def patch_security(): ModuleSecurityInfo('OFS.ObjectManager').setDefaultAccess(0) ModuleSecurityInfo('OFS.ObjectManager').declareObjectPrivate() ModuleSecurityInfo('OFS.ObjectManager').declarePublic('BeforeDeleteException') for m in BAD_IMPORTS: modsec = ModuleSecurityInfo(m) for a in BAD_IMPORTS[m]: modsec.declarePrivate(a)
from AccessControl import ClassSecurityInfo from AccessControl import ModuleSecurityInfo from AccessControl.SecurityInfo import ACCESS_PUBLIC from Acquisition import aq_base, aq_inner, aq_parent from ExtensionClass import ExtensionClass from App.class_init import InitializeClass from Products.CMFCore.utils import getToolByName from Products.Archetypes.log import log from Products.Archetypes.config import DEBUG_SECURITY from Products.statusmessages.interfaces import IStatusMessage from plone.uuid.interfaces import IUUIDGenerator security = ModuleSecurityInfo() security.declarePrivate('transaction') security.declarePrivate('ClassSecurityInfo') security.declarePrivate('InitializeClass') def make_uuid(*args): generator = getUtility(IUUIDGenerator) return generator() logger = logging.getLogger('Archetypes') def fixSchema(schema): """Fix persisted schema from AT < 1.3 (UserDict-based) to work with the new fixed order schema.""" from Products.Archetypes.Schema import Schemata
from plone.app.layout.navigation.navtree import NavtreeStrategyBase from plone.app.layout.navigation.root import getNavigationRoot from plone.i18n.normalizer.interfaces import IIDNormalizer from AccessControl import ModuleSecurityInfo from Acquisition import aq_inner from Products.CMFCore.utils import getToolByName from Products.CMFPlone import utils # Strategy objects for the navtree creation code. You can subclass these # to expand the default navtree behaviour, and pass instances of your # subclasses to buildFolderTree(). security = ModuleSecurityInfo() security.declarePrivate('plone') security.declarePrivate('utils') class NavtreeQueryBuilder(object): """Build a navtree query based on the settings in navtree_properties """ implements(INavigationQueryBuilder) def __init__(self, context): portal_properties = getToolByName(context, 'portal_properties') navtree_properties = getattr(portal_properties, 'navtree_properties') # Acquire a custom nav query if available customQuery = getattr(context, 'getCustomNavQuery', None) if customQuery is not None and utils.safe_callable(customQuery):
"""some common utilities """ import logging from time import time from types import UnicodeType, StringType STRING_TYPES = (UnicodeType, StringType) class MimeTypeException(Exception): pass # logging function logger = logging.getLogger('MimetypesRegistry') def log(msg, severity=logging.INFO, id='MimetypesRegistry'): logger.log(severity, msg) # directory where template for the ZMI are located import os.path _www = os.path.join(os.path.dirname(__file__), 'www') from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo() security.declarePrivate('logging') security.declarePrivate('os') security.declarePrivate('time')
import warnings import zope.interface try: from types import ClassType except ImportError: ClassType = type deprecated_import( "Import from Products.CMFPlone.defaultpage instead", isDefaultPage='Products.CMFPlone.defaultpage:check_default_page_via_view', getDefaultPage='Products.CMFPlone.defaultpage:get_default_page_via_view', ) security = ModuleSecurityInfo() security.declarePrivate('deprecated') security.declarePrivate('abspath') security.declarePrivate('re') security.declarePrivate('OFS') security.declarePrivate('aq_get') security.declarePrivate('package_home') security.declarePrivate('ImageFile') security.declarePrivate('CMFCoreToolInit') security.declarePrivate('transaction') security.declarePrivate('zope') # Canonical way to get at CMFPlone directory PACKAGE_HOME = package_home(globals()) security.declarePrivate('PACKAGE_HOME') WWW_DIR = join(PACKAGE_HOME, 'www') security.declarePrivate('WWW_DIR')
""" Make a tuple from 'value'. o Use 'valueName' to generate appropriate error messages. """ if type(value) == type(()): return value if type(value) == type([]): return tuple( value ) if type(value) == type(''): return tuple( value.split() ) raise ValueError, "%s of unsupported type" % valueName # # Security utilities, callable only from unrestricted code. # security.declarePrivate('_getAuthenticatedUser') def _getAuthenticatedUser( self ): return getSecurityManager().getUser() security.declarePrivate('_checkPermission') def _checkPermission(permission, obj, StringType = type('')): roles = rolesForPermissionOn(permission, obj) if type(roles) is StringType: roles=[roles] if _getAuthenticatedUser( obj ).allowed( obj, roles ): return 1 return 0 security.declarePrivate('_verifyActionPermissions') def _verifyActionPermissions(obj, action): pp = action.getPermissions()
from AccessControl import ModuleSecurityInfo from Acquisition import aq_get from Acquisition import aq_base, aq_inner, aq_parent from App.Common import package_home from App.ImageFile import ImageFile from DateTime import DateTime from DateTime.interfaces import DateTimeError from Products.CMFCore.interfaces import IPropertiesTool from Products.CMFCore.permissions import ManageUsers from Products.CMFCore.utils import ToolInit as CMFCoreToolInit from Products.CMFCore.utils import getToolByName import transaction security = ModuleSecurityInfo() security.declarePrivate('deprecated') security.declarePrivate('abspath') security.declarePrivate('re') security.declarePrivate('OFS') security.declarePrivate('aq_get') security.declarePrivate('package_home') security.declarePrivate('ImageFile') security.declarePrivate('CMFCoreToolInit') security.declarePrivate('transaction') security.declarePrivate('zope') # Canonical way to get at CMFPlone directory PACKAGE_HOME = package_home(globals()) security.declarePrivate('PACKAGE_HOME') WWW_DIR = join(PACKAGE_HOME, 'www')
SUBTEMPLATE = '__SUBTEMPLATE__' security = ModuleSecurityInfo( 'Products.CMFCore.utils' ) _globals = globals() _dtmldir = os_path.join( package_home( globals() ), 'dtml' ) _wwwdir = os_path.join( package_home( globals() ), 'www' ) # # Simple utility functions, callable from restricted code. # _marker = [] # Create a new marker object. _tool_interface_registry = {} security.declarePrivate('registerToolInterface') def registerToolInterface(tool_id, tool_interface): """ Register a tool ID for an interface This method can go away when getToolByName is going away (CMF 2.3). """ global _tool_interface_registry _tool_interface_registry[tool_id] = tool_interface security.declarePrivate('getToolInterface') def getToolInterface(tool_id): """ Get the interface registered for a tool ID """ global _tool_interface_registry return _tool_interface_registry.get(tool_id, None)
ps = getToolByName(self, 'portal_properties').cmfbibat_properties prop_name = '%s_%s' % (prefix, property) prop_name = ''.join([c for c in prop_name if c.lower() in string.letters + '_']) ps.manage_changeProperties(**{prop_name:value}) security.declareProtected(View, 'getSheetProperty') def getSheetProperty(self, prefix, property): """ return property from cmfbibat propertysheet """ ps = getToolByName(self, 'portal_properties').cmfbibat_properties prop_name = '%s_%s' % (prefix, property) prop_name = ''.join([c for c in prop_name if c.lower() in string.letters + '_']) return ps.getProperty(prop_name) security.declarePrivate('getEntryDict') def getEntryDict(self, bibref_item, instance=None, title_link=False, title_link_only_if_owner=False, ): """ transform a BiblioRef Object into python dictionary """ ref_attributes = ('publication_year', 'publication_month', 'publication_url', 'abstract', 'note', 'publisher', 'editor', 'editor_flag', 'organization', 'institution', 'school', 'address',
o Use 'valueName' to generate appropriate error messages. """ if isinstance(value, tuple): return value if isinstance(value, list): return tuple(value) if isinstance(value, basestring): return tuple(value.split()) raise ValueError, "%s of unsupported type" % valueName # # Security utilities, callable only from unrestricted code. # security.declarePrivate("_getAuthenticatedUser") def _getAuthenticatedUser(self): return getSecurityManager().getUser() security.declarePrivate("_checkPermission") def _checkPermission(permission, obj): return getSecurityManager().checkPermission(permission, obj) security.declarePrivate("_verifyActionPermissions")
# module level translation service translation_service = None # icon misc_ = { 'PlacelessTranslationService.png': ImageFile('www/PlacelessTranslationService.png', globals()), 'GettextMessageCatalog.png': ImageFile('www/GettextMessageCatalog.png', globals()), } # set product-wide attrs for importing security = ModuleSecurityInfo('Products.PlacelessTranslationService') allow_module('Products.PlacelessTranslationService') security.declarePrivate('os') security.declarePrivate('logging') security.declarePrivate('isdir') security.declarePrivate('deprecate') security.declarePrivate('Globals') security.declarePrivate('ImageFile') security.declarePrivate('pts_globals') security.declarePrivate('CACHE_PATH') security.declarePrivate('get_registered_packages') security.declarePrivate('ModuleSecurityInfo') security.declarePrivate('PTSWrapper') security.declarePrivate('get_products') security.declarePrivate('patches') security.declarePrivate('warnings') security.declarePrivate('misc_') security.declarePrivate('os')
prop_name = '%s_%s' % (prefix, property) prop_name = ''.join( [c for c in prop_name if c.lower() in string.letters + '_']) ps.manage_changeProperties(**{prop_name: value}) security.declareProtected(View, 'getSheetProperty') def getSheetProperty(self, prefix, property): """ return property from cmfbibat propertysheet """ ps = getToolByName(self, 'portal_properties').cmfbibat_properties prop_name = '%s_%s' % (prefix, property) prop_name = ''.join( [c for c in prop_name if c.lower() in string.letters + '_']) return ps.getProperty(prop_name) security.declarePrivate('getEntryDict') def getEntryDict( self, bibref_item, instance=None, title_link=False, title_link_only_if_owner=False, ): """ transform a BiblioRef Object into python dictionary """ ref_attributes = ( 'publication_year', 'publication_month', 'publication_url', 'abstract',
o Use 'valueName' to generate appropriate error messages. """ if isinstance(value, tuple): return value if isinstance(value, list): return tuple(value) if isinstance(value, basestring): return tuple(value.split()) raise ValueError, "%s of unsupported type" % valueName # # Security utilities, callable only from unrestricted code. # security.declarePrivate('_getAuthenticatedUser') def _getAuthenticatedUser(self): return getSecurityManager().getUser() security.declarePrivate('_checkPermission') def _checkPermission(permission, obj): return getSecurityManager().checkPermission(permission, obj) security.declarePrivate('_verifyActionPermissions')
from zope import i18n from zope.component import getUtility from zope.component import queryUtility from zope.i18n.interfaces import IUserPreferredCharsets from zope.i18nmessageid import MessageFactory from Products.CMFCore.interfaces import IPropertiesTool from Products.CMFDefault.interfaces import IHTMLScrubber from Products.CMFDefault.exceptions import EmailAddressInvalid from Products.CMFDefault.exceptions import IllegalHTML security = ModuleSecurityInfo('Products.CMFDefault.utils') security.declarePrivate('_dtmldir') _dtmldir = os.path.join(package_home(globals()), 'dtml') _wwwdir = os.path.join(package_home(globals()), 'www') security.declarePublic('formatRFC822Headers') def formatRFC822Headers(headers): """ Convert the key-value pairs in 'headers' to valid RFC822-style headers, including adding leading whitespace to elements which contain newlines in order to preserve continuation-line semantics. """ munged = [] linesplit = re.compile(r'[\n\r]+?') for key, value in headers:
############################################################################## """ Utility functions. $Id$ """ from sgmllib import SGMLParser import re import os from Globals import package_home from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo( 'Products.CMFDefault.utils' ) security.declarePrivate('_dtmldir') _dtmldir = os.path.join( package_home( globals() ), 'dtml' ) security.declarePublic('formatRFC822Headers') def formatRFC822Headers( headers ): """ Convert the key-value pairs in 'headers' to valid RFC822-style headers, including adding leading whitespace to elements which contain newlines in order to preserve continuation-line semantics. """ munged = [] linesplit = re.compile( r'[\n\r]+?' ) for key, value in headers: vallines = linesplit.split( value )
security.declarePublic( 'formatRFC822Headers' , 'parseHeadersBody' , 'semi_split' , 'comma_split' , 'seq_strip' , 'tuplize' , 'scrubHTML' , 'isHTMLSafe' , 'bodyfinder' , 'html_headcheck' ) security.declarePrivate( '_dtmldir' , '_bodyre' , '_endbodyre' , '_htfinder' ) _dtmldir = os.path.join( package_home( globals() ), 'dtml' ) def formatRFC822Headers( headers ): """ Convert the key-value pairs in 'headers' to valid RFC822-style headers, including adding leading whitespace to elements which contain newlines in order to preserve continuation-line semantics. """ munged = [] linesplit = re.compile( r'[\n\r]+?' ) for key, value in headers:
from AccessControl import ModuleSecurityInfo from AccessControl import Permissions from AccessControl.Permission import _registeredPermissions from AccessControl.Permission import pname from Globals import ApplicationDefaultPermissions import Products security = ModuleSecurityInfo('Products.PluggableAuthService.permissions') security.declarePublic('ManageUsers') ManageUsers = Permissions.manage_users security.declarePublic('ManageGroups') ManageGroups = "Manage Groups" security.declarePrivate('setDefaultRoles') def setDefaultRoles(permission, roles): """ Set the defaults roles for a permission. o XXX This ought to be in AccessControl.SecurityInfo. """ registered = _registeredPermissions if not registered.has_key(permission): registered[permission] = 1 Products.__ac_permissions__ = (Products.__ac_permissions__ + ((permission, (), roles), ))
SUBTEMPLATE = '__SUBTEMPLATE__' security = ModuleSecurityInfo('Products.CMFCore.utils') _globals = globals() _dtmldir = os_path.join(package_home(globals()), 'dtml') _wwwdir = os_path.join(package_home(globals()), 'www') # # Simple utility functions, callable from restricted code. # _marker = [] # Create a new marker object. _tool_interface_registry = {} security.declarePrivate('registerToolInterface') def registerToolInterface(tool_id, tool_interface): """ Register a tool ID for an interface This method can go away when getToolByName is going away (CMF 2.3). """ global _tool_interface_registry _tool_interface_registry[tool_id] = tool_interface security.declarePrivate('getToolInterface') def getToolInterface(tool_id):
security.declarePublic('ManageProperties') ManageProperties = Permissions.manage_properties security.declarePublic('ManageUsers') ManageUsers = Permissions.manage_users security.declarePublic('UndoChanges') UndoChanges = Permissions.undo_changes security.declarePublic('View') View = Permissions.view security.declarePublic('ViewManagementScreens') ViewManagementScreens = Permissions.view_management_screens security.declarePrivate('setDefaultRoles') def setDefaultRoles(permission, roles): ''' Sets the defaults roles for a permission. ''' # XXX This ought to be in AccessControl.SecurityInfo. registered = _registeredPermissions if not registered.has_key(permission): registered[permission] = 1 Products.__ac_permissions__=( Products.__ac_permissions__+((permission,(),roles),)) mangled = pname(permission) setattr(ApplicationDefaultPermissions, mangled, roles) # Note that we can only use the default Zope roles in calls to # setDefaultRoles(). The default Zope roles are:
from AccessControl import ModuleSecurityInfo from types import StringType from types import UnicodeType import logging import os.path STRING_TYPES = (UnicodeType, StringType) # directory where template for the ZMI are located _www = os.path.join(os.path.dirname(__file__), 'www') security = ModuleSecurityInfo() security.declarePrivate('logging') security.declarePrivate('os') security.declarePrivate('time') logger = logging.getLogger('MimetypesRegistry') def log(msg, severity=logging.INFO, id='MimetypesRegistry'): logger.log(severity, msg) class MimeTypeException(Exception): pass