def disablePasResources(event):
"""Disable access to users/groups/roles management PAS plugins from browser
as they have no protection from CSRF attacks.
"""
try:
zport = getattr(event.app, 'zport', None)
if not zport or getattr(zport.dmd, 'allowManageAccess', False):
return
for class_ in (ZODBUserManager.ZODBUserManager,
ZODBGroupManager.ZODBGroupManager,
ZODBRoleManager.ZODBRoleManager):
security = ClassSecurityInfo()
security.declareObjectPrivate()
security.apply(class_)
except AttributeError:
pass
