def changeUser(self, user_id): """ Change the current user to user_id """ user_folder = self.getPortal().acl_users user = user_folder.getUserById(user_id).__of__(user_folder) newSecurityManager(None, user)
def login(self): uf = self.portal.acl_users uf._doAddUser('daniele', 'myPassword', ['Manager'], []) uf._doAddUser('ERP5TypeTestCase', '', ['Manager'], []) uf._doAddUser('syncml', '', ['Manager'], []) user = uf.getUserById('daniele').__of__(uf) newSecurityManager(None, user)
def test_CopyPasteSetsOwnership(self): # Copy/pasting a File should set new ownership including local roles from OFS.Folder import Folder acl_users = self.acl_users folder1 = self.site._setObject('folder1', Folder('folder1')) folder2 = self.site._setObject('folder2', Folder('folder2')) newSecurityManager(None, acl_users.user_foo) content = self._initContent(folder1, 'content') content.manage_setLocalRoles(acl_users.user_foo.getId(), ['Owner']) newSecurityManager(None, acl_users.all_powerful_Oz) cb = folder1.manage_copyObjects(['content']) folder2.manage_pasteObjects(cb) # Now test executable ownership and "owner" local role # "member" should have both. moved = folder2._getOb('content') self.assertEqual(aq_base(moved.getOwner()), aq_base(acl_users.all_powerful_Oz)) local_roles = moved.get_local_roles() self.assertEqual(len(local_roles), 1) userid, roles = local_roles[0] self.assertEqual(userid, acl_users.all_powerful_Oz.getId()) self.assertEqual(len(roles), 1) self.assertEqual(roles[0], 'Owner')
def stepAuthorImportFile(self, sequence=None, sequence_list=None, **kw): # create some regions region = self.portal.portal_categories.region europe = region.newContent(portal_type='Category', title='Europe', id='europe') europe.newContent(portal_type='Category', title='France', id='france') user_name = 'author' user_folder = self.portal.acl_users user_folder._doAddUser(user_name, '', ['Author', 'Member'], []) user = user_folder.getUserById(user_name).__of__(user_folder) newSecurityManager(None, user) f = makeFileUpload('import_data_with_categories.ods') person_module = self.getPortal().person_module listbox=( { 'listbox_key': '001', 'portal_type_property_list':'Person.title'}, { 'listbox_key': '002', 'portal_type_property_list':'Person.first_name'}, { 'listbox_key': '003', 'portal_type_property_list':'Person.gender'}, { 'listbox_key': '004', 'portal_type_property_list':'Person.function'}, { 'listbox_key': '005', 'portal_type_property_list':'Person.region'} ) person_module.Base_importFile(import_file=f, listbox=listbox)
def checkin_documents_for_user(portal, options): """Attempts to check in all documents checked out by a particular user. """ username = options.user # Assume security context of user user = portal.acl_users.getUser(username) user = user.__of__(portal.acl_users) newSecurityManager(portal, user) catalog = getToolByName(portal, 'portal_catalog') docs = catalog(portal_type='opengever.document.document') checked_out_docs = [b.getObject() for b in docs if b.checked_out == username] for obj in checked_out_docs: manager = getMultiAdapter((obj, obj.REQUEST), ICheckinCheckoutManager) if not manager.is_checkin_allowed(): print "WARNING: Checkin not allowed for document %s" % obj.absolute_url() print checkin_not_allowed_reason(obj) else: if not options.dryrun: manager.checkin(comment=options.comment) print "Checked in document %s" % obj.absolute_url() else: print "Would checkin document %s" % obj.absolute_url() if not options.dryrun: transaction.commit()
def test_isConstructionAllowed_w_Role( self ): ti, folder = self._makeStuff() newSecurityManager( None , UserWithRoles( 'FooAdder' ).__of__( folder ) ) self.failUnless( ti.isConstructionAllowed( folder ) )
def test_constructInstance_private(self): ti, folder = self._makeStuff() newSecurityManager(None, UserWithRoles('NotAFooAdder').__of__(folder)) ti._constructInstance(folder, 'foo') foo = folder._getOb('foo') self.assertEqual(foo.id, 'foo')
def main(app, id, title, dbauser, dbuser, dbname, dbserver, dbport): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) # Add Rhaptos Site factory = app.manage_addProduct['RhaptosSite'] factory.manage_addRhaptosSite(id, title=title, description='', dbauser=dbauser, dbapass=None, dbuser=dbuser, dbpass=None, dbname=dbname, dbserver=dbserver, dbport=dbport and int(dbport) or None) # Add Virtual Host Entry app.virtual_hosting.set_map('http://*.cnx.rice.edu/ /'+id+'\nhttp://localhost/ /'+id) # Apply cnx.org styles site = getattr(app, id) site.portal_setup.setImportContext( 'profile-Products.CNXPloneSite:default') site.portal_setup.manage_importSelectedSteps( ['cnx_install'], True, # run_dependencies app.REQUEST.RESPONSE) transaction.commit()
def test_constructContent(self): site = self.site acl_users = self.acl_users ttool = self.ttool setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) self.site._owner = (['acl_users'], 'all_powerful_Oz') sti_baz = STI('Baz', permission='Add portal content', constructor_path='addBaz') ttool._setObject('Baz', sti_baz) ttool._setObject( 'addBaz', PythonScript('addBaz') ) s = ttool.addBaz s.write(STI_SCRIPT) f = site._setObject( 'folder', PortalFolder(id='folder') ) f.manage_addProduct = { 'FooProduct' : DummyFactory(f) } f._owner = (['acl_users'], 'user_foo') self.assertEqual( f.getOwner(), acl_users.user_foo ) ttool.constructContent('Dummy Content', container=f, id='page1') try: ttool.constructContent('Baz', container=f, id='page2') except Unauthorized: self.fail('CMF Collector issue #165 (Ownership bug): ' 'Unauthorized raised' )
def test_listActionInformationActions(self): # Check that listFilteredActionsFor works for objects that return # ActionInformation objects tool = self.tool act = 'string:${folder_url}/folder_contents' tool._actions = ( ActionInformation(id='folderContents', title='Folder contents', action=Expression(text=act), icon_expr=Expression(text='string:' '${folder_url}/icon.gif'), condition=Expression(text='python: ' 'folder is not object'), permissions=('List folder contents',), category='folder', link_target='_top', visible=1),) newSecurityManager(None, OmnipotentUser().__of__(self.app.acl_users)) self.assertEqual(tool.listFilteredActionsFor(self.app.foo), {'workflow': [], 'user': [], 'object': [], 'folder': [{'id': 'folderContents', 'url': 'http://nohost/folder_contents', 'icon': 'http://nohost/icon.gif', 'title': 'Folder contents', 'description': '', 'visible': True, 'available': True, 'allowed': True, 'category': 'folder', 'link_target': '_top'}], 'global': []})
def setUp(self): transaction.begin() self._policy = PermissiveSecurityPolicy() self._oldPolicy = setSecurityPolicy(self._policy) self.connection = Zope2.DB.open() self.root = self.connection.root()[ 'Application' ] newSecurityManager( None, AnonymousUser().__of__( self.root ) )
def _notify(self, item, callback, name): if callable(callback): sm = getSecurityManager() try: user = sm.getUser() try: newSecurityManager(None, nobody) callback(item, self) except: # dont raise, just log path = self.getPhysicalPath() LOG.warning( '%s failed when calling %s in %s' % (name,callback, '/'.join(path)), exc_info=True ) finally: setSecurityManager(sm) else: err = '%s in %s attempted to call non-callable %s' path = self.getPhysicalPath() LOG.warning( err % (name, '/'.join(path), callback), exc_info=True )
def get_filetype_info(self, filetype): current_user = getSecurityManager().getUser() newSecurityManager(None, UnrestrictedUser('andago', '', ['Manager'], [])) ret = self.decorateBrains(self.portal_catalog(filetype=filetype, portal_type='BoardDocument', Language='es')) newSecurityManager(None, current_user) return ret
def getOrder(self, context, request): """ This turns a little complex, because the call from BulkSMS is unauthenticated in the plone sense. Thus this code essentially runs as 'Anonymous'. We do an unrestrictedSearchResults to get the brain. Then we switch users to the owner of that object. This means we never give the user more rights on this object than they should have. """ verification_code = request.get('message') if not verification_code: return None verification_code = verification_code.strip() pc = getToolByName(self.context, 'order_catalog') query = {'portal_type': 'emas.app.order', 'review_state': 'ordered', 'verification_code': verification_code} try: brains = pc.unrestrictedSearchResults(query) except UnicodeDecodeError: return None if not brains or len(brains) < 1: LOGGER.debug( 'Could not find order with verification code:' '%s' % verification_code) return None brain = brains[0] order = brain._unrestrictedGetObject() pmt = getToolByName(self.context, 'portal_membership') user = pmt.getMemberById(order.userid) if user is not None: newSecurityManager(request, user) return order return None
def localBuild(self, activity_kw=()): """Activate builders for this delivery The generated activity will find all buildable business links for this delivery, and call related builders, which will select all simulation movements part of the same explanation(s) as the delivery. XXX: Consider moving it to SimulableMixin if it's useful for Subscription Items. """ # XXX: Previous implementation waited for expand activities of related # documents and even suggested to look at explanation tree, # instead of causalities. Is it required ? kw = {'priority': 3} kw.update(activity_kw) after_tag = kw.pop('after_tag', None) if isinstance(after_tag, basestring): after_tag = [after_tag] else: after_tag = list(after_tag) if after_tag else [] # Now that 'delivery' category relation are indexed in ZODB, this is the # only method that depends on built: tag (via _updateSimulation), which # is still required because builders only use catalog to find buildable # movements and we don't want to miss any for local building. after_tag.append('expand:' + self.getPath()) sm = getSecurityManager() newSecurityManager(None, nobody) try: unrestricted_apply(self.activate(after_tag=after_tag, **kw)._localBuild) finally: setSecurityManager(sm)
def last_modifier(self): # Let's see if we have any last_modifier annotation raw_last_modifier = self._raw_last_modifier() if raw_last_modifier: return raw_last_modifier # If we are here: try with with history support if is available. history = queryMultiAdapter((self.context, self.request), interface=Interface, name=u"contenthistory") # Security is in the view definition. Here we act as an omnipotent user old_sm = getSecurityManager() tmp_user = UnrestrictedUser(old_sm.getUser().getId() or '', '', ['Manager'], '') newSecurityManager(None, tmp_user) try: if not history and sys.version_info < (2, 6): # We didn't found any history... is this a Plone 3? Let's try with the old history viewlet # To be sure of that let's do it only if we are using Python 2.4 # Please remove this abomination when Plone 3.3 compatibity will be dropped history = ContentHistoryViewlet(self.context, self.request, None, manager=None) history.update() if history: full_history = history.fullHistory() if full_history: return full_history[0].get('actorid') or full_history[0].get('actor').get('username') finally: setSecurityManager(old_sm)
def test_overrideDiscussionFor(self): acl_users = self.site._setObject('acl_users', DummyUserFolder()) newSecurityManager(None, acl_users.all_powerful_Oz) dtool = self.dtool foo = self.site._setObject( 'foo', DummyFolder() ) baz = foo._setObject( 'baz', DummyFolder() ) dtool.overrideDiscussionFor(foo, 1) self.failUnless( hasattr(foo.aq_base, 'allow_discussion') ) try: dtool.overrideDiscussionFor(baz, None) except KeyError: self.fail('CMF Collector issue #201 (acquisition bug): ' 'KeyError raised') dtool.overrideDiscussionFor(foo, None) self.failIf( hasattr(foo.aq_base, 'allow_discussion') ) # https://bugs.launchpad.net/zope-cmf/+bug/162532: Don't break # if allow_discussion only exists at the class level class DummyContent: allow_discussion = False def getId(self): return 'dummy' dummy = DummyContent() try: dtool.overrideDiscussionFor(dummy, None) except AttributeError: self.fail('Launchpad issue 162532: AttributeError raised')
def proxyMethodHandler(self, kw): """Dummy proxyMethodHandler""" # login as super user newSecurityManager(self, self.getPortalObject().acl_users.getUserById(ERP5Security.SUPER_USER)) data = getattr(self, kw["method_id"])(**kw["method_kw"]) response = GeneratorCall(data=data) return response.dump()
def setUp(self): self._trap_warning_output() transaction.begin() app = self.app = makerequest(Zope2.app()) # Log in as a god :-) newSecurityManager( None, UnrestrictedUser('god', 'god', ['Manager'], '') ) app.manage_addProduct['CMFDefault'].manage_addCMFSite('CalendarTest') self.Site = app.CalendarTest manage_addExternalMethod(app.CalendarTest, id='install_events', title="Install Events", module="CMFCalendar.Install", function="install") ExMethod = app.restrictedTraverse('/CalendarTest/install_events') ExMethod() self.Tool = app.CalendarTest.portal_calendar self.Site.clearCurrentSkin() self.Site.setupCurrentSkin(app.REQUEST) # sessioning setup if getattr(app, 'temp_folder', None) is None: temp_folder = MountedTemporaryFolder('temp_folder') app._setObject('temp_folder', temp_folder) if getattr(app.temp_folder, 'session_data', None) is None: session_data = TransientObjectContainer('session_data') app.temp_folder._setObject('session_data', session_data) app.REQUEST.set_lazy( 'SESSION', app.session_data_manager.getSessionData )
def restrictMethodAsShadowUser(self, open_order=None, callable_object=None, argument_list=None, argument_dict=None): """ Restrict the security access of a method to the unaccessible shadow user associated to the current user. """ if argument_list is None: argument_list = [] if argument_dict is None: argument_dict = {} if open_order is None or callable_object is None: raise TypeError('open_order and callable_object cannot be None') relative_url = open_order.getRelativeUrl() if open_order.getPortalType() != 'Open Sale Order': raise Unauthorized("%s is not an Open Sale Order" % relative_url) else: # Check that open order is the validated one for the current user if open_order.getValidationState() != 'validated': raise Unauthorized('Open Sale Order %s is not validated.' % relative_url) acl_users = open_order.getPortalObject().acl_users # Switch to the shadow user temporarily, so that the behavior would not # change even if this method is invoked by random users. sm = getSecurityManager() newSecurityManager(None, acl_users.getUserById(open_order.getReference())) try: return callable_object(*argument_list, **argument_dict) finally: # Restore the original user. setSecurityManager(sm)
def login(self) : """sets the security manager""" uf = self.getPortal().acl_users uf._doAddUser('alex', '', ['Member', 'Assignee', 'Assignor', 'Auditor', 'Author', 'Manager'], []) user = uf.getUserById('alex').__of__(uf) newSecurityManager(None, user)
def testUpgradeAllProposed(self): request = self.app.REQUEST oldsite = getattr(self.app, self._SITE_ID) stool = oldsite.portal_setup profile_id = 'Products.CMFDefault:default' upgrades = [] for upgrade_info in stool.listUpgrades(profile_id): if isinstance(upgrade_info, list): for info in upgrade_info: if info['proposed']: upgrades.append(info['id']) continue if upgrade_info['proposed']: upgrades.append(upgrade_info['id']) request.form['profile_id'] = profile_id request.form['upgrades'] = upgrades stool.manage_doUpgrades(request) self.assertEqual(stool.getLastVersionForProfile(profile_id), ('2', '2')) newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], '')) setSite(self.app.site) expected_export = self.app.site.portal_setup.runAllExportSteps() setSite(oldsite) upgraded_export = stool.runAllExportSteps() expected = TarballImportContext(stool, expected_export['tarball']) upgraded = TarballImportContext(stool, upgraded_export['tarball']) diff = stool.compareConfigurations(upgraded, expected) self.assertEqual(diff, '', diff)
def test_constructInstance_private(self): from AccessControl.SecurityManagement import newSecurityManager from Products.CMFCore.tests.base.security import UserWithRoles newSecurityManager(None, UserWithRoles('NotAFooAdder').__of__(self.f)) self.ti._constructInstance(self.f, 'foo') foo = self.f._getOb('foo') self.assertEqual(foo.id, 'foo')
def test_constructContent_simple_STI(self): from AccessControl import Unauthorized from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.PortalFolder import PortalFolder from Products.CMFCore.TypesTool \ import ScriptableTypeInformation as STI from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher from Products.CMFCore.tests.base.tidata import STI_SCRIPT from Products.PythonScripts.PythonScript import PythonScript site = self._makeSite().__of__(self.root) acl_users = site.acl_users setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) tool = self._makeOne().__of__(site) sti_baz = STI('Baz', permission='Add portal content', constructor_path='addBaz') tool._setObject('Baz', sti_baz) script = PythonScript('addBaz') script.write(STI_SCRIPT) tool._setObject('addBaz', script) folder = site._setObject( 'folder', PortalFolder(id='folder') ) folder.manage_addProduct = {'FooProduct': DummyFactoryDispatcher(folder) } folder._owner = (['acl_users'], 'user_foo') self.assertEqual( folder.getOwner(), acl_users.user_foo ) try: tool.constructContent('Baz', container=folder, id='page2') except Unauthorized: self.fail('CMF Collector issue #165 (Ownership bug): ' 'Unauthorized raised' ) self.assertEqual(folder.page2.portal_type, 'Baz')
def test_constructInstance_wo_Roles(self): from AccessControl.SecurityManagement import newSecurityManager from AccessControl.unauthorized import Unauthorized from Products.CMFCore.tests.base.security import UserWithRoles newSecurityManager(None, UserWithRoles('FooViewer').__of__(self.f)) self.assertRaises(Unauthorized, self.ti.constructInstance, self.f, 'foo')
def test_BasicAuthenticateDesactivated(self): """Make sure Unauthorized error does not lead to Basic auth popup in browser""" portal = self.getPortal() # Create user account with very long login name login_name = 'foo_login_name' password = '******' acl_users = portal.acl_users acl_users._doAddUser(login_name, password, ['Member'], []) user = acl_users.getUserById(login_name).__of__(acl_users) # Login as the above user newSecurityManager(None, user) self.auth = '%s:%s' % (login_name, password) self.commit() self.tic() api_scheme, api_netloc, api_path, api_query, \ api_fragment = urlparse.urlsplit(self.portal.absolute_url()) connection = httplib.HTTPConnection(api_netloc) connection.request( method='GET', url='%s/Person_getPrimaryGroup' % \ self.portal.absolute_url(), headers={ 'Authorization': 'Basic %s' % \ base64.b64encode(self.auth) } ) response = connection.getresponse() self.assertEqual(response.status, 401) self.assertEqual(response.getheader('WWW-Authenticate'), None)
def __call__(self, *args): """ """ plominoContext = self try: if self.run_as == "OWNER": # Remember the current user member = self.getCurrentMember() if member.__class__.__name__ == "SpecialUser": user = member else: user = member.getUser() # Switch to the agent's owner owner = self.getOwner() newSecurityManager(None, owner) result = self.runFormulaScript( "agent_" + self.id, plominoContext, self.content, True, *args ) # Switch back to the original user if self.run_as == "OWNER": newSecurityManager(None, user) except PlominoScriptException, e: e.reportError('Agent failed') result = None
def setUp(self): from AccessControl.SecurityManagement import newSecurityManager from Products.CMFCore.tests.base.dummy import DummyFolder from Products.CMFCore.tests.base.security import UserWithRoles self.f = DummyFolder(fake_product=1) self.ti = self._makeOne('Foo', product='FooProduct', factory='addFoo') newSecurityManager(None, UserWithRoles('FooAdder').__of__(self.f))
def test_catalog_with_very_long_login_name(self, quiet=quiet, run=run_all_test): """Make sure that user with very long login name can find his document by catalog""" portal = self.getPortal() # Create user account with very long login name login_name = 'very_very_looooooooooooooooooooooooooooooooooooooooooooooooooooo' + \ 'oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong_login_name' password = '******' + \ 'ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd' acl_users = portal.acl_users acl_users._doAddUser(login_name, password, ['Member'], []) user = acl_users.getUserById(login_name).__of__(acl_users) # Login as the above user newSecurityManager(None, user) self.auth = '%s:%s' % (login_name, password) self.commit() # Create preference portal.portal_preferences.newContent('Preference', title='My Test Preference') self.tic() self.assertEqual( len(portal.portal_catalog(portal_type='Preference', title='My Test Preference')), 1) response = self.publish(self.portal_id, self.auth) self.assertEqual(HTTP_OK, response.getStatus())
def onDiscussionItemAddedEvent(object,event): from AccessControl.SecurityManagement import newSecurityManager from AccessControl import getSecurityManager import transaction contextuser = getSecurityManager().getUser() discussion_item = object discussed_item = discussion_item while discussed_item.meta_type == discussion_item.meta_type: discussed_item = discussed_item.aq_inner.aq_parent.aq_parent modifiedat = None try: modifiedat = discussion_item.created() except AttributeError: modifiedat = None if modifiedat <> None: try: onObjectModification(discussed_item,last_change_action_comment,modifiedat) onObjectModification(discussion_item,last_change_action_add,modifiedat) discussed_item.reindexObject() discussion_item.reindexObject() except: currentOwner = discussed_item.getOwner() newSecurityManager(None,currentOwner) onObjectModification(discussed_item,last_change_action_comment,modifiedat) onObjectModification(discussion_item,last_change_action_add,modifiedat) discussed_item.reindexObject() discussion_item.reindexObject() newSecurityManager(None,contextuser)
from AccessControl import getSecurityManager from AccessControl.User import UnrestrictedUser from AccessControl.SecurityManagement import newSecurityManager from bika.lims import api import csv portal = api.get_portal() me = UnrestrictedUser(getSecurityManager().getUser().getUserName(), '', ['LabManager'], '') me = me.__of__(portal.acl_users) newSecurityManager(None, me) clients = map(api.get_object, api.search({'portal_type': 'Client'})) data = [] cols = [ 'Status', 'NAL Number', 'Client ID', 'Email Address', 'Phone', 'MBG Grower Number', 'TrueBlue Grower Number', 'Grower List', 'Country', 'State', 'District', 'City', 'Zip', 'Address', ] for i in clients:
def test_isConstructionAllowed_wo_Role(self): ti, folder = self._makeStuff() newSecurityManager(None, UserWithRoles('FooViewer').__of__(folder))
def test_isConstructionAllowed_w_Role(self): ti, folder = self._makeStuff() newSecurityManager(None, UserWithRoles('FooAdder').__of__(folder)) self.failUnless(ti.isConstructionAllowed(folder))
def test_isConstructionAllowed_for_Omnipotent(self): ti, folder = self._makeStuff() newSecurityManager(None, OmnipotentUser().__of__(folder)) self.failUnless(ti.isConstructionAllowed(folder))
def activeSense(self, fixit=0, params=None): """ This method launches the sensing process as activities. It is intended to launch a very long process made of many activities. It returns nothing since the results are collected in an active process. The result of the sensing process can be obtained by invoking the sense method or by requesting a report. """ portal_membership = self.getPortalObject().portal_membership if fixit or not self.getEnabled(): checkPermission = portal_membership.checkPermission if not checkPermission(Permissions.ManagePortal, self): raise Unauthorized( 'fixing problems or activating a disabled alarm is not allowed' ) # Use UnrestrictedMethod, so that the behaviour would not # change even if this method is invoked by random users. @UnrestrictedMethod def _activeSense(): # Set the next date at which this method should be invoked self.setNextAlarmDate() # Find the active sensing method and invoke it # as an activity so that we can benefit from # distribution of alarm processing as soon as possible method_id = self.getActiveSenseMethodId() if method_id not in (None, ''): # A tag is provided as a parameter in order to be # able to notify the user after all processes are ended # We do some inspection to keep compatibility # (because fixit and tag were not set previously) tag = self.__getTag(True) method = getattr(self, method_id) func_code = method.func_code try: has_kw = func_code.co_flags & CO_VARKEYWORDS except AttributeError: # XXX guess presence of *args and **kw name_list = func_code.co_varnames[func_code.co_argcount:] has_args = bool(name_list and name_list[0] == 'args') has_kw = bool( len(name_list) > has_args and name_list[has_args] == 'kw') name_list = func_code.co_varnames[:func_code.co_argcount] if 'params' in name_list or has_kw: # New New API getattr(self.activate(tag=tag), method_id)(fixit=fixit, tag=tag, params=params) elif 'fixit' in name_list: # New API - also if variable number of named parameters getattr(self.activate(tag=tag), method_id)(fixit=fixit, tag=tag) else: # Old API getattr(self.activate(tag=tag), method_id)() if self.isAlarmNotificationMode(): self.activate(after_tag=tag).notify(include_active=True, params=params) # switch to nobody temporarily so that unrestricted _activeSense # is always invoked by system user. sm = getSecurityManager() newSecurityManager(None, nobody) try: _activeSense() finally: # Restore the original user. setSecurityManager(sm)
def validate_user(request, user): newSecurityManager(request, user)
def login(self): uf = self.portal.acl_users uf._doAddUser('vincent', '', ['Manager'], []) user = uf.getUserById('vincent').__of__(uf) newSecurityManager(None, user)
def login(self, quiet=0, run=run_all_test): uf = self.getPortal().acl_users uf._doAddUser(self.manager_username, self.manager_password, ['Manager'], []) user = uf.getUserById(self.manager_username).__of__(uf) newSecurityManager(None, user)
def test_contentPaste(self): # # Does copy / paste work? # acl_users = self.site._setObject('acl_users', DummyUserFolder()) newSecurityManager(None, acl_users.all_powerful_Oz) ctool = DummyCatalogTool() ttool = TypesTool() fti = FTIDATA_DUMMY[0].copy() ttool._setObject('Dummy Content', FTI(**fti)) sub1 = self._makeOne('sub1') sub2 = self._makeOne('sub2') sub3 = self._makeOne('sub3') self.assertEqual(len(ctool), 0) sm = getSiteManager() sm.registerUtility(ctool, ICatalogTool) sm.registerUtility(ttool, ITypesTool) sub1._setObject('dummy', DummyContent('dummy', catalog=1)) self.assertTrue('dummy' in sub1.objectIds()) self.assertTrue('dummy' in sub1.contentIds()) self.assertFalse('dummy' in sub2.objectIds()) self.assertFalse('dummy' in sub2.contentIds()) self.assertFalse('dummy' in sub3.objectIds()) self.assertFalse('dummy' in sub3.contentIds()) self.assertTrue(has_path(ctool, '/bar/site/sub1/dummy')) self.assertFalse(has_path(ctool, '/bar/site/sub2/dummy')) self.assertFalse(has_path(ctool, '/bar/site/sub3/dummy')) cookie = sub1.manage_copyObjects(ids=('dummy', )) # Waaa! force sub2 to allow paste of Dummy object. sub2.all_meta_types = [] sub2.all_meta_types.extend(sub2.all_meta_types) sub2.all_meta_types.extend(extra_meta_types()) sub2.manage_pasteObjects(cookie) self.assertTrue('dummy' in sub1.objectIds()) self.assertTrue('dummy' in sub1.contentIds()) self.assertTrue('dummy' in sub2.objectIds()) self.assertTrue('dummy' in sub2.contentIds()) self.assertFalse('dummy' in sub3.objectIds()) self.assertFalse('dummy' in sub3.contentIds()) self.assertTrue(has_path(ctool, '/bar/site/sub1/dummy')) self.assertTrue(has_path(ctool, '/bar/site/sub2/dummy')) self.assertFalse(has_path(ctool, '/bar/site/sub3/dummy')) transaction.savepoint(optimistic=True) cookie = sub1.manage_cutObjects(ids=('dummy', )) # Waaa! force sub2 to allow paste of Dummy object. sub3.all_meta_types = [] sub3.all_meta_types.extend(sub3.all_meta_types) sub3.all_meta_types.extend(extra_meta_types()) sub3.manage_pasteObjects(cookie) self.assertFalse('dummy' in sub1.objectIds()) self.assertFalse('dummy' in sub1.contentIds()) self.assertTrue('dummy' in sub2.objectIds()) self.assertTrue('dummy' in sub2.contentIds()) self.assertTrue('dummy' in sub3.objectIds()) self.assertTrue('dummy' in sub3.contentIds()) self.assertFalse(has_path(ctool, '/bar/site/sub1/dummy')) self.assertTrue(has_path(ctool, '/bar/site/sub2/dummy')) self.assertTrue(has_path(ctool, '/bar/site/sub3/dummy'))
def loginAsUser(self, username): uf = self.portal.acl_users user = uf.getUser(username).__of__(uf) uf.zodb_roles.assignRoleToPrincipal('Manager', user.getId()) newSecurityManager(None, user)
def login(self, name): user = self.uf.getUserById(name) user = user.__of__(self.uf) newSecurityManager(None, user)
def loginAsUser(self, user_id): """Login with a given user_id """ uf = self.getPortal().acl_users user = uf.getUserById(user_id).__of__(uf) return newSecurityManager(None, user)
def test_isConstructionAllowed_for_Omnipotent(self): from AccessControl.SecurityManagement import newSecurityManager from Products.CMFCore.tests.base.security import OmnipotentUser newSecurityManager(None, OmnipotentUser().__of__(self.f)) self.failUnless(self.ti.isConstructionAllowed(self.f))
def test_setObject_set_owner_with_no_user( self ): om = self._makeOne() newSecurityManager( None, None ) si = SimpleItem( 'no_user' ) om._setObject( 'no_user', si ) self.assertEqual( si.__ac_local_roles__, None )
def changeToAnonymous(self): """ Change the current user to Anonymous """ newSecurityManager(None, SpecialUsers.nobody)
def test_isConstructionAllowed_wo_Role(self): from AccessControl.SecurityManagement import newSecurityManager from Products.CMFCore.tests.base.security import UserWithRoles newSecurityManager(None, UserWithRoles('FooViewer').__of__(self.f)) self.failIf(self.ti.isConstructionAllowed(self.f))
def login(self): uf = self.getPortal().acl_users uf._doAddUser(self.username, '', ['Manager'], []) user = uf.getUserById(self.username).__of__(uf) newSecurityManager(None, user)
def login(self): uf = self.getPortal().acl_users uf._doAddUser('admin', '', ['Manager'], []) uf._doAddUser('ERP5TypeTestCase', '', ['Manager'], []) user = uf.getUserById('admin').__of__(uf) newSecurityManager(None, user)
def loginAsPortalOwner(self): '''Use if you need to manipulate an article as member.''' uf = self.app.acl_users user = uf.getUserById(portal_owner).__of__(uf) newSecurityManager(None, user)
def setUp(self): newSecurityManager(None, None)
def startup(): from App.PersistentExtra import patchPersistent import Globals # to set / fetch data patchPersistent() global app # Import products OFS.Application.import_products() configuration = getConfiguration() # Open the database dbtab = configuration.dbtab try: # Try to use custom storage try: m = imp.find_module('custom_zodb', [configuration.testinghome]) except: m = imp.find_module('custom_zodb', [configuration.instancehome]) except Exception: # if there is no custom_zodb, use the config file specified databases DB = dbtab.getDatabase('/', is_root=1) else: m = imp.load_module('Zope2.custom_zodb', m[0], m[1], m[2]) sys.modules['Zope2.custom_zodb'] = m # Get the database and join it to the dbtab multidatabase # FIXME: this uses internal datastructures of dbtab databases = getattr(dbtab, 'databases', {}) if hasattr(m, 'DB'): DB = m.DB databases.update(getattr(DB, 'databases', {})) DB.databases = databases else: DB = ZODB.DB(m.Storage, databases=databases) notify(DatabaseOpened(DB)) Globals.BobobaseName = DB.getName() if DB.getActivityMonitor() is None: from ZODB.ActivityMonitor import ActivityMonitor DB.setActivityMonitor(ActivityMonitor()) Globals.DB = DB Zope2.DB = DB # Hook for providing multiple transaction object manager undo support: Globals.UndoManager = DB Globals.opened.append(DB) import ClassFactory DB.classFactory = ClassFactory.ClassFactory # "Log on" as system user newSecurityManager(None, AccessControl.User.system) # Set up the CA load_zcml() # Set up the "app" object that automagically opens # connections app = App.ZApplication.ZApplicationWrapper(DB, 'Application', OFS.Application.Application, ()) Zope2.bobo_application = app # Initialize the app object application = app() OFS.Application.initialize(application) if Globals.DevelopmentMode: # Set up auto-refresh. from App.RefreshFuncs import setupAutoRefresh setupAutoRefresh(application._p_jar) application._p_jar.close() # "Log off" as system user noSecurityManager() global startup_time startup_time = asctime() notify(DatabaseOpenedWithRoot(DB)) Zope2.zpublisher_transactions_manager = TransactionsManager() Zope2.zpublisher_exception_hook = zpublisher_exception_hook Zope2.zpublisher_validated_hook = validated_hook Zope2.__bobo_before__ = noSecurityManager
def startup(): patch_persistent() global app # Import products OFS.Application.import_products() configuration = getConfiguration() # Open the database dbtab = configuration.dbtab try: # Try to use custom storage try: m = imp.find_module('custom_zodb', [configuration.testinghome]) except Exception: m = imp.find_module('custom_zodb', [configuration.instancehome]) except Exception: # if there is no custom_zodb, use the config file specified databases DB = dbtab.getDatabase('/', is_root=1) else: m = imp.load_module('Zope2.custom_zodb', m[0], m[1], m[2]) sys.modules['Zope2.custom_zodb'] = m # Get the database and join it to the dbtab multidatabase # FIXME: this uses internal datastructures of dbtab databases = getattr(dbtab, 'databases', {}) if hasattr(m, 'DB'): DB = m.DB databases.update(getattr(DB, 'databases', {})) DB.databases = databases else: DB = ZODB.DB(m.Storage, databases=databases) # Force a connection to every configured database, to ensure all of them # can indeed be opened. This avoids surprises during runtime when traversal # to some database mountpoint fails as the underlying storage cannot be # opened at all if dbtab is not None: for mount, name in dbtab.listMountPaths(): _db = dbtab.getDatabase(mount) _conn = _db.open() _conn.close() del _conn del _db notify(DatabaseOpened(DB)) Zope2.DB = DB Zope2.opened.append(DB) from . import ClassFactory DB.classFactory = ClassFactory.ClassFactory # "Log on" as system user newSecurityManager(None, AccessControl.User.system) # Set up the CA load_zcml() # Set up the "app" object that automagically opens # connections app = App.ZApplication.ZApplicationWrapper(DB, 'Application', OFS.Application.Application) Zope2.bobo_application = app # Initialize the app object application = app() OFS.Application.initialize(application) application._p_jar.close() # "Log off" as system user noSecurityManager() global startup_time startup_time = asctime() notify(DatabaseOpenedWithRoot(DB))
def login(self, quiet=0, run=run_all_test): uf = self.getPortal().acl_users uf._doAddUser('seb', '', ['Manager'], []) uf._doAddUser('ERP5TypeTestCase', '', ['Manager'], []) user = uf.getUserById('seb').__of__(uf) newSecurityManager(None, user)
def login(self, uid='god'): """ Login as manager """ user = self.portal.acl_users.getUser(uid) newSecurityManager(None, user.__of__(self.portal.acl_users))
def spoofRequest(app): """ Make REQUEST variable to be available on the Zope application server. This allows acquisition to work properly """ _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) # noqa newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) return makerequest(app) app = spoofRequest(app) # noqa user = app.acl_users.getUser('admin') # noqa newSecurityManager(None, user.__of__(app.acl_users)) # noqa site = app[args.site_id] setSite(site) export_path = os.path.abspath('./archives.json') catalog = site.portal_catalog workflow = site.portal_workflow ptool = site.plone_utils site_path = '/'.join(site.getPhysicalPath()) def runExport(brains): items = [] for brain in brains: items.append({'path': brain.getPath(), 'uid': brain.UID}) if len(items) % 100 == 0:
def validated_hook(request, user): newSecurityManager(request, user)
def activeSense(self, fixit=0, activate_kw=(), params=None): """ This method launches the sensing process as activities. It is intended to launch a very long process made of many activities. It returns nothing since the results are collected in an active process. The result of the sensing process can be obtained by invoking the sense method or by requesting a report. """ activate_kw = dict(activate_kw) if (fixit or not self.getEnabled() ) and not self.getPortalObject().portal_membership.checkPermission( Permissions.ManagePortal, self): raise Unauthorized( 'fixing problems or activating a disabled alarm is not allowed' ) # Use UnrestrictedMethod, so that the behaviour would not # change even if this method is invoked by random users. @UnrestrictedMethod def _activeSense(): # Set the next date at which this method should be invoked self.setNextAlarmDate() # Find the active sensing method and invoke it # as an activity so that we can benefit from # distribution of alarm processing as soon as possible method_id = self.getActiveSenseMethodId() if method_id not in (None, ''): # A tag is provided as a parameter in order to be # able to notify the user after all processes are ended # We do some inspection to keep compatibility # (because fixit and tag were not set previously) if 'tag' not in activate_kw: # If a given alarm is running more than once at a given point in # time, there is a risk that the same random value will have been # produced. # In such event, notify() will be delayed until all conflicting # invocations are done executing. # Also, all notifications will as a result refer to a single # ActiveProcess, so all but one notification content will be lost to # someone only checking notification content. # This is expected to be highly unlikely to have any meaningful # effect, because: # - if a single alarm can be running multiple times in parallel and # has notifications enabled, there is anyway no guarantee that each # payload will actually be properly notified (independently from # any tag collision) # - if a single alarm is not usually happening in parallel and # notifications are enabled (hence, there is a reasonable # expectation that each notification will properly happen), # parallel execution means a former invocation failed, so # administrator attention should already be attracted to the issue. # - and overall, alarm concurrency should be low enough that # collision should stay extremely low: it should be extremely rare # for a notification-neabled alarm to run even 10 times in parallel # (as alarms can at most be spawned every minute), and even in such # case the probability of a collision is about 2e-9 (10 / 2**32). # Assuming 10 alarms spawned every second with a one-second duration # it takes a bit under 7 years for a single collision to be more # likely to have occurred than not: 50% / (10 / 2**32) = 6.8 years # On the other hand, using a completely constant tag per alarm would # mean notify() would be blocked by any isolated failure event, which # increases the pressure on a timely resolution of what could be a # frequent occurrence (ex: an alarm pulling data from a 3rd-party # server with poor availability). activate_kw['tag'] = '%s_%x' % (self.getRelativeUrl(), getrandbits(32)) tag = activate_kw['tag'] method = getattr(self, method_id) func_code = method.__code__ try: has_kw = func_code.co_flags & CO_VARKEYWORDS except AttributeError: # XXX guess presence of *args and **kw name_list = func_code.co_varnames[func_code.co_argcount:] has_args = bool(name_list and name_list[0] == 'args') has_kw = bool( len(name_list) > has_args and name_list[has_args] == 'kw') name_list = func_code.co_varnames[:func_code.co_argcount] if 'params' in name_list or has_kw: # New New API getattr(self.activate(**activate_kw), method_id)(fixit=fixit, tag=tag, params=params) elif 'fixit' in name_list: # New API - also if variable number of named parameters getattr(self.activate(**activate_kw), method_id)(fixit=fixit, tag=tag) else: # Old API getattr(self.activate(**activate_kw), method_id)() if self.isAlarmNotificationMode(): self.activate(after_tag=tag).notify(include_active=True, params=params) # switch to nobody temporarily so that unrestricted _activeSense # is always invoked by system user. sm = getSecurityManager() newSecurityManager(None, nobody) try: _activeSense() finally: # Restore the original user. setSecurityManager(sm)
def afterSetUp(self): self.root = self.app newSecurityManager(None, UnrestrictedUser('god', '', ['Manager'], ''))
def loginManager(self): user = OmnipotentUser().__of__(self.root) newSecurityManager(None, user)
def login(self, *args, **kw): uf = self.getPortal().acl_users uf._doAddUser('seb', '', ['Manager'], []) user = uf.getUserById('seb').__of__(uf) newSecurityManager(None, user)