def test_security_defined_on_class(self):
        # wrapping a method in an interaction workflow adds a default security to
        # this method, but does not override existing security definition (defined
        # on the class)
        from erp5.component.document.Organisation import Organisation
        security = ClassSecurityInfo()
        security.declarePrivate('doSomethingStupid')
        security.apply(Organisation)

        self.createInteractionWorkflow()
        self.interaction.setProperties('default',
                                       method_id='doSomethingStupid',
                                       after_script_name=('afterEdit', ))
        self.script.ZPythonScript_edit('sci', '')

        self.assertEqual(self.organisation.doSomethingStupid__roles__, ())
示例#2
0
  def test_security_defined_on_class(self):
    # wrapping a method in an interaction workflow adds a default security to
    # this method, but does not override existing security definition (defined
    # on the class)
    Organisation = Products.ERP5.Document.Organisation.Organisation
    security = ClassSecurityInfo()
    security.declarePrivate('doSomethingStupid')
    security.apply(Organisation)

    self.createInteractionWorkflow()
    self.interaction.setProperties(
            'default',
            method_id='doSomethingStupid',
            after_script_name=('afterEdit',))
    self.script.ZPythonScript_edit('sci', '')
    self.createData()

    self.assertEqual(self.organisation.doSomethingStupid__roles__, ())
示例#3
0
class ZClassSecurityInfo(object):
    """Use AccessControl.ClassSecurityInfo as a function decorator."""
    def __init__(self):
        """Initialize a ZClassSecurityInfo instance."""
        self.__csi = ClassSecurityInfo()

    def private(self, f):
        """Declare the given function as private."""
        self.__csi.declarePrivate(f.func_name)
        return f

    def protected(self, permission):
        """Declare the given function as protected."""
        def wrap(f):
            self.__csi.declareProtected(permission, f.func_name)
            return f

        return wrap

    def __getattr__(self, name):
        """Return the value of the named attribute."""
        return getattr(self.__csi, name)
示例#4
0
def DCWorkflowDefinition_notifyBefore(self, ob, transition_list, args=None, kw=None):
    '''
    Notifies this workflow of an action before it happens,
    allowing veto by exception.  Unless an exception is thrown, either
    a notifySuccess() or notifyException() can be expected later on.
    The action usually corresponds to a method name.
    '''
    pass

def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=None, kw=None):
    '''
    Notifies this workflow that an action has taken place.
    '''
    pass

security.declarePrivate('notifyWorkflowMethod')
DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod
DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore
DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess

WORKLIST_METADATA_KEY = 'metadata'
SECURITY_PARAMETER_ID = 'local_roles'
COUNT_COLUMN_TITLE = 'count'

class ExclusionList(list):
  """
    This is a dummy subclass of list.
    It is only used to detect wether contained values must be negated.
    It is not to be used outside of the scope of this document nor outside
    of the scope of worklist criterion handling.
  """
示例#5
0
        if state_definition is not None:
            if action in state_definition.transitions:
                transition_definition = workflow.transitions.get(action, None)
                if transition_definition is not None and \
                   transition_definition.trigger_type == TRIGGER_USER_ACTION:
                    return workflow._checkTransitionGuard(
                        transition_definition, ob, **guard_kw)

    raise WorkflowException(
        _(u"No workflow provides the '${action_id}' action.",
          mapping={'action_id': action}))


WorkflowTool.canDoActionFor = canDoActionFor

security.declarePrivate('_listTypeInfo')


def _listTypeInfo(self):
    """ List the portal types which are available.
    """
    # <patch>
    ttool = getattr(self.getPortalObject(), "portal_types", None)
    # </patch>
    if ttool is not None:
        return ttool.listTypeInfo()
    return ()


WorkflowTool._listTypeInfo = _listTypeInfo
示例#6
0
            return msg
    
templates = ('zpt/tabComments',
             'zpt/editCommentsForm',
             'zpt/mail_newCommentToWebmaster',
             'zpt/mail_newCommentToParent',
             'zpt/mail_rejectCommentToAuthor',
             'zpt/mail_deleteCommentToAuthor',
             'zpt/mail_approveCommentToAuthor',
            )
addTemplates2Class(CommentsStorage, templates, globals_=globals())

security = ClassSecurityInfo()
security.declareProtected(VMS, 'tabComments')
security.declareProtected(MANAGE_CONTENT_PERMISSIONS, 'editCommentsForm')
security.declarePrivate('mail_newCommentToWebmaster')
security.declarePrivate('mail_newCommentToParent')
security.declarePrivate('mail_rejectCommentToAuthor')
security.declarePrivate('mail_deleteCommentToAuthor')
security.declarePrivate('mail_approveCommentToAuthor')
security.apply(CommentsStorage)


import unittest
import sys
class CommentsStorageTests(unittest.TestCase):
    """
    Test class for CommentsStorage class 
    """   
    
    def test_addComment1(self):
示例#7
0
文件: DA.py 项目: Elbagoury/erp5
    return result


def DA_upgradeSchema(self,
                     connection_id=None,
                     create_if_not_exists=False,
                     initialize=None,
                     src__=0,
                     **kw):
    return self.getPortalObject()[connection_id or self.connection_id]() \
        .upgradeSchema(self(src__=1, **kw), create_if_not_exists,
                       initialize, src__)


DA.__call__ = DA__call__
security.declarePrivate('fromFile')
DA.fromFile = DA_fromFile
security.declarePrivate('fromText')
DA.fromText = DA_fromText
DA.manage_FTPget = DA_manage_FTPget
DA.PUT = DA_PUT
DA._upgradeSchema = DA_upgradeSchema


# Patch to allow using ZODB components for brains
def getObjectMeta(original_function):
    def getObject(module, name, reload=0):
        # Modified version that ignore errors as long as the module can be be
        # imported, which is enough to use a ZODB Extension as a brain.
        try:
            m = __import__('erp5.component.extension.%s' % module, globals(),
示例#8
0
def om_icons(self):
  """Return a list of icon URLs to be displayed by an ObjectManager"""
  icons = ({'path': 'misc_/PythonScripts/pyscript.gif',
            'alt': self.meta_type, 'title': self.meta_type},)
  if self.haveProxyRole():
    icons = ({'path': 'p_/PythonScript_ProxyRole_icon',
              'alt': 'Proxy Roled Python Script',
              'title': 'This script has proxy role.'},)
  return icons

pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals())

#
# Add proxy role icon in ZMI
#
security.declarePrivate('haveProxyRole')
PythonScript.haveProxyRole = haveProxyRole

PythonScript.om_icons = om_icons
p_.PythonScript_ProxyRole_icon = pyscript_proxyrole


# Patch for displaying textearea in full window instead of
# remembering a quantity of lines to display in a cookie
manage_editForm = DTMLFile("pyScriptEdit", _dtmldir)
manage_editForm._setName('manage_editForm')
PythonScript.ZPythonScriptHTML_editForm = manage_editForm
PythonScript.manage_editForm = manage_editForm
PythonScript.manage = manage_editForm
PythonScript.manage_main = manage_editForm
PythonScript.manage_editDocument = manage_editForm
示例#9
0
        'value_class':<dtml-var "value_classes[0].getCleanName()">,
</dtml-if>
</dtml-let>
<dtml-if "klass.getTaggedValue('validation_expression')">
        'validators':(ExpressionValidator('''python:<dtml-var "klass.getTaggedValue('validation_expression')">'''),),
</dtml-if>
<dtml-var "generator.getProtectedSection(parsed_class,'field-properties',2)">
        })

    security  = ClassSecurityInfo()

<dtml-if "parentname=='CompoundField'">
    schema=schema
</dtml-if>

    security.declarePrivate('set')
    security.declarePrivate('get')


<dtml-if "not parsed_class">
    def get(self, instance, **kwargs):
        return <dtml-var parentname>.get(self, instance, **kwargs)

    def getRaw(self, instance, **kwargs):
        return <dtml-var parentname>.getRaw(self, instance, **kwargs)

    security.declarePrivate('set')
    def set(self, instance, value, **kwargs):
        return <dtml-var parentname>.set(self, instance, value, **kwargs)

</dtml-if>
示例#10
0
    Notifies this workflow of an action before it happens,
    allowing veto by exception.  Unless an exception is thrown, either
    a notifySuccess() or notifyException() can be expected later on.
    The action usually corresponds to a method name.
    """
    pass


def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=None, kw=None):
    """
    Notifies this workflow that an action has taken place.
    """
    pass


security.declarePrivate("notifyWorkflowMethod")
DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod
DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore
DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess

WORKLIST_METADATA_KEY = "metadata"
SECURITY_PARAMETER_ID = "local_roles"
COUNT_COLUMN_TITLE = "count"


class ExclusionList(list):
    """
    This is a dummy subclass of list.
    It is only used to detect wether contained values must be negated.
    It is not to be used outside of the scope of this document nor outside
    of the scope of worklist criterion handling.
示例#11
0
""" Patches for Products.CMFCore
"""
from AccessControl import ClassSecurityInfo
from eea.workflow.events import InitialStateCreatedEvent
from zope.event import notify


security = ClassSecurityInfo()

security.declarePrivate('notifyCreated')
def notifyCreated(self, ob):
    """ Notify all applicable workflows that an object has been created
        and put in its new place.

    The patch adds a single line that uses zope.event to notify of
    the IInitialStateCreatedEvent event
    """
    self._old_notifyCreated(ob)
    notify(InitialStateCreatedEvent(ob))
示例#12
0
文件: DA.py 项目: ccwalkerjm/erp5
    if test__ and columns != self._col: self._col=columns

    # If run in test mode, return both the query and results so
    # that the template doesn't have to be rendered twice!
    if test__: return query, result

    return result

def DA_upgradeSchema(self, connection_id=None, create_if_not_exists=False,
                           initialize=None, src__=0, **kw):
    return self.getPortalObject()[connection_id or self.connection_id]() \
        .upgradeSchema(self(src__=1, **kw), create_if_not_exists,
                       initialize, src__)

DA.__call__ = DA__call__
security.declarePrivate('fromFile')
DA.fromFile = DA_fromFile
security.declarePrivate('fromText')
DA.fromText = DA_fromText
DA.manage_FTPget = DA_manage_FTPget
DA.PUT = DA_PUT
DA._upgradeSchema = DA_upgradeSchema


# Patch to allow using ZODB components for brains
def getObjectMeta(original_function):
  def getObject(module, name, reload=0):
    # Modified version that ignore errors as long as the module can be be
    # imported, which is enough to use a ZODB Extension as a brain.
    try:
      m = __import__('erp5.component.extension.%s' % module, globals(),
示例#13
0
""" Patches for Products.CMFCore
"""
from AccessControl import ClassSecurityInfo
from eea.workflow.events import InitialStateCreatedEvent
from zope.event import notify

security = ClassSecurityInfo()

security.declarePrivate('notifyCreated')


def notifyCreated(self, ob):
    """ Notify all applicable workflows that an object has been created
        and put in its new place.

    The patch adds a single line that uses zope.event to notify of
    the IInitialStateCreatedEvent event
    """
    self._old_notifyCreated(ob)
    notify(InitialStateCreatedEvent(ob))
示例#14
0
    }, )
    if self.haveProxyRole():
        icons = ({
            'path': 'p_/PythonScript_ProxyRole_icon',
            'alt': 'Proxy Roled Python Script',
            'title': 'This script has proxy role.'
        }, )
    return icons


pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals())

#
# Add proxy role icon in ZMI
#
security.declarePrivate('haveProxyRole')
PythonScript.haveProxyRole = haveProxyRole

PythonScript.om_icons = om_icons
p_.PythonScript_ProxyRole_icon = pyscript_proxyrole

# Patch for displaying textearea in full window instead of
# remembering a quantity of lines to display in a cookie
manage_editForm = DTMLFile("pyScriptEdit", _dtmldir)
manage_editForm._setName('manage_editForm')
PythonScript.ZPythonScriptHTML_editForm = manage_editForm
PythonScript.manage_editForm = manage_editForm
PythonScript.manage = manage_editForm
PythonScript.manage_main = manage_editForm
PythonScript.manage_editDocument = manage_editForm
PythonScript.manage_editForm = manage_editForm