Exemplo n.º 1
0
def guarded_import(mname, globals=None, locals=None, fromlist=None, level=-1):
    for fromname in fromlist or ():
        if fromname[:1] == '_':
            raise Unauthorized(fromname)
    # ZODB Components must be imported beforehand as ModuleSecurityInfo() may be
    # called there and AccessControl secureModule() expects to find the module
    # in _moduleSecurity dict. Also, import loader will fill MNAME_MAP.
    if mname.startswith('erp5.component.'):
        # Call find_load_module() to log errors as this will always raise
        # Unauthorized error without details
        #
        # XXX: pkgutil.get_loader() only works with '__path__'
        import erp5.component
        _, _, package_name, module_name = mname.split('.', 3)
        try:
            component_package = getattr(erp5.component, package_name)
        except AttributeError:
            raise Unauthorized(mname)
        if component_package.find_load_module(module_name) is None:
            raise Unauthorized(mname)
    if mname in MNAME_MAP:
        mname = MNAME_MAP[mname]
        if not fromlist:
            # fromlist value is meaningless but required. See __import__ doc.
            fromlist = ['__name__']
    return orig_guarded_import(mname, globals, locals, fromlist, level)
Exemplo n.º 2
0
def guarded_import(mname, globals=None, locals=None, fromlist=None, level=-1):
    for fromname in fromlist or ():
        if fromname[:1] == '_':
            raise Unauthorized(fromname)
    if mname in MNAME_MAP:
        mname = MNAME_MAP[mname]
        if not fromlist:
            # fromlist value is meaningless but required. See __import__ doc.
            fromlist = ['__name__']
    return orig_guarded_import(mname, globals, locals, fromlist, level)
Exemplo n.º 3
0
 def dummyMethod(*args, **kw):
     raise Unauthorized(name)