def setUp(self): self._trap_warning_output() transaction.begin() app = self.app = makerequest(Zope2.app()) # Log in as a god :-) newSecurityManager(None, UnrestrictedUser('god', 'god', ['Manager'], '')) app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest') self.Site = app.CalendarTest manage_addExternalMethod(app.CalendarTest, id='install_events', title="Install Events", module="CMFCalendar.Install", function="install") ExMethod = app.restrictedTraverse('/CalendarTest/install_events') ExMethod() self.Tool = app.CalendarTest.portal_calendar self.Site.clearCurrentSkin() self.Site.setupCurrentSkin(app.REQUEST) # sessioning setup if getattr(app, 'temp_folder', None) is None: temp_folder = MountedTemporaryFolder('temp_folder') app._setObject('temp_folder', temp_folder) if getattr(app.temp_folder, 'session_data', None) is None: session_data = TransientObjectContainer('session_data') app.temp_folder._setObject('session_data', session_data) app.REQUEST.set_lazy('SESSION', app.session_data_manager.getSessionData)
def migrateLinks322to400(article, out): intLinks = get322Contents(article, "__ordered_link_refs__", internal=True) extLinks = get322Contents(article, "__ordered_link_refs__", internal=False) values = [] for link in intLinks: value = { ## this are the fields of ImageInnerContentProxy "attachedLink": (link.getRemoteUrl(), {}), "title": (link.Title(), {}), "description": (link.Description(), {}), "id": (generateUniqueId("linkProxy"), {}), } values.append(value) for link in extLinks: value = { ## this are the fields of ImageInnerContentProxy "referencedContent": (link, {}), "title": (link.Title(), {}), "description": (link.Description(), {}), "id": (generateUniqueId("linkProxy"), {}), } values.append(value) # XXX Something make us loose right, but we are pragmatic current_user = getSecurityManager().getUser() newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], [])) article.setLinks(values) newSecurityManager(None, current_user)
def handle_modified(self, content): fieldmanager = ILanguageIndependentFieldsManager(content) if not fieldmanager.has_independent_fields(): return sm = getSecurityManager() try: # Do we have permission to sync language independent fields? if self.bypass_security_checks(): # Clone the current user and assign a new editor role to # allow edition of all translated objects even if the # current user whould not have permission to do that. tmp_user = UnrestrictedUser(sm.getUser().getId(), '', [ 'Editor', ], '') # Wrap the user in the acquisition context of the portal # and finally switch the user to our new editor acl_users = getToolByName(content, 'acl_users') tmp_user = tmp_user.__of__(acl_users) newSecurityManager(None, tmp_user) # Copy over all language independent fields transmanager = ITranslationManager(content) for translation in self.get_all_translations(content): trans_obj = transmanager.get_translation(translation) if fieldmanager.copy_fields(trans_obj): self.reindex_translation(trans_obj) finally: # Restore the old security manager setSecurityManager(sm)
def setUp(self): get_transaction().begin() self.app = makerequest(Zope.app()) # Log in as a god :-) newSecurityManager(None, UnrestrictedUser('god', 'god', [], '')) app = self.app app.REQUEST.set('URL1', 'http://foo/sorcerertest/test') try: app._delObject('CalendarTest') except AttributeError: pass app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest') self.Site = app.CalendarTest manage_addExternalMethod(app.CalendarTest, id='install_events', title="Install Events", module="CMFCalendar.Install", function="install") ExMethod = app.restrictedTraverse('/CalendarTest/install_events') ExMethod() self.Tool = app.restrictedTraverse('/CalendarTest/portal_calendar') # sessioning bodge until we find out how to do this properly self.have_session = hasattr(app, 'session_data_manager') if self.have_session: app.REQUEST.set_lazy('SESSION', app.session_data_manager.getSessionData)
def afterSetUp(self): setSite(self.app.site) newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], '')) # sessioning setup sdm = self.app.session_data_manager self.app.REQUEST.set_lazy('SESSION', sdm.getSessionData)
def setUp(self): self._oldSkindata = Skinnable.SKINDATA.copy() transaction.begin() app = self.app = makerequest(Zope2.app()) # Log in as a god :-) newSecurityManager(None, UnrestrictedUser('god', 'god', ['Manager'], '')) factory = app.manage_addProduct['CMFDefault'].addConfiguredSite factory('CalendarTest', 'CMFDefault:default', snapshot=False, extension_ids=('CMFCalendar:default', )) self.Site = app.CalendarTest self.Tool = app.CalendarTest.portal_calendar # sessioning setup if getattr(app, 'temp_folder', None) is None: temp_folder = MountedTemporaryFolder('temp_folder') app._setObject('temp_folder', temp_folder) if getattr(app.temp_folder, 'session_data', None) is None: session_data = TransientObjectContainer('session_data') app.temp_folder._setObject('session_data', session_data) app.REQUEST.set_lazy('SESSION', app.session_data_manager.getSessionData)
def setUp(self): import Products.DCWorkflow setUpEvents() setUpTraversing() setUpGenericSetup() zcml.load_config('permissions.zcml', Products.Five) zcml.load_config('configure.zcml', Products.Five.browser) zcml.load_config('configure.zcml', Products.Five.skin) zcml.load_config('configure.zcml', Products.CMFCalendar) zcml.load_config('configure.zcml', Products.CMFCore) zcml.load_config('configure.zcml', Products.CMFDefault) zcml.load_config('configure.zcml', Products.DCWorkflow) self._oldSkindata = Skinnable.SKINDATA.copy() transaction.begin() app = self.app = ZopeTestCase.utils.makerequest(ZopeTestCase.app()) # Log in as a god :-) newSecurityManager( None, UnrestrictedUser('god', 'god', ['Manager'], '') ) factory = app.manage_addProduct['CMFDefault'].addConfiguredSite factory('CalendarTest', 'Products.CMFDefault:default', snapshot=False, extension_ids=('Products.CMFCalendar:default',)) self.Site = app.CalendarTest self.Tool = app.CalendarTest.portal_calendar # sessioning setup app.REQUEST.set_lazy( 'SESSION', app.session_data_manager.getSessionData )
def receivePayment(self): """ """ shop = self.context # Get cart - Note: self.request.get("order") doesn't work! order_uid = self.request.get("QUERY_STRING")[6:] order = IOrderManagement(shop).getOrderByUID(order_uid) # change order state to "payed_not_sent" wftool = getToolByName(self, "portal_workflow") # We need a new security manager here, because this transaction should # usually just be allowed by a Manager except here. old_sm = getSecurityManager() tmp_user = UnrestrictedUser(old_sm.getUser().getId(), '', ['Manager'], '') portal = getToolByName(self.context, 'portal_url').getPortalObject() tmp_user = tmp_user.__of__(portal.acl_users) newSecurityManager(None, tmp_user) wftool.doActionFor(order, "pay_not_sent") ## Reset security manager setSecurityManager(old_sm)
def __call__(self): om = IOrderManagement(self.context) tid = self.request.get('TID','') order = getattr(om.orders,tid,None) log("\n%s\n%s\n%s" % (order, tid, self.request.get('STATUS'))) if order and self.request.get('STATUS') in ['RESERVED','BILLED']: # Set order to payed (Mails will be sent) wftool = getToolByName(self.context, "portal_workflow") # We need a new security manager here, because this transaction # should usually just be allowed by a Manager except here. old_sm = getSecurityManager() tmp_user = UnrestrictedUser( old_sm.getUser().getId(), '', ['Manager'], '' ) portal = getToolByName(self.context, 'portal_url').getPortalObject() tmp_user = tmp_user.__of__(portal.acl_users) newSecurityManager(None, tmp_user) try: # set to pending (send emails) wftool.doActionFor(order, "submit") # set to payed wftool.doActionFor(order, "pay_not_sent") except Exception, msg: self.status = msg # Reset security manager setSecurityManager(old_sm)
def setUp(self): PlacelessSetup.setUp(self) RequestTest.setUp(self) zcml.load_config('meta.zcml', Products.Five) zcml.load_config('permissions.zcml', Products.Five) zcml.load_config('configure.zcml', Products.GenericSetup) zcml.load_config('configure.zcml', Products.CMFCore) zcml.load_config('configure.zcml', Products.DCWorkflow) try: newSecurityManager( None, UnrestrictedUser('manager', '', ['Manager'], [])) factory = self.root.manage_addProduct[ 'CMFDefault'].addConfiguredSite factory('cmf', 'CMFDefault:default', snapshot=False) self.site = self.root.cmf self.site.invokeFactory('File', id='file') self.site.portal_workflow.doActionFor(self.site.file, 'publish') self.site.invokeFactory('Image', id='image') self.site.portal_workflow.doActionFor(self.site.image, 'publish') self.site.invokeFactory('Folder', id='subfolder') self.subfolder = self.site.subfolder self.workflow = self.site.portal_workflow transaction.commit(1) # Make sure we have _p_jars except: self.tearDown() raise
def testUpgradeAllProposed(self): request = self.app.REQUEST oldsite = getattr(self.app, self._SITE_ID) stool = oldsite.portal_setup profile_id = 'Products.CMFDefault:default' upgrades = [] for upgrade_info in stool.listUpgrades(profile_id): if isinstance(upgrade_info, list): for info in upgrade_info: if info['proposed']: upgrades.append(info['id']) continue if upgrade_info['proposed']: upgrades.append(upgrade_info['id']) request.form['profile_id'] = profile_id request.form['upgrades'] = upgrades stool.manage_doUpgrades(request) self.assertEqual(stool.getLastVersionForProfile(profile_id), ('2', '2')) newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], '')) setSite(self.app.site) expected_export = self.app.site.portal_setup.runAllExportSteps() setSite(oldsite) upgraded_export = stool.runAllExportSteps() expected = TarballImportContext(stool, expected_export['tarball']) upgraded = TarballImportContext(stool, upgraded_export['tarball']) diff = stool.compareConfigurations(upgraded, expected) self.assertEqual(diff, '', diff)
def __bobo_traverse__(self, REQUEST, name): "bobo method" if name: cdoc = self.getCompoundDoc() tab = cdoc.TabManager if tab is not None and tab.tabMapping is not None and tab.getTabActive(): if name in tab.tabMapping: displayName = tab.tabMapping[name] self.REQUEST.other['editlayout'] = displayName if self.displayMap is not None and self.displayMap.has_key(name): mapping = self.displayMap[displayName] self.setRenderREQUEST(displayName, mapping[0], mapping[2]) self.REQUEST.other['editname'] = name return self configDoc = cdoc.getConfigDoc() configTab = None if configDoc is not None: configTab = configDoc.TabManager if configDoc is not None and configTab is not None and configTab.tabMapping is not None and configTab.getTabActive(): if name in configTab.tabMapping: displayName = configTab.tabMapping[name] self.REQUEST.other['editlayout'] = displayName if configDoc.displayMap is not None and configDoc.displayMap.has_key(name): mapping = configDoc.displayMap[displayName] self.setRenderREQUEST(displayName, mapping[0], mapping[2]) self.REQUEST.other['editname'] = name return self lookup = self.getRenderScriptLookup() if lookup is not None: current_user = getSecurityManager().getUser() newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], [])) header, body, footer = lookup(self, name) newSecurityManager(None, current_user) if body is not None: self.setRenderREQUESTScript(name, body, header, footer) return self if self.displayMap is not None and self.displayMap.has_key(name): mapping = self.displayMap[name] self.setRenderREQUEST(name, mapping[0], mapping[2]) return self if configDoc is not None and configDoc.displayMap is not None and configDoc.displayMap.has_key(name): mapping = configDoc.displayMap[name] self.setRenderREQUEST(name, mapping[0], mapping[2]) return self if self.hasCompoundDisplayView(name): self.REQUEST.other['editlayout'] = name return self if hasattr(self, name): return getattr(self, name) else: return self
def wrapper(*args, **kwargs): sm = getSecurityManager() acl_users = getSite().acl_users tmp_user = UnrestrictedUser(sm.getUser().getId(), '', [role], '') tmp_user = tmp_user.__of__(acl_users) newSecurityManager(None, tmp_user) ret = fct(*args, **kwargs) setSecurityManager(sm) return ret
def _makeContent(self, site, portal_type, id='document', **kw): newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], '')) site.invokeFactory(type_name=portal_type, id=id) content = getattr(site, id) if getattr(aq_base(content), 'editMetadata', None) is not None: content.editMetadata(**kw) return content
def switchToManager(self): """ assume the security context of a Manager """ old_sm = getSecurityManager() tmp_user = UnrestrictedUser('temp_usr', '', ['Manager'], '') tmp_user = tmp_user.__of__(self.acl_users) newSecurityManager(None, tmp_user) return old_sm
def _validate_sudo(self, request): sm = getSecurityManager() acl_users = getToolByName(self.context, 'acl_users') tmp_user = UnrestrictedUser(sm.getUser().getId(), '', ['Manager'], '') tmp_user = tmp_user.__of__(acl_users) newSecurityManager(None, tmp_user) role = request.role target = uuidToObject(request.target) target.manage_setLocalRoles(request.userid, [role]) target.reindexObject() setSecurityManager(sm)
def setUp(self): RequestTest.setUp(self) try: newSecurityManager( None, UnrestrictedUser('manager', '', ['Manager'], [])) self.root.manage_addProduct['CMFDefault'].manage_addCMFSite('cmf') self.site = self.root.cmf transaction.commit(1) # Make sure we have _p_jars except: self.tearDown() raise
def afterSetUp(self): newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], '')) self.site = self.app.site self.site.invokeFactory('File', id='file') self.site.portal_workflow.doActionFor(self.site.file, 'publish') self.site.invokeFactory('Image', id='image') self.site.portal_workflow.doActionFor(self.site.image, 'publish') self.site.invokeFactory('Folder', id='subfolder') self.subfolder = self.site.subfolder self.workflow = self.site.portal_workflow transaction.commit() # Make sure we have _p_jars
def setUp(self): RequestTest.setUp(self) try: newSecurityManager( None, UnrestrictedUser('manager', '', ['Manager'], [])) site_generator = PortalGenerator() site_generator.create(self.root, 'cmf', 1) self.site = self.root.cmf transaction.commit(1) # Make sure we have _p_jars except: self.tearDown() raise
def setUp(self): RequestTest.setUp(self) try: newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], [])) self.root.manage_addProduct['CMFDefault'].manage_addCMFSite('cmf') self.site = self.root.cmf self.site.invokeFactory('File', id='file') self.site.portal_workflow.doActionFor(self.site.file, 'publish') self.site.invokeFactory('Image', id='image') self.site.portal_workflow.doActionFor(self.site.image, 'publish') self.site.invokeFactory('Folder', id='subfolder') self.subfolder = self.site.subfolder self.workflow = self.site.portal_workflow transaction.commit(1) # Make sure we have _p_jars except: self.tearDown() raise
def migrateImages322to400(article, out): ## looking for old images intImages = get322Contents(article, "__ordered_image_refs__", internal=True) extImages = get322Contents(article, "__ordered_image_refs__", internal=False) ## article ## images (ImageInnerContent) ## ImageInnerContentProxies (as many as images) ## attachedImage or ## referencedContent ## (image) -> just a computed field ## title ## description ## ## links ## files values = [] for image in intImages: value = { ## this are the fields of ImageInnerContentProxy "attachedImage": (image.getImage(), {}), "title": (image.Title(), {}), "description": (image.Description(), {}), "id": (generateUniqueId("imageProxy"), {}), } values.append(value) for image in extImages: value = { ## this are the fields of ImageInnerContentProxy "referencedContent": (image, {}), "title": (image.Title(), {}), "description": (image.Description(), {}), "id": (generateUniqueId("imageProxy"), {}), } values.append(value) # XXX Something make us loose right, but we are pragmatic current_user = getSecurityManager().getUser() newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], [])) article.setImages(values) newSecurityManager(None, current_user)
def doAsTmpUserWithRole(self, role, function, *args, **kwargs): """Create a temporary user with role and execute function. Credits: Copied from add-on 'Products.EasyNewsletter'.""" sm = getSecurityManager() portal = api.portal.get() try: try: tmp_user = UnrestrictedUser(sm.getUser().getId(), '', [role], '') tmp_user = tmp_user.__of__(portal.acl_users) newSecurityManager(None, tmp_user) return function(*args, **kwargs) except: raise finally: setSecurityManager(sm)
def createUserAccount(self, login, prefix, theLogin, properties): """ create a user account for the given login id and user properties. the user properties should be a dict. """ admin = UnrestrictedUser('manager', '', ['Manager'], '') admin = admin.__of__(self.acl_users) # save current security manager. current_sm = getSecurityManager() try: # execute the following by using manager permission. # ... newSecurityManager(None, admin) # find the user management folder. # create UserAccount in the user management folder. uniqueId = '%s-%s' % (prefix, theLogin) self.getUserFolder().invokeFactory('UserAccount', uniqueId) userAccount = getattr(self.getUserFolder(), uniqueId) userAccount.setUserName(login) if properties: # TODO: ??? need better way to set properties. if properties.has_key('fullname'): userAccount.setTitle(properties['fullname']) userAccount.setFullname(properties['fullname']) if properties.has_key('email'): userAccount.setEmail(properties['email']) if properties.has_key('location'): userAccount.setLocation(properties['location']) # XXX more are comming! should leverage the # portal_memberdata tool else: userAccount.setFullname(theLogin) # reindexing the new user account in membrane_tool. membraneTool = getToolByName(self, 'membrane_tool') membraneTool.indexObject(userAccount) finally: # restore the current security manager. setSecurityManager(current_sm)
def test__findEmergencyUser_no_plugins(self): from AccessControl.User import UnrestrictedUser from Products.PluggableAuthService import PluggableAuthService old_eu = PluggableAuthService.emergency_user eu = UnrestrictedUser('foo', 'bar', ('manage', ), ()) PluggableAuthService.emergency_user = eu plugins = self._makePlugins() zcuf = self._makeOne() zcuf._emergency_user = eu user = zcuf._findUser(plugins, 'foo') self.assertEqual(aq_base(zcuf._getEmergencyUser()), aq_base(user)) PluggableAuthService.emergency_user = old_eu
def test_authenticate_emergency_user_with_broken_extractor(self): from Products.PluggableAuthService.interfaces.plugins \ import IExtractionPlugin, IAuthenticationPlugin from AccessControl.User import UnrestrictedUser from Products.PluggableAuthService import PluggableAuthService old_eu = PluggableAuthService.emergency_user eu = UnrestrictedUser('foo', 'bar', ('manage', ), ()) PluggableAuthService.emergency_user = eu plugins = self._makePlugins() zcuf = self._makeOne(plugins) borked = DummyPlugin() directlyProvides(borked, (IExtractionPlugin, )) borked.extractCredentials = lambda req: 'abc' zcuf._setObject('borked', borked) plugins = zcuf._getOb('plugins') plugins.activatePlugin(IExtractionPlugin, 'borked') request = FauxRequest(form={ 'login': eu.getUserName(), 'password': eu._getPassword() }) user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins) self.assertEqual(len(user_ids), 1) self.assertEqual(user_ids[0][0], 'foo') PluggableAuthService.emergency_user = old_eu
def __call__(self): self.iu = get_import_utility() json_data = self.request.get("BODY", "") if not json_data: return data = json.loads(json_data) # SWITCH to Manager old_sm = getSecurityManager() tmp_user = UnrestrictedUser(old_sm.getUser().getId(), '', ['Manager'], '') portal = getToolByName(self.context, 'portal_url').getPortalObject() tmp_user = tmp_user.__of__(portal.acl_users) newSecurityManager(None, tmp_user) # DO Stuff as Manager self.iu.create_content(data, self.context) # @TODO: Maybe add option to commit after all created # SWITCH Back setSecurityManager(old_sm) return ""
def unrestricted_apply(function, args=(), kw={}): # XXX-JPS: naming """Function to bypass all security checks This function is as dangerous as 'UnrestrictedMethod' decorator. Read its docstring for more information. Never use this, until you are 100% certain that you have no other way. """ security_manager = getSecurityManager() user = security_manager.getUser() anonymous = (user.getUserName() == 'Anonymous User') if user.getId() is None and not anonymous: # This is a special user, thus the user is not allowed to own objects. super_user = UnrestrictedUser(user.getUserName(), None, user.getRoles(), user.getDomains()) else: try: # XXX is it better to get roles from the parent (i.e. portal)? uf = user.aq_inner.aq_parent except AttributeError: # XXX: local imports are bad, getSite should be moved to ERP5Type. from Products.ERP5.ERP5Site import getSite uf = getSite().acl_users role_list = uf.valid_roles() if anonymous: # If the user is anonymous, use the id of the system user, # so that it would not be treated as an unauthorized user. user_id = str(system) else: user_id = user.getId() super_user = PrivilegedUser(user_id, None, role_list, user.getDomains()).__of__(uf) newSecurityManager(None, super_user) try: return apply(function, args, kw) finally: # Make sure that the original user is back. setSecurityManager(security_manager)
# NALLIMS Extract Script # 07/13/2020 # Paul VanderWeele from AccessControl import getSecurityManager from AccessControl.User import UnrestrictedUser from AccessControl.SecurityManagement import newSecurityManager from bika.lims import api from datetime import datetime portal = api.get_portal() me = UnrestrictedUser(getSecurityManager().getUser().getUserName(), '', ['LabManager'], '') me = me.__of__(portal.acl_users) newSecurityManager(None, me) #Open File file = open("/home/naladmin/NALLIMS_EXPORT.csv", "w", 1) #Write headers file.write("Status;\ Batch;\ Received Date;\ Received Time;\ Client ID;\ Client Name;\ Sample ID;\ Sample Name;\ Sample Type;\ Sample Location;\ Sampler;\ Sampling Date;\ Sampling Time;\
def afterSetUp(self): self.root = self.app newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
def afterSetUp(self): setSite(self.app.site) self.app.site.setupCurrentSkin(self.app.REQUEST) newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))