_with_objects(self, obj): if not self.isAllowedToEdit(): raise Unauthorized( _("You are not allowed to add content to " "this tile")) notify(ObjectModifiedEvent(self))
def validate(self): ''' Check that the token passed in the request is equal to the one generate in our secret way ''' token = self.request.get('token') if token != self.get_token(): raise Unauthorized("Access denied to anonymous")
def addAnswer(self, value, comments=""): """Add an answer and optional comments for a user. This method protects _addAnswer from anonymous users specifying a userid when they vote, and thus apparently voting as another user of their choice. """ # Get hold of the parent survey survey = None ob = self while survey is None: ob = aq_parent(aq_inner(ob)) if ob.meta_type == 'Survey': survey = ob elif getattr(ob, '_isPortalRoot', False): raise Exception("Could not find a parent Survey.") portal_membership = getToolByName(self, 'portal_membership') is_anon = portal_membership.isAnonymousUser() if is_anon and not survey.getAllowAnonymous(): raise Unauthorized( "This survey is not available to anonymous users.") userid = self.getSurveyId() if is_anon and userid not in survey.getRespondentsList(): # anon is not added on survey view, so may need to be added survey.addRespondent(userid) # Call the real method for storing the answer for this user. return self._addAnswer(userid, value, comments)
def get_user(self): ''' Get the requested user ''' user = pi_api.userprofile.get_current() if not user: raise Unauthorized("Only valid users can access this menu") return user
def _assertAuthorized(self, obj, permission, name=None): # We need to provide access to the repository upon the object # permissions istead of repositories method permissions. # So the repository method access is set to public and the # access is check on the object when needed. if not _checkPermission(permission, obj): raise Unauthorized(name)
def _check_permission(self, perm="read"): if perm == "read": permission = "Plone Social: View Microblog Status Update" else: permission = "Plone Social: Add Microblog Status Update" if not getSecurityManager().checkPermission(permission, self): raise Unauthorized("You do not have permission <%s>" % permission)