def test_security_defined_on_class(self):
# wrapping a method in an interaction workflow adds a default security to
# this method, but does not override existing security definition (defined
# on the class)
from erp5.component.document.Organisation import Organisation
security = ClassSecurityInfo()
security.declarePrivate('doSomethingStupid')
security.apply(Organisation)
self.createInteractionWorkflow()
self.interaction.setProperties('default',
method_id='doSomethingStupid',
after_script_name=('afterEdit', ))
self.script.ZPythonScript_edit('sci', '')
self.assertEqual(self.organisation.doSomethingStupid__roles__, ())
def test_security_defined_on_class(self):
# wrapping a method in an interaction workflow adds a default security to
# this method, but does not override existing security definition (defined
# on the class)
Organisation = Products.ERP5.Document.Organisation.Organisation
security = ClassSecurityInfo()
security.declarePrivate('doSomethingStupid')
security.apply(Organisation)
self.createInteractionWorkflow()
self.interaction.setProperties(
'default',
method_id='doSomethingStupid',
after_script_name=('afterEdit',))
self.script.ZPythonScript_edit('sci', '')
self.createData()
self.assertEqual(self.organisation.doSomethingStupid__roles__, ())
class ZClassSecurityInfo(object):
"""Use AccessControl.ClassSecurityInfo as a function decorator."""
def __init__(self):
"""Initialize a ZClassSecurityInfo instance."""
self.__csi = ClassSecurityInfo()
def private(self, f):
"""Declare the given function as private."""
self.__csi.declarePrivate(f.func_name)
return f
def protected(self, permission):
"""Declare the given function as protected."""
def wrap(f):
self.__csi.declareProtected(permission, f.func_name)
return f
return wrap
def __getattr__(self, name):
"""Return the value of the named attribute."""
return getattr(self.__csi, name)
def DCWorkflowDefinition_notifyBefore(self, ob, transition_list, args=None, kw=None):
'''
Notifies this workflow of an action before it happens,
allowing veto by exception. Unless an exception is thrown, either
a notifySuccess() or notifyException() can be expected later on.
The action usually corresponds to a method name.
'''
pass
def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=None, kw=None):
'''
Notifies this workflow that an action has taken place.
'''
pass
security.declarePrivate('notifyWorkflowMethod')
DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod
DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore
DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess
WORKLIST_METADATA_KEY = 'metadata'
SECURITY_PARAMETER_ID = 'local_roles'
COUNT_COLUMN_TITLE = 'count'
class ExclusionList(list):
"""
This is a dummy subclass of list.
It is only used to detect wether contained values must be negated.
It is not to be used outside of the scope of this document nor outside
of the scope of worklist criterion handling.
"""
if state_definition is not None:
if action in state_definition.transitions:
transition_definition = workflow.transitions.get(action, None)
if transition_definition is not None and \
transition_definition.trigger_type == TRIGGER_USER_ACTION:
return workflow._checkTransitionGuard(
transition_definition, ob, **guard_kw)
raise WorkflowException(
_(u"No workflow provides the '${action_id}' action.",
mapping={'action_id': action}))
WorkflowTool.canDoActionFor = canDoActionFor
security.declarePrivate('_listTypeInfo')
def _listTypeInfo(self):
""" List the portal types which are available.
"""
# <patch>
ttool = getattr(self.getPortalObject(), "portal_types", None)
# </patch>
if ttool is not None:
return ttool.listTypeInfo()
return ()
WorkflowTool._listTypeInfo = _listTypeInfo
return msg
templates = ('zpt/tabComments',
'zpt/editCommentsForm',
'zpt/mail_newCommentToWebmaster',
'zpt/mail_newCommentToParent',
'zpt/mail_rejectCommentToAuthor',
'zpt/mail_deleteCommentToAuthor',
'zpt/mail_approveCommentToAuthor',
)
addTemplates2Class(CommentsStorage, templates, globals_=globals())
security = ClassSecurityInfo()
security.declareProtected(VMS, 'tabComments')
security.declareProtected(MANAGE_CONTENT_PERMISSIONS, 'editCommentsForm')
security.declarePrivate('mail_newCommentToWebmaster')
security.declarePrivate('mail_newCommentToParent')
security.declarePrivate('mail_rejectCommentToAuthor')
security.declarePrivate('mail_deleteCommentToAuthor')
security.declarePrivate('mail_approveCommentToAuthor')
security.apply(CommentsStorage)
import unittest
import sys
class CommentsStorageTests(unittest.TestCase):
"""
Test class for CommentsStorage class
"""
def test_addComment1(self):
return result
def DA_upgradeSchema(self,
connection_id=None,
create_if_not_exists=False,
initialize=None,
src__=0,
**kw):
return self.getPortalObject()[connection_id or self.connection_id]() \
.upgradeSchema(self(src__=1, **kw), create_if_not_exists,
initialize, src__)
DA.__call__ = DA__call__
security.declarePrivate('fromFile')
DA.fromFile = DA_fromFile
security.declarePrivate('fromText')
DA.fromText = DA_fromText
DA.manage_FTPget = DA_manage_FTPget
DA.PUT = DA_PUT
DA._upgradeSchema = DA_upgradeSchema
# Patch to allow using ZODB components for brains
def getObjectMeta(original_function):
def getObject(module, name, reload=0):
# Modified version that ignore errors as long as the module can be be
# imported, which is enough to use a ZODB Extension as a brain.
try:
m = __import__('erp5.component.extension.%s' % module, globals(),
def om_icons(self):
"""Return a list of icon URLs to be displayed by an ObjectManager"""
icons = ({'path': 'misc_/PythonScripts/pyscript.gif',
'alt': self.meta_type, 'title': self.meta_type},)
if self.haveProxyRole():
icons = ({'path': 'p_/PythonScript_ProxyRole_icon',
'alt': 'Proxy Roled Python Script',
'title': 'This script has proxy role.'},)
return icons
pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals())
#
# Add proxy role icon in ZMI
#
security.declarePrivate('haveProxyRole')
PythonScript.haveProxyRole = haveProxyRole
PythonScript.om_icons = om_icons
p_.PythonScript_ProxyRole_icon = pyscript_proxyrole
# Patch for displaying textearea in full window instead of
# remembering a quantity of lines to display in a cookie
manage_editForm = DTMLFile("pyScriptEdit", _dtmldir)
manage_editForm._setName('manage_editForm')
PythonScript.ZPythonScriptHTML_editForm = manage_editForm
PythonScript.manage_editForm = manage_editForm
PythonScript.manage = manage_editForm
PythonScript.manage_main = manage_editForm
PythonScript.manage_editDocument = manage_editForm
'value_class':<dtml-var "value_classes[0].getCleanName()">,
</dtml-if>
</dtml-let>
<dtml-if "klass.getTaggedValue('validation_expression')">
'validators':(ExpressionValidator('''python:<dtml-var "klass.getTaggedValue('validation_expression')">'''),),
</dtml-if>
<dtml-var "generator.getProtectedSection(parsed_class,'field-properties',2)">
})
security = ClassSecurityInfo()
<dtml-if "parentname=='CompoundField'">
schema=schema
</dtml-if>
security.declarePrivate('set')
security.declarePrivate('get')
<dtml-if "not parsed_class">
def get(self, instance, **kwargs):
return <dtml-var parentname>.get(self, instance, **kwargs)
def getRaw(self, instance, **kwargs):
return <dtml-var parentname>.getRaw(self, instance, **kwargs)
security.declarePrivate('set')
def set(self, instance, value, **kwargs):
return <dtml-var parentname>.set(self, instance, value, **kwargs)
</dtml-if>
Notifies this workflow of an action before it happens,
allowing veto by exception. Unless an exception is thrown, either
a notifySuccess() or notifyException() can be expected later on.
The action usually corresponds to a method name.
"""
pass
def DCWorkflowDefinition_notifySuccess(self, ob, transition_list, result, args=None, kw=None):
"""
Notifies this workflow that an action has taken place.
"""
pass
security.declarePrivate("notifyWorkflowMethod")
DCWorkflowDefinition.notifyWorkflowMethod = DCWorkflowDefinition_notifyWorkflowMethod
DCWorkflowDefinition.notifyBefore = DCWorkflowDefinition_notifyBefore
DCWorkflowDefinition.notifySuccess = DCWorkflowDefinition_notifySuccess
WORKLIST_METADATA_KEY = "metadata"
SECURITY_PARAMETER_ID = "local_roles"
COUNT_COLUMN_TITLE = "count"
class ExclusionList(list):
"""
This is a dummy subclass of list.
It is only used to detect wether contained values must be negated.
It is not to be used outside of the scope of this document nor outside
of the scope of worklist criterion handling.
""" Patches for Products.CMFCore
"""
from AccessControl import ClassSecurityInfo
from eea.workflow.events import InitialStateCreatedEvent
from zope.event import notify
security = ClassSecurityInfo()
security.declarePrivate('notifyCreated')
def notifyCreated(self, ob):
""" Notify all applicable workflows that an object has been created
and put in its new place.
The patch adds a single line that uses zope.event to notify of
the IInitialStateCreatedEvent event
"""
self._old_notifyCreated(ob)
notify(InitialStateCreatedEvent(ob))
if test__ and columns != self._col: self._col=columns
# If run in test mode, return both the query and results so
# that the template doesn't have to be rendered twice!
if test__: return query, result
return result
def DA_upgradeSchema(self, connection_id=None, create_if_not_exists=False,
initialize=None, src__=0, **kw):
return self.getPortalObject()[connection_id or self.connection_id]() \
.upgradeSchema(self(src__=1, **kw), create_if_not_exists,
initialize, src__)
DA.__call__ = DA__call__
security.declarePrivate('fromFile')
DA.fromFile = DA_fromFile
security.declarePrivate('fromText')
DA.fromText = DA_fromText
DA.manage_FTPget = DA_manage_FTPget
DA.PUT = DA_PUT
DA._upgradeSchema = DA_upgradeSchema
# Patch to allow using ZODB components for brains
def getObjectMeta(original_function):
def getObject(module, name, reload=0):
# Modified version that ignore errors as long as the module can be be
# imported, which is enough to use a ZODB Extension as a brain.
try:
m = __import__('erp5.component.extension.%s' % module, globals(),
""" Patches for Products.CMFCore
"""
from AccessControl import ClassSecurityInfo
from eea.workflow.events import InitialStateCreatedEvent
from zope.event import notify
security = ClassSecurityInfo()
security.declarePrivate('notifyCreated')
def notifyCreated(self, ob):
""" Notify all applicable workflows that an object has been created
and put in its new place.
The patch adds a single line that uses zope.event to notify of
the IInitialStateCreatedEvent event
"""
self._old_notifyCreated(ob)
notify(InitialStateCreatedEvent(ob))
}, )
if self.haveProxyRole():
icons = ({
'path': 'p_/PythonScript_ProxyRole_icon',
'alt': 'Proxy Roled Python Script',
'title': 'This script has proxy role.'
}, )
return icons
pyscript_proxyrole = ImageFile('pyscript_proxyrole.gif', globals())
#
# Add proxy role icon in ZMI
#
security.declarePrivate('haveProxyRole')
PythonScript.haveProxyRole = haveProxyRole
PythonScript.om_icons = om_icons
p_.PythonScript_ProxyRole_icon = pyscript_proxyrole
# Patch for displaying textearea in full window instead of
# remembering a quantity of lines to display in a cookie
manage_editForm = DTMLFile("pyScriptEdit", _dtmldir)
manage_editForm._setName('manage_editForm')
PythonScript.ZPythonScriptHTML_editForm = manage_editForm
PythonScript.manage_editForm = manage_editForm
PythonScript.manage = manage_editForm
PythonScript.manage_main = manage_editForm
PythonScript.manage_editDocument = manage_editForm
PythonScript.manage_editForm = manage_editForm
