def createObjectAsPortalOwner(container, type_name, id_):
"""Create an object as the portal owner"""
info = interfaces.ITemplateTypeInfo(
container.portal_types.getTypeInfo(type_name), None)
if info is None:
return
template = info.getTemplate(container)
if template is None:
return
source = Acquisition.aq_parent(Acquisition.aq_inner(template))
sm = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(
None,
container.portal_url.getPortalObject().getOwner())
result, = container.manage_pasteObjects(
source.manage_copyObjects([template.getId()]))
container.manage_renameObject(result['new_id'], id_)
SecurityManagement.setSecurityManager(sm)
added = container[id_]
owner.changeOwnershipOf(added)
event.notify(interfaces.TemplateCopiedEvent(added, template))
return added
def flash_upload_file(self) :
context = aq_inner(self.context)
request = self.request
self._auth_with_ticket()
file_name = request.form.get("Filename", "")
file_data = request.form.get("Filedata", None)
content_type = mimetypes.guess_type(file_name)[0]
portal_type = request.form.get('typeupload', '')
title = request.form.get("title", None)
description = request.form.get("description", None)
if not portal_type :
ctr = getToolByName(context, 'content_type_registry')
portal_type = ctr.findTypeName(file_name.lower(), content_type, '') or 'File'
if file_data:
factory = IQuickUploadFileFactory(context)
logger.debug("Uploading file with flash: filename=%s, title=%s, "
"description=%s, content_type=%s, portal_type=%s" % (
file_name, title, description, content_type, portal_type)
)
try :
f = factory(file_name, title, description, content_type, file_data, portal_type)
except :
# XXX todo : improve errors handlers for flashupload
raise
if f['success'] is not None :
o = f['success']
logger.info("file url: %s" % o.absolute_url())
SecurityManagement.setSecurityManager(self.old_sm)
return o.absolute_url()
def reorderFolderContents(folder, encodedlist, reverse=False):
# id[]=313128&id[]=800959&id[]=304611&id[]=947600&id[]=588736&id[]=274764
folder = folder.aq_inner
encodedlist = encodedlist.strip()
if not encodedlist:
return
ids = [id.split('=')[1] for id in encodedlist.split('&')]
if reverse:
ids.reverse()
ctool = getToolByName(folder, 'portal_catalog')
existing_ids = folder.objectIds()
moved_ids = [id for id in ids if id not in existing_ids]
# print moved_ids, ids, existing_ids
if moved_ids:
parent_path = '/'.join(folder.aq_inner.aq_parent.getPhysicalPath())
brains = ctool(path=parent_path,
portal_type='TodoItem',
getId=moved_ids)
for b in brains:
o = b.getObject()
cutted = o.aq_parent.manage_cutObjects([o.getId()])
# 解决粘贴的时候权限的问题
originalSecurityManager = SecurityManagement.getSecurityManager()
username = originalSecurityManager.getUser().getUserName()
deliverUser = User.SimpleUser(username, '', ['Manager', 'Owner'],
'')
acl_users = folder.acl_users.aq_inner
deliverUser = deliverUser.__of__(acl_users)
SecurityManagement.newSecurityManager(None, deliverUser)
folder.manage_pasteObjects(cutted)
SecurityManagement.setSecurityManager(originalSecurityManager)
_dict = {}
unchanged = []
for obj in folder._objects:
if obj['id'] not in ids:
unchanged.append(obj)
else:
_dict[obj['id']] = obj
# 注意,可能传过来了不存在的id, 在对象被删除后会发生!
ordered = [_dict[id] for id in ids if id in _dict]
ordered.extend(unchanged)
folder._objects = tuple(ordered)
# 更新索引
for id in _dict:
obj = getattr(folder, id)
ctool.reindexObject(obj,
idxs=['getObjPositionInParent'],
update_metadata=1)
def __call__(self):
""" Create a new revision folder based on an existing item """
context_id = self.context.getId()
parent = getMultiAdapter((self.context, self.request), name=u'plone_context_state').parent()
try:
uniqueid = parent.generateUniqueId('Folder')
uniqueid = parent.invokeFactory('Folder', uniqueid)
folderish_obj = getattr(parent, uniqueid)
folderish_obj.setTitle(self.context.Title())
alsoProvides(folderish_obj, IRevision)
revision_info = IRevisionInfo(folderish_obj)
next_code = revision_info.next_code()
transaction.savepoint(optimistic=True)
_move(parent, self.context, folderish_obj, context_id, next_code)
revisionfile = getattr(folderish_obj, next_code)
alsoProvides(revisionfile, IRevisionFile)
_move(parent, folderish_obj, parent, uniqueid, context_id)
newcontext = getattr(parent, context_id)
ppw = getToolByName(newcontext, 'portal_placeful_workflow', None)
if ppw:
portal_type = self.context.portal_type
priority_utility = queryUtility(IRevisionWorkflowUtility, name=portal_type)
priority_utility = not priority_utility and queryUtility(IRevisionWorkflowUtility)
policy_id = priority_utility and priority_utility.policy_id()
if policy_id and ppw.isValidPolicyName(policy_id):
old_sm = SecurityManagement.getSecurityManager()
try:
SecurityManagement.newSecurityManager(None, SpecialUsers.system)
newcontext.manage_addProduct['CMFPlacefulWorkflow'].manage_addWorkflowPolicyConfig()
config = ppw.getWorkflowPolicyConfig(newcontext)
config.setPolicyIn(policy=policy_id)
config.setPolicyBelow(policy=policy_id, update_security=True)
finally:
SecurityManagement.setSecurityManager(old_sm)
newcontext.reindexObject()
newcontext.reindexObjectSecurity()
except ConflictError:
raise
except Exception:
view_url = getMultiAdapter((self.context, self.request), name=u'plone_context_state').view_url()
self.request.response.redirect(view_url)
IStatusMessage(self.request).addStatusMessage(_(u'enabled_revision_error', default=u'Error'), type='error')
else:
view_url = getMultiAdapter((folderish_obj, self.request), name=u'plone_context_state').view_url()
self.request.response.redirect(view_url)
IStatusMessage(self.request).addStatusMessage(_(u'enabled_revision_ok', default=u'Revision created correctly'), type='info')
def adopt_system(user=SpecialUsers.system):
"""
Execute this block of code as the system user.
"""
old_security_manager = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(globalrequest.getRequest(), user)
yield
SecurityManagement.setSecurityManager(old_security_manager)
def reorderFolderContents(folder, encodedlist, reverse=False):
# id[]=313128&id[]=800959&id[]=304611&id[]=947600&id[]=588736&id[]=274764
folder = folder.aq_inner
encodedlist = encodedlist.strip()
if not encodedlist:
return
ids = [id.split('=')[1] for id in encodedlist.split('&')]
if reverse:
ids.reverse()
ctool = getToolByName(folder, 'portal_catalog')
existing_ids = folder.objectIds()
moved_ids = [id for id in ids if id not in existing_ids]
# print moved_ids, ids, existing_ids
if moved_ids:
parent_path = '/'.join(folder.aq_inner.aq_parent.getPhysicalPath())
brains = ctool(path=parent_path,
portal_type='TodoItem',
getId=moved_ids)
for b in brains:
o = b.getObject()
cutted = o.aq_parent.manage_cutObjects([o.getId()])
# 解决粘贴的时候权限的问题
originalSecurityManager = SecurityManagement.getSecurityManager()
username = originalSecurityManager.getUser().getUserName()
deliverUser = User.SimpleUser(username,'', ['Manager', 'Owner'], '')
acl_users = folder.acl_users.aq_inner
deliverUser = deliverUser.__of__(acl_users)
SecurityManagement.newSecurityManager(None, deliverUser)
folder.manage_pasteObjects(cutted)
SecurityManagement.setSecurityManager(originalSecurityManager)
_dict = {}
unchanged = []
for obj in folder._objects:
if obj['id'] not in ids:
unchanged.append(obj)
else:
_dict[obj['id']] = obj
# 注意,可能传过来了不存在的id, 在对象被删除后会发生!
ordered = [_dict[id] for id in ids if id in _dict]
ordered.extend(unchanged)
folder._objects = tuple(ordered)
# 更新索引
for id in _dict:
obj = getattr(folder, id)
ctool.reindexObject(obj, idxs=['getObjPositionInParent'], update_metadata=1)
def create_folder(self, context, id, title=''):
old_sm = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(None, SpecialUsers.system)
try:
folder = api.content.create(type=self.action.folderish_type,
id=id,
title=title,
container=context)
for transition in self.action.transitions:
api.content.transition(obj=folder, transition=transition)
finally:
SecurityManagement.setSecurityManager(old_sm)
return folder
def create_folder(self, context, id, title=''):
old_sm = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(None, SpecialUsers.system)
try:
folder = api.content.create(type=self.action.folderish_type,
id=id,
title=title,
container=context)
for transition in self.action.transitions:
api.content.transition(obj=folder,
transition=transition)
finally:
SecurityManagement.setSecurityManager(old_sm)
return folder
def notifyAboutReview(ob, event):
# 仅当文件或者图片(File/Image)的时候,才发送
if ob.getPortalTypeName() not in ['File', 'Image']:
return
# 仅当处于提交、审核通过、拒绝的时候才通知
mtool = getToolByName(ob, 'portal_membership')
userid = mtool.getAuthenticatedMember().getId()
operation = ''
if event.action.endswith('submit'):
operation = 'submit'
elif event.action.endswith('publish'):
operation = 'publish'
elif event.action.endswith('reject'):
operation = 'reject'
# 工作流就是这样定义的, 下面逻辑没错!
elif event.action.endswith('retract') and ob.Creator() != userid:
operation = 'reject'
else:
return
# 必须在项目中
if hasattr(ob, 'getProject'):
project = ob.getProject().aq_inner
acl_users = getToolByName(project, 'acl_users')
oe = IOrganizedEmployess(project.teams)
all_members = oe.get_all_people()
members = []
if operation == 'submit':
# 只有Administrator或者Reviewer才能收到邮件
# userids = ob.users_with_local_role('Administrator') + ob.users_with_local_role('Reviewer')
originalSecurityManager = SecurityManagement.getSecurityManager()
for member in all_members:
user = acl_users.getUserById(member.getId())
if user is not None:
# 模拟那个用户来登录
SecurityManagement.newSecurityManager(None, user)
if mtool.checkPermission('Review portal content', ob):
members.append(member)
SecurityManagement.setSecurityManager(originalSecurityManager)
else:
member = mtool.getMemberById(ob.Creator())
if member:
members.append(member)
sendNotification(ob, members, operation)
def notifyAboutReview(ob, event):
# 仅当文件或者图片(File/Image)的时候,才发送
if ob.getPortalTypeName() not in ['File', 'Image']:
return
# 仅当处于提交、审核通过、拒绝的时候才通知
mtool = getToolByName(ob, 'portal_membership')
userid = mtool.getAuthenticatedMember().getId()
operation = ''
if event.action.endswith('submit'):
operation = 'submit'
elif event.action.endswith('publish'):
operation = 'publish'
elif event.action.endswith('reject'):
operation = 'reject'
# 工作流就是这样定义的, 下面逻辑没错!
elif event.action.endswith('retract') and ob.Creator() != userid:
operation = 'reject'
else:
return
# 必须在项目中
if hasattr(ob, 'getProject'):
project = ob.getProject().aq_inner
acl_users = getToolByName(project, 'acl_users')
oe = IOrganizedEmployess(project.teams)
all_members = oe.get_all_people()
members = []
if operation == 'submit':
# 只有Administrator或者Reviewer才能收到邮件
# userids = ob.users_with_local_role('Administrator') + ob.users_with_local_role('Reviewer')
originalSecurityManager = SecurityManagement.getSecurityManager()
for member in all_members:
user = acl_users.getUserById(member.getId())
if user is not None:
# 模拟那个用户来登录
SecurityManagement.newSecurityManager(None, user)
if mtool.checkPermission('Review portal content', ob):
members.append(member)
SecurityManagement.setSecurityManager(originalSecurityManager)
else:
member = mtool.getMemberById(ob.Creator())
if member:
members.append(member)
sendNotification(ob, members, operation)
def setContentCategory(self, obj, new_cat_id):
cutted = obj.aq_inner.aq_parent.manage_cutObjects(obj.getId())
new_cat = getattr(self.context, new_cat_id).aq_inner
# 解决权限的问题
originalSecurityManager = SecurityManagement.getSecurityManager()
username = originalSecurityManager.getUser().getUserName()
deliverUser = User.SimpleUser(username, '', ['Manager', 'Owner'], '')
acl_users = obj.acl_users.aq_inner
deliverUser = deliverUser.__of__(acl_users)
SecurityManagement.newSecurityManager(None, deliverUser)
new_cat.manage_pasteObjects(cutted)
SecurityManagement.setSecurityManager(originalSecurityManager)
return getattr(new_cat, obj.getId())
def setContentCategory(self, obj, new_cat_id):
cutted = obj.aq_inner.aq_parent.manage_cutObjects(obj.getId())
new_cat = getattr(self.context, new_cat_id).aq_inner
# 解决权限的问题
originalSecurityManager = SecurityManagement.getSecurityManager()
username = originalSecurityManager.getUser().getUserName()
deliverUser = User.SimpleUser(username,'', ['Manager', 'Owner'], '')
acl_users = obj.acl_users.aq_inner
deliverUser = deliverUser.__of__(acl_users)
SecurityManagement.newSecurityManager(None, deliverUser)
new_cat.manage_pasteObjects(cutted)
SecurityManagement.setSecurityManager(originalSecurityManager)
return getattr(new_cat, obj.getId())
def kss_obj_delete(self, selector='.kssDeletionRegion'):
obj = self.context.aq_inner
if obj.getPortalTypeName() == 'Discussion Item':
parent = obj.inReplyTo()
if parent is not None:
portal_discussion = getUtility(IDiscussionTool)
talkback = portal_discussion.getDiscussionFor(parent)
else:
talkback = obj.aq_parent
# remove the discussion item
talkback.deleteReply(str(obj.getId()))
else:
# 被锁定时先解锁
if HAS_LOCKING:
lockable = ILockable(obj)
if lockable.locked():
lockable.unlock()
parent = obj.aq_parent
# archetypes的manage_delObjects会检查每个item的删除权限
originalSecurityManager = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(
None, User.SimpleUser('admin', '', ('Manager', ), ''))
parent.manage_delObjects(str(obj.getId()))
SecurityManagement.setSecurityManager(originalSecurityManager)
if selector.startswith('redirect2'):
# 跳转到某个地址
# 需要定义 # class="kssattr-delSelector-redirect2http://test.everydo.com"
redirect2url = selector[len('redirect2'):]
self.getCommandSet('zopen').redirect(url=redirect2url)
else:
core = self.getCommandSet('core')
effects = self.getCommandSet('effects')
selector = core.getParentNodeSelector(selector)
# effects.effect(selector, 'fade')
core.deleteNode(selector)
self.getCommandSet('plone').issuePortalMessage(
translate(_(u'Deleted.'), default="Deleted.",
context=self.request),
translate(_(u'Info'), default="Info", context=self.request))
return self.render()
def kss_obj_delete(self, selector='.kssDeletionRegion'):
obj = self.context.aq_inner
if obj.getPortalTypeName() == 'Discussion Item':
parent = obj.inReplyTo()
if parent is not None:
portal_discussion = getUtility(IDiscussionTool)
talkback = portal_discussion.getDiscussionFor(parent)
else:
talkback = obj.aq_parent
# remove the discussion item
talkback.deleteReply( str(obj.getId()) )
else:
# 被锁定时先解锁
if HAS_LOCKING:
lockable = ILockable(obj)
if lockable.locked():
lockable.unlock()
parent = obj.aq_parent
# archetypes的manage_delObjects会检查每个item的删除权限
originalSecurityManager = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(None, User.SimpleUser('admin','',('Manager',), ''))
parent.manage_delObjects(str(obj.getId()))
SecurityManagement.setSecurityManager(originalSecurityManager)
if selector.startswith('redirect2'):
# 跳转到某个地址
# 需要定义 # class="kssattr-delSelector-redirect2http://test.everydo.com"
redirect2url = selector[len('redirect2'):]
self.getCommandSet('zopen').redirect(url=redirect2url)
else:
core = self.getCommandSet('core')
effects = self.getCommandSet('effects')
selector = core.getParentNodeSelector(selector)
# effects.effect(selector, 'fade')
core.deleteNode(selector)
self.getCommandSet('plone').issuePortalMessage(
translate(_(u'Deleted.'), default="Deleted.", context=self.request),
translate(_(u'Info'), default="Info", context=self.request))
return self.render()
def authenticateCredentials(self, credentials):
""" See IAuthenticationPlugin.
"""
# Fail if authentication is not permitted for this member. Otherwise,
# return the result of verifying the credentials.
orig_sm = SecurityManagement.getSecurityManager()
try:
SecurityManagement.newSecurityManager(None, self.getUser())
if not SecurityManagement.getSecurityManager(
).checkPermission(CAN_AUTHENTICATE_PERMISSION, self):
return None
finally:
SecurityManagement.setSecurityManager(orig_sm)
if self.verifyCredentials(credentials):
login = credentials.get('login')
userid = self.getUserId()
return userid, login
def authenticateCredentials(self, credentials):
""" See IAuthenticationPlugin.
"""
# Fail if authentication is not permitted for this member. Otherwise,
# return the result of verifying the credentials.
orig_sm = SecurityManagement.getSecurityManager()
try:
SecurityManagement.newSecurityManager(None, self.getUser())
if not SecurityManagement.getSecurityManager(
).checkPermission(CAN_AUTHENTICATE_PERMISSION, self):
return None
finally:
SecurityManagement.setSecurityManager(orig_sm)
if self.verifyCredentials(credentials):
login = credentials.get('login')
userid = self.getUserId()
return userid, login
def test_add_portlet_fails_with_anonymous(self):
portal = self.layer['portal']
request = self.layer['request']
request.environ['HTTP_X_BRIDGE_ORIGIN'] = 'client-one'
request.form['path'] = '@@watcher-feed?uid=567891234'
sm = SecurityManagement.getSecurityManager()
SecurityManagement.noSecurityManager()
try:
view = queryMultiAdapter((portal, request),
name='add-watcher-portlet')
with self.assertRaises(Exception) as cm:
view()
self.assertEqual(str(cm.exception), 'Could not find userid.')
finally:
SecurityManagement.setSecurityManager(sm)
def __call__(self):
ticket = self.request.form.get('ticket',None)
if ticket is None:
# we cannot set post headers in flash, so get the
# querystring manually
qs = self.request.get('QUERY_STRING','ticket=')
ticket = qs.split('=')[-1] or None
logger.debug('Ticket being used is "%s"' % str(ticket))
if ticket is None:
raise Unauthorized('No ticket specified')
context = utils.non_view_context(self.context)
url = absoluteURL(context, self.request)
username = ticketmod.ticketOwner(url, ticket)
if username is None:
logger.warn('Ticket "%s" was invalidated, cannot be used '
'any more.' % str(ticket))
raise Unauthorized('Ticket is not valid')
old_sm = SecurityManagement.getSecurityManager()
user = utils.find_user(context, username)
SecurityManagement.newSecurityManager(self.request, user)
logger.debug('Switched to user "%s"' % username)
ticketmod.invalidateTicket(url,ticket)
if self.request.form.get('Filedata', None) is None:
# flash sends a emtpy form in a pre request in flash version 8.0
return ""
fileUpload = self.request.form['Filedata']
fileName = self.request.form['Filename']
contentType = self.request.form.get('Content-Type',None)
factory = IFileFactory(self.context)
f = factory(fileName, contentType, fileUpload)
event.notify(FlashUploadedEvent(f))
result = "filename=%s" %f.getId()
SecurityManagement.setSecurityManager(old_sm)
return result
def deleteTeam(self, selector):
obj = self.context.aq_inner
parent = obj.aq_parent
team_id = obj.getId()
originalSecurityManager = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(
None, User.SimpleUser('admin', '', ('Manager', ), ''))
parent.manage_delObjects(str(team_id))
SecurityManagement.setSecurityManager(originalSecurityManager)
core = self.getCommandSet('core')
selector = core.getParentNodeSelector(selector)
core.deleteNode(selector)
containner = parent.aq_parent
teamidstr = ".teamitemroot-" + team_id + "-" + \
containner.getId()
teamselector = core.getSelector("css", teamidstr)
core.deleteNode(teamselector)
containner.manage_delLocalRoles([team_id + '-' + \
containner.getId()])
containner.reindexObjectSecurity()
for item in ['messages', 'files', 'todos', 'milestones',\
'writeboards', 'chatroom', 'time']:
obj = containner.unrestrictedTraverse(item)
obj.manage_delLocalRoles([team_id + '-' + \
containner.getId()])
obj.reindexObjectSecurity()
if item in ['messages', 'files']:
for i in obj.contentValues():
i.manage_delLocalRoles([team_id + '-' + \
containner.getId()])
i.reindexObjectSecurity()
self.getCommandSet('plone').issuePortalMessage(
translate(_(u'Deleted.'), default="Deleted.",
context=self.request),
translate(_(u'Info'), default="Info", context=self.request))
return self.render()
def deleteTeam(self, selector):
obj = self.context.aq_inner
parent = obj.aq_parent
team_id = obj.getId()
originalSecurityManager = SecurityManagement.getSecurityManager()
SecurityManagement.newSecurityManager(None, User.SimpleUser('admin','',('Manager',), ''))
parent.manage_delObjects(str(team_id))
SecurityManagement.setSecurityManager(originalSecurityManager)
core = self.getCommandSet('core')
selector = core.getParentNodeSelector(selector)
core.deleteNode(selector)
containner = parent.aq_parent
teamidstr = ".teamitemroot-" + team_id + "-" + \
containner.getId()
teamselector = core.getSelector("css", teamidstr)
core.deleteNode(teamselector)
containner.manage_delLocalRoles([team_id + '-' + \
containner.getId()])
containner.reindexObjectSecurity()
for item in ['messages', 'files', 'todos', 'milestones',\
'writeboards', 'chatroom', 'time']:
obj = containner.unrestrictedTraverse(item)
obj.manage_delLocalRoles([team_id + '-' + \
containner.getId()])
obj.reindexObjectSecurity()
if item in ['messages', 'files']:
for i in obj.contentValues():
i.manage_delLocalRoles([team_id + '-' + \
containner.getId()])
i.reindexObjectSecurity()
self.getCommandSet('plone').issuePortalMessage(
translate(_(u'Deleted.'), default="Deleted.", context=self.request),
translate(_(u'Info'), default="Info", context=self.request))
return self.render()
def handle_delete(self):
mship = getToolByName(self.context, 'portal_membership')
user_to_delete = self.viewed_member_info['id']
old_manager = SecurityManagement.getSecurityManager()
current_user = old_manager.getUser().getId()
from opencore.interfaces.event import MemberDeletedEvent
notify(MemberDeletedEvent(
self.context.portal_memberdata[user_to_delete]))
# To avoid blocking while we traverse the entire contents of the site,
# we quickly delete the member and their own content...
if current_user == user_to_delete:
# Normally, users don't have permission to delete users.
# Make an exception for deleting yourself.
superuser = UnrestrictedUser('superuser', '', [], [])
SecurityManagement.newSecurityManager(self.request, superuser)
mship.deleteMembers([user_to_delete], delete_memberareas=True,
delete_localroles=False)
SecurityManagement.setSecurityManager(old_manager)
self.context.acl_users.logout(self.request)
else:
# Otherwise, rely on normal access controls. This will
# allow site admins (and only site admins) to delete
# anybody.
mship.deleteMembers([user_to_delete], delete_memberareas=True,
delete_localroles=False)
portal_url = getToolByName(self.context, 'portal_url')()
self.addPortalStatusMessage(
_(u'psm_account_deleted',
u"Account '${deleted_user_id}' has been permanently deleted.",
mapping={u'deleted_user_id': user_to_delete}
)
)
return self.redirect(portal_url)
