def setUp(self):
self._trap_warning_output()
transaction.begin()
app = self.app = makerequest(Zope2.app())
# Log in as a god :-)
newSecurityManager(None, UnrestrictedUser('god', 'god', ['Manager'],
''))
app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest')
self.Site = app.CalendarTest
manage_addExternalMethod(app.CalendarTest,
id='install_events',
title="Install Events",
module="CMFCalendar.Install",
function="install")
ExMethod = app.restrictedTraverse('/CalendarTest/install_events')
ExMethod()
self.Tool = app.CalendarTest.portal_calendar
self.Site.clearCurrentSkin()
self.Site.setupCurrentSkin(app.REQUEST)
# sessioning setup
if getattr(app, 'temp_folder', None) is None:
temp_folder = MountedTemporaryFolder('temp_folder')
app._setObject('temp_folder', temp_folder)
if getattr(app.temp_folder, 'session_data', None) is None:
session_data = TransientObjectContainer('session_data')
app.temp_folder._setObject('session_data', session_data)
app.REQUEST.set_lazy('SESSION',
app.session_data_manager.getSessionData)
def migrateLinks322to400(article, out):
intLinks = get322Contents(article, "__ordered_link_refs__", internal=True)
extLinks = get322Contents(article, "__ordered_link_refs__", internal=False)
values = []
for link in intLinks:
value = { ## this are the fields of ImageInnerContentProxy
"attachedLink": (link.getRemoteUrl(), {}),
"title": (link.Title(), {}),
"description": (link.Description(), {}),
"id": (generateUniqueId("linkProxy"), {}),
}
values.append(value)
for link in extLinks:
value = { ## this are the fields of ImageInnerContentProxy
"referencedContent": (link, {}),
"title": (link.Title(), {}),
"description": (link.Description(), {}),
"id": (generateUniqueId("linkProxy"), {}),
}
values.append(value)
# XXX Something make us loose right, but we are pragmatic
current_user = getSecurityManager().getUser()
newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], []))
article.setLinks(values)
newSecurityManager(None, current_user)
def handle_modified(self, content):
fieldmanager = ILanguageIndependentFieldsManager(content)
if not fieldmanager.has_independent_fields():
return
sm = getSecurityManager()
try:
# Do we have permission to sync language independent fields?
if self.bypass_security_checks():
# Clone the current user and assign a new editor role to
# allow edition of all translated objects even if the
# current user whould not have permission to do that.
tmp_user = UnrestrictedUser(sm.getUser().getId(), '', [
'Editor',
], '')
# Wrap the user in the acquisition context of the portal
# and finally switch the user to our new editor
acl_users = getToolByName(content, 'acl_users')
tmp_user = tmp_user.__of__(acl_users)
newSecurityManager(None, tmp_user)
# Copy over all language independent fields
transmanager = ITranslationManager(content)
for translation in self.get_all_translations(content):
trans_obj = transmanager.get_translation(translation)
if fieldmanager.copy_fields(trans_obj):
self.reindex_translation(trans_obj)
finally:
# Restore the old security manager
setSecurityManager(sm)
def setUp(self):
get_transaction().begin()
self.app = makerequest(Zope.app())
# Log in as a god :-)
newSecurityManager(None, UnrestrictedUser('god', 'god', [], ''))
app = self.app
app.REQUEST.set('URL1', 'http://foo/sorcerertest/test')
try:
app._delObject('CalendarTest')
except AttributeError:
pass
app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest')
self.Site = app.CalendarTest
manage_addExternalMethod(app.CalendarTest,
id='install_events',
title="Install Events",
module="CMFCalendar.Install",
function="install")
ExMethod = app.restrictedTraverse('/CalendarTest/install_events')
ExMethod()
self.Tool = app.restrictedTraverse('/CalendarTest/portal_calendar')
# sessioning bodge until we find out how to do this properly
self.have_session = hasattr(app, 'session_data_manager')
if self.have_session:
app.REQUEST.set_lazy('SESSION',
app.session_data_manager.getSessionData)
def afterSetUp(self):
setSite(self.app.site)
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
# sessioning setup
sdm = self.app.session_data_manager
self.app.REQUEST.set_lazy('SESSION', sdm.getSessionData)
def setUp(self):
self._oldSkindata = Skinnable.SKINDATA.copy()
transaction.begin()
app = self.app = makerequest(Zope2.app())
# Log in as a god :-)
newSecurityManager(None, UnrestrictedUser('god', 'god', ['Manager'],
''))
factory = app.manage_addProduct['CMFDefault'].addConfiguredSite
factory('CalendarTest',
'CMFDefault:default',
snapshot=False,
extension_ids=('CMFCalendar:default', ))
self.Site = app.CalendarTest
self.Tool = app.CalendarTest.portal_calendar
# sessioning setup
if getattr(app, 'temp_folder', None) is None:
temp_folder = MountedTemporaryFolder('temp_folder')
app._setObject('temp_folder', temp_folder)
if getattr(app.temp_folder, 'session_data', None) is None:
session_data = TransientObjectContainer('session_data')
app.temp_folder._setObject('session_data', session_data)
app.REQUEST.set_lazy('SESSION',
app.session_data_manager.getSessionData)
def setUp(self):
import Products.DCWorkflow
setUpEvents()
setUpTraversing()
setUpGenericSetup()
zcml.load_config('permissions.zcml', Products.Five)
zcml.load_config('configure.zcml', Products.Five.browser)
zcml.load_config('configure.zcml', Products.Five.skin)
zcml.load_config('configure.zcml', Products.CMFCalendar)
zcml.load_config('configure.zcml', Products.CMFCore)
zcml.load_config('configure.zcml', Products.CMFDefault)
zcml.load_config('configure.zcml', Products.DCWorkflow)
self._oldSkindata = Skinnable.SKINDATA.copy()
transaction.begin()
app = self.app = ZopeTestCase.utils.makerequest(ZopeTestCase.app())
# Log in as a god :-)
newSecurityManager( None, UnrestrictedUser('god', 'god', ['Manager'], '') )
factory = app.manage_addProduct['CMFDefault'].addConfiguredSite
factory('CalendarTest', 'Products.CMFDefault:default', snapshot=False,
extension_ids=('Products.CMFCalendar:default',))
self.Site = app.CalendarTest
self.Tool = app.CalendarTest.portal_calendar
# sessioning setup
app.REQUEST.set_lazy( 'SESSION',
app.session_data_manager.getSessionData )
def receivePayment(self):
"""
"""
shop = self.context
# Get cart - Note: self.request.get("order") doesn't work!
order_uid = self.request.get("QUERY_STRING")[6:]
order = IOrderManagement(shop).getOrderByUID(order_uid)
# change order state to "payed_not_sent"
wftool = getToolByName(self, "portal_workflow")
# We need a new security manager here, because this transaction should
# usually just be allowed by a Manager except here.
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(old_sm.getUser().getId(), '', ['Manager'],
'')
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
wftool.doActionFor(order, "pay_not_sent")
## Reset security manager
setSecurityManager(old_sm)
def __call__(self):
om = IOrderManagement(self.context)
tid = self.request.get('TID','')
order = getattr(om.orders,tid,None)
log("\n%s\n%s\n%s" % (order, tid, self.request.get('STATUS')))
if order and self.request.get('STATUS') in ['RESERVED','BILLED']:
# Set order to payed (Mails will be sent)
wftool = getToolByName(self.context, "portal_workflow")
# We need a new security manager here, because this transaction
# should usually just be allowed by a Manager except here.
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(
old_sm.getUser().getId(),
'', ['Manager'],
''
)
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
try:
# set to pending (send emails)
wftool.doActionFor(order, "submit")
# set to payed
wftool.doActionFor(order, "pay_not_sent")
except Exception, msg:
self.status = msg
# Reset security manager
setSecurityManager(old_sm)
def setUp(self):
PlacelessSetup.setUp(self)
RequestTest.setUp(self)
zcml.load_config('meta.zcml', Products.Five)
zcml.load_config('permissions.zcml', Products.Five)
zcml.load_config('configure.zcml', Products.GenericSetup)
zcml.load_config('configure.zcml', Products.CMFCore)
zcml.load_config('configure.zcml', Products.DCWorkflow)
try:
newSecurityManager(
None, UnrestrictedUser('manager', '', ['Manager'], []))
factory = self.root.manage_addProduct[
'CMFDefault'].addConfiguredSite
factory('cmf', 'CMFDefault:default', snapshot=False)
self.site = self.root.cmf
self.site.invokeFactory('File', id='file')
self.site.portal_workflow.doActionFor(self.site.file, 'publish')
self.site.invokeFactory('Image', id='image')
self.site.portal_workflow.doActionFor(self.site.image, 'publish')
self.site.invokeFactory('Folder', id='subfolder')
self.subfolder = self.site.subfolder
self.workflow = self.site.portal_workflow
transaction.commit(1) # Make sure we have _p_jars
except:
self.tearDown()
raise
def testUpgradeAllProposed(self):
request = self.app.REQUEST
oldsite = getattr(self.app, self._SITE_ID)
stool = oldsite.portal_setup
profile_id = 'Products.CMFDefault:default'
upgrades = []
for upgrade_info in stool.listUpgrades(profile_id):
if isinstance(upgrade_info, list):
for info in upgrade_info:
if info['proposed']:
upgrades.append(info['id'])
continue
if upgrade_info['proposed']:
upgrades.append(upgrade_info['id'])
request.form['profile_id'] = profile_id
request.form['upgrades'] = upgrades
stool.manage_doUpgrades(request)
self.assertEqual(stool.getLastVersionForProfile(profile_id),
('2', '2'))
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
setSite(self.app.site)
expected_export = self.app.site.portal_setup.runAllExportSteps()
setSite(oldsite)
upgraded_export = stool.runAllExportSteps()
expected = TarballImportContext(stool, expected_export['tarball'])
upgraded = TarballImportContext(stool, upgraded_export['tarball'])
diff = stool.compareConfigurations(upgraded, expected)
self.assertEqual(diff, '', diff)
def __bobo_traverse__(self, REQUEST, name):
"bobo method"
if name:
cdoc = self.getCompoundDoc()
tab = cdoc.TabManager
if tab is not None and tab.tabMapping is not None and tab.getTabActive():
if name in tab.tabMapping:
displayName = tab.tabMapping[name]
self.REQUEST.other['editlayout'] = displayName
if self.displayMap is not None and self.displayMap.has_key(name):
mapping = self.displayMap[displayName]
self.setRenderREQUEST(displayName, mapping[0], mapping[2])
self.REQUEST.other['editname'] = name
return self
configDoc = cdoc.getConfigDoc()
configTab = None
if configDoc is not None:
configTab = configDoc.TabManager
if configDoc is not None and configTab is not None and configTab.tabMapping is not None and configTab.getTabActive():
if name in configTab.tabMapping:
displayName = configTab.tabMapping[name]
self.REQUEST.other['editlayout'] = displayName
if configDoc.displayMap is not None and configDoc.displayMap.has_key(name):
mapping = configDoc.displayMap[displayName]
self.setRenderREQUEST(displayName, mapping[0], mapping[2])
self.REQUEST.other['editname'] = name
return self
lookup = self.getRenderScriptLookup()
if lookup is not None:
current_user = getSecurityManager().getUser()
newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], []))
header, body, footer = lookup(self, name)
newSecurityManager(None, current_user)
if body is not None:
self.setRenderREQUESTScript(name, body, header, footer)
return self
if self.displayMap is not None and self.displayMap.has_key(name):
mapping = self.displayMap[name]
self.setRenderREQUEST(name, mapping[0], mapping[2])
return self
if configDoc is not None and configDoc.displayMap is not None and configDoc.displayMap.has_key(name):
mapping = configDoc.displayMap[name]
self.setRenderREQUEST(name, mapping[0], mapping[2])
return self
if self.hasCompoundDisplayView(name):
self.REQUEST.other['editlayout'] = name
return self
if hasattr(self, name):
return getattr(self, name)
else:
return self
def wrapper(*args, **kwargs):
sm = getSecurityManager()
acl_users = getSite().acl_users
tmp_user = UnrestrictedUser(sm.getUser().getId(), '', [role], '')
tmp_user = tmp_user.__of__(acl_users)
newSecurityManager(None, tmp_user)
ret = fct(*args, **kwargs)
setSecurityManager(sm)
return ret
def _makeContent(self, site, portal_type, id='document', **kw):
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
site.invokeFactory(type_name=portal_type, id=id)
content = getattr(site, id)
if getattr(aq_base(content), 'editMetadata', None) is not None:
content.editMetadata(**kw)
return content
def switchToManager(self):
"""
assume the security context of a Manager
"""
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser('temp_usr', '', ['Manager'], '')
tmp_user = tmp_user.__of__(self.acl_users)
newSecurityManager(None, tmp_user)
return old_sm
def _validate_sudo(self, request):
sm = getSecurityManager()
acl_users = getToolByName(self.context, 'acl_users')
tmp_user = UnrestrictedUser(sm.getUser().getId(), '', ['Manager'], '')
tmp_user = tmp_user.__of__(acl_users)
newSecurityManager(None, tmp_user)
role = request.role
target = uuidToObject(request.target)
target.manage_setLocalRoles(request.userid, [role])
target.reindexObject()
setSecurityManager(sm)
def setUp(self):
RequestTest.setUp(self)
try:
newSecurityManager(
None, UnrestrictedUser('manager', '', ['Manager'], []))
self.root.manage_addProduct['CMFDefault'].manage_addCMFSite('cmf')
self.site = self.root.cmf
transaction.commit(1) # Make sure we have _p_jars
except:
self.tearDown()
raise
def afterSetUp(self):
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
self.site = self.app.site
self.site.invokeFactory('File', id='file')
self.site.portal_workflow.doActionFor(self.site.file, 'publish')
self.site.invokeFactory('Image', id='image')
self.site.portal_workflow.doActionFor(self.site.image, 'publish')
self.site.invokeFactory('Folder', id='subfolder')
self.subfolder = self.site.subfolder
self.workflow = self.site.portal_workflow
transaction.commit() # Make sure we have _p_jars
def setUp(self):
RequestTest.setUp(self)
try:
newSecurityManager(
None, UnrestrictedUser('manager', '', ['Manager'], []))
site_generator = PortalGenerator()
site_generator.create(self.root, 'cmf', 1)
self.site = self.root.cmf
transaction.commit(1) # Make sure we have _p_jars
except:
self.tearDown()
raise
def setUp(self):
RequestTest.setUp(self)
try:
newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], []))
self.root.manage_addProduct['CMFDefault'].manage_addCMFSite('cmf')
self.site = self.root.cmf
self.site.invokeFactory('File', id='file')
self.site.portal_workflow.doActionFor(self.site.file, 'publish')
self.site.invokeFactory('Image', id='image')
self.site.portal_workflow.doActionFor(self.site.image, 'publish')
self.site.invokeFactory('Folder', id='subfolder')
self.subfolder = self.site.subfolder
self.workflow = self.site.portal_workflow
transaction.commit(1) # Make sure we have _p_jars
except:
self.tearDown()
raise
def migrateImages322to400(article, out):
## looking for old images
intImages = get322Contents(article,
"__ordered_image_refs__",
internal=True)
extImages = get322Contents(article,
"__ordered_image_refs__",
internal=False)
## article
## images (ImageInnerContent)
## ImageInnerContentProxies (as many as images)
## attachedImage or
## referencedContent
## (image) -> just a computed field
## title
## description
##
## links
## files
values = []
for image in intImages:
value = { ## this are the fields of ImageInnerContentProxy
"attachedImage": (image.getImage(), {}),
"title": (image.Title(), {}),
"description": (image.Description(), {}),
"id": (generateUniqueId("imageProxy"), {}),
}
values.append(value)
for image in extImages:
value = { ## this are the fields of ImageInnerContentProxy
"referencedContent": (image, {}),
"title": (image.Title(), {}),
"description": (image.Description(), {}),
"id": (generateUniqueId("imageProxy"), {}),
}
values.append(value)
# XXX Something make us loose right, but we are pragmatic
current_user = getSecurityManager().getUser()
newSecurityManager(None, UnrestrictedUser('manager', '', ['Manager'], []))
article.setImages(values)
newSecurityManager(None, current_user)
def doAsTmpUserWithRole(self, role, function, *args, **kwargs):
"""Create a temporary user with role and execute function.
Credits: Copied from add-on 'Products.EasyNewsletter'."""
sm = getSecurityManager()
portal = api.portal.get()
try:
try:
tmp_user = UnrestrictedUser(sm.getUser().getId(), '', [role],
'')
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
return function(*args, **kwargs)
except:
raise
finally:
setSecurityManager(sm)
def createUserAccount(self, login, prefix, theLogin, properties):
"""
create a user account for the given login id and user properties.
the user properties should be a dict.
"""
admin = UnrestrictedUser('manager', '', ['Manager'], '')
admin = admin.__of__(self.acl_users)
# save current security manager.
current_sm = getSecurityManager()
try:
# execute the following by using manager permission.
# ...
newSecurityManager(None, admin)
# find the user management folder.
# create UserAccount in the user management folder.
uniqueId = '%s-%s' % (prefix, theLogin)
self.getUserFolder().invokeFactory('UserAccount', uniqueId)
userAccount = getattr(self.getUserFolder(), uniqueId)
userAccount.setUserName(login)
if properties:
# TODO: ??? need better way to set properties.
if properties.has_key('fullname'):
userAccount.setTitle(properties['fullname'])
userAccount.setFullname(properties['fullname'])
if properties.has_key('email'):
userAccount.setEmail(properties['email'])
if properties.has_key('location'):
userAccount.setLocation(properties['location'])
# XXX more are comming! should leverage the
# portal_memberdata tool
else:
userAccount.setFullname(theLogin)
# reindexing the new user account in membrane_tool.
membraneTool = getToolByName(self, 'membrane_tool')
membraneTool.indexObject(userAccount)
finally:
# restore the current security manager.
setSecurityManager(current_sm)
def test__findEmergencyUser_no_plugins(self):
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser('foo', 'bar', ('manage', ), ())
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne()
zcuf._emergency_user = eu
user = zcuf._findUser(plugins, 'foo')
self.assertEqual(aq_base(zcuf._getEmergencyUser()), aq_base(user))
PluggableAuthService.emergency_user = old_eu
def test_authenticate_emergency_user_with_broken_extractor(self):
from Products.PluggableAuthService.interfaces.plugins \
import IExtractionPlugin, IAuthenticationPlugin
from AccessControl.User import UnrestrictedUser
from Products.PluggableAuthService import PluggableAuthService
old_eu = PluggableAuthService.emergency_user
eu = UnrestrictedUser('foo', 'bar', ('manage', ), ())
PluggableAuthService.emergency_user = eu
plugins = self._makePlugins()
zcuf = self._makeOne(plugins)
borked = DummyPlugin()
directlyProvides(borked, (IExtractionPlugin, ))
borked.extractCredentials = lambda req: 'abc'
zcuf._setObject('borked', borked)
plugins = zcuf._getOb('plugins')
plugins.activatePlugin(IExtractionPlugin, 'borked')
request = FauxRequest(form={
'login': eu.getUserName(),
'password': eu._getPassword()
})
user_ids = zcuf._extractUserIds(request=request, plugins=zcuf.plugins)
self.assertEqual(len(user_ids), 1)
self.assertEqual(user_ids[0][0], 'foo')
PluggableAuthService.emergency_user = old_eu
def __call__(self):
self.iu = get_import_utility()
json_data = self.request.get("BODY", "")
if not json_data:
return
data = json.loads(json_data)
# SWITCH to Manager
old_sm = getSecurityManager()
tmp_user = UnrestrictedUser(old_sm.getUser().getId(), '', ['Manager'],
'')
portal = getToolByName(self.context, 'portal_url').getPortalObject()
tmp_user = tmp_user.__of__(portal.acl_users)
newSecurityManager(None, tmp_user)
# DO Stuff as Manager
self.iu.create_content(data, self.context)
# @TODO: Maybe add option to commit after all created
# SWITCH Back
setSecurityManager(old_sm)
return ""
def unrestricted_apply(function, args=(), kw={}): # XXX-JPS: naming
"""Function to bypass all security checks
This function is as dangerous as 'UnrestrictedMethod' decorator. Read its
docstring for more information. Never use this, until you are 100% certain
that you have no other way.
"""
security_manager = getSecurityManager()
user = security_manager.getUser()
anonymous = (user.getUserName() == 'Anonymous User')
if user.getId() is None and not anonymous:
# This is a special user, thus the user is not allowed to own objects.
super_user = UnrestrictedUser(user.getUserName(), None,
user.getRoles(), user.getDomains())
else:
try:
# XXX is it better to get roles from the parent (i.e. portal)?
uf = user.aq_inner.aq_parent
except AttributeError:
# XXX: local imports are bad, getSite should be moved to ERP5Type.
from Products.ERP5.ERP5Site import getSite
uf = getSite().acl_users
role_list = uf.valid_roles()
if anonymous:
# If the user is anonymous, use the id of the system user,
# so that it would not be treated as an unauthorized user.
user_id = str(system)
else:
user_id = user.getId()
super_user = PrivilegedUser(user_id, None, role_list,
user.getDomains()).__of__(uf)
newSecurityManager(None, super_user)
try:
return apply(function, args, kw)
finally:
# Make sure that the original user is back.
setSecurityManager(security_manager)
# NALLIMS Extract Script
# 07/13/2020
# Paul VanderWeele
from AccessControl import getSecurityManager
from AccessControl.User import UnrestrictedUser
from AccessControl.SecurityManagement import newSecurityManager
from bika.lims import api
from datetime import datetime
portal = api.get_portal()
me = UnrestrictedUser(getSecurityManager().getUser().getUserName(), '',
['LabManager'], '')
me = me.__of__(portal.acl_users)
newSecurityManager(None, me)
#Open File
file = open("/home/naladmin/NALLIMS_EXPORT.csv", "w", 1)
#Write headers
file.write("Status;\
Batch;\
Received Date;\
Received Time;\
Client ID;\
Client Name;\
Sample ID;\
Sample Name;\
Sample Type;\
Sample Location;\
Sampler;\
Sampling Date;\
Sampling Time;\
def afterSetUp(self):
self.root = self.app
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
def afterSetUp(self):
setSite(self.app.site)
self.app.site.setupCurrentSkin(self.app.REQUEST)
newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
