def initialize(context): context.registerClass( BrowserIdManager.BrowserIdManager, icon="www/idmgr.gif", permission=BrowserIdManager.ADD_BROWSER_ID_MANAGER_PERM, constructors=(BrowserIdManager.constructBrowserIdManagerForm, BrowserIdManager.constructBrowserIdManager) ) context.registerClass( SessionDataManager.SessionDataManager, icon='www/datamgr.gif', permission=SessionDataManager.ADD_SESSION_DATAMANAGER_PERM, constructors=(SessionDataManager.constructSessionDataManagerForm, SessionDataManager.constructSessionDataManager) ) context.registerHelp() context.registerHelpTitle("Zope Help") # do module security declarations so folks can use some of the # module-level stuff in PythonScripts # # declare on behalf of Transience too, since ModuleSecurityInfo is too # stupid for me to declare in two places without overwriting one set # with the other. :-( from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products') security.declarePublic('Sessions') security.declarePublic('Transience') security = ModuleSecurityInfo('Products.Sessions') security.declarePublic('BrowserIdManagerErr') security.declarePublic('SessionDataManagerErr') security = ModuleSecurityInfo('Products.Transience') security.declarePublic('MaxTransientObjectsExceeded')
def initialize(context): context.registerClass( BrowserIdManager.BrowserIdManager, icon="www/idmgr.gif", permission=BrowserIdManager.ADD_BROWSER_ID_MANAGER_PERM, constructors=(BrowserIdManager.constructBrowserIdManagerForm, BrowserIdManager.constructBrowserIdManager)) context.registerClass( SessionDataManager.SessionDataManager, icon='www/datamgr.gif', permission=SessionDataManager.ADD_SESSION_DATAMANAGER_PERM, constructors=(SessionDataManager.constructSessionDataManagerForm, SessionDataManager.constructSessionDataManager)) context.registerHelp() context.registerHelpTitle("Zope Help") # do module security declarations so folks can use some of the # module-level stuff in PythonScripts # # declare on behalf of Transience too, since ModuleSecurityInfo is too # stupid for me to declare in two places without overwriting one set # with the other. :-( from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products') security.declarePublic('Sessions') security.declarePublic('Transience') security = ModuleSecurityInfo('Products.Sessions') security.declarePublic('BrowserIdManagerErr') security.declarePublic('SessionDataManagerErr') security = ModuleSecurityInfo('Products.Transience') security.declarePublic('MaxTransientObjectsExceeded')
def initialize(context): from . import BrowserIdManager from . import SessionDataManager context.registerClass( BrowserIdManager.BrowserIdManager, permission=BrowserIdManager.ADD_BROWSER_ID_MANAGER_PERM, constructors=(BrowserIdManager.constructBrowserIdManagerForm, BrowserIdManager.constructBrowserIdManager)) context.registerClass( SessionDataManager.SessionDataManager, permission=SessionDataManager.ADD_SESSION_DATAMANAGER_PERM, constructors=(SessionDataManager.constructSessionDataManagerForm, SessionDataManager.constructSessionDataManager)) # do module security declarations so folks can use some of the # module-level stuff in PythonScripts # # declare on behalf of Transience too, since ModuleSecurityInfo is too # stupid for me to declare in two places without overwriting one set # with the other. :-( from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products') security.declarePublic('Sessions') # NOQA: flake8: D001 security.declarePublic('Transience') # NOQA: flake8: D001 security = ModuleSecurityInfo('Products.Sessions.interfaces') security.declareObjectPublic() security.setDefaultAccess('allow') security = ModuleSecurityInfo('Products.Transience') security.declarePublic('MaxTransientObjectsExceeded') # NOQA: flake8: D001 # BBB: for names which should be imported from Products.Sessions.interfaces security = ModuleSecurityInfo('Products.Sessions') security.declarePublic('BrowserIdManagerErr') # NOQA: flake8: D001 security.declarePublic('SessionDataManagerErr') # NOQA: flake8: D001 app = context.getApplication() # new API added in Zope 4.0b5 if app is not None: install_browser_id_manager(app) install_session_data_manager(app)
def initialize(context): import BrowserIdManager import SessionDataManager context.registerClass( BrowserIdManager.BrowserIdManager, permission=BrowserIdManager.ADD_BROWSER_ID_MANAGER_PERM, constructors=(BrowserIdManager.constructBrowserIdManagerForm, BrowserIdManager.constructBrowserIdManager)) context.registerClass( SessionDataManager.SessionDataManager, permission=SessionDataManager.ADD_SESSION_DATAMANAGER_PERM, constructors=(SessionDataManager.constructSessionDataManagerForm, SessionDataManager.constructSessionDataManager)) # do module security declarations so folks can use some of the # module-level stuff in PythonScripts # # declare on behalf of Transience too, since ModuleSecurityInfo is too # stupid for me to declare in two places without overwriting one set # with the other. :-( from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products') security.declarePublic('Sessions') security.declarePublic('Transience') security = ModuleSecurityInfo('Products.Sessions.interfaces') security.declareObjectPublic() security.setDefaultAccess('allow') security = ModuleSecurityInfo('Products.Transience') security.declarePublic('MaxTransientObjectsExceeded') #BBB for names which should be imported from Products.Sessions.interfaces security = ModuleSecurityInfo('Products.Sessions') security.declarePublic('BrowserIdManagerErr') security.declarePublic('SessionDataManagerErr')
def initialize(context): from Products.IMU import IMUResearch, IMUSeminar, IMUPublication, IMUConsulting security = ModuleSecurityInfo( 'Products.IMU.utils' ) security.declareObjectPublic() security.declarePublic('uploadProjectsFromFile') security.declarePublic('getProjects') security.declarePublic('checkProjectId') contentClasses = ( IMUResearch.IMUResearch, IMUSeminar.IMUSeminar, IMUPublication.IMUPublication, IMUConsulting.IMUConsulting ) contentConstructors = ( IMUResearch.addResearch, IMUSeminar.addSeminar, IMUPublication.addPublication, IMUConsulting.addConsulting ) ftis = ( IMUResearch.factory_type_information, IMUSeminar.factory_type_information, IMUPublication.factory_type_information, IMUConsulting.factory_type_information ) this_module = sys.modules[ __name__ ] bases = contentClasses z_bases = utils.initializeBasesPhase1(bases, this_module) utils.initializeBasesPhase2( z_bases, context ) utils.ContentInit( 'IMU Content' , content_types=contentClasses , permission=ADD_CONTENT_PERMISSION , extra_constructors=contentConstructors , fti=ftis ).initialize( context )
from Products.ERP5 import _dtmldir from mimetypes import guess_type from email.mime.multipart import MIMEMultipart from email.mime.text import MIMEText from email.mime.base import MIMEBase from email.mime.audio import MIMEAudio from email.mime.image import MIMEImage from email.header import make_header from email import encoders class ConversionError(Exception): pass class MimeTypeException(Exception): pass security = ModuleSecurityInfo('Products.ERP5.Tool.NotificationTool') security.declarePublic('buildEmailMessage',) def buildAttachmentDictList(document_list, document_type_list=()): """return a list of dictionary which will be used by buildEmailMessage""" attachment_list = [] for attachment in document_list: mime_type = None content = None name = None if not attachment.getPortalType() in document_type_list: mime_type = 'application/pdf' content = attachment.asPDF() # XXX - Not implemented yet else: # # Document type attachment #
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE # ############################################################################## """ CMFCalendar product permissions $Id$ """ from AccessControl import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles security = ModuleSecurityInfo('Products.CMFCalendar.permissions') security.declarePublic('AddEvents') AddEvents = 'Add portal events' setDefaultRoles(AddEvents, ('Manager', 'Owner', 'Member')) security.declarePublic('ChangeEvents') ChangeEvents = 'Change portal events' setDefaultRoles(ChangeEvents, ('Manager', 'Owner',)) security.declarePublic('AddPortalContent') from Products.CMFCore.permissions import AddPortalContent security.declarePublic('ManagePortal') from Products.CMFCore.permissions import ManagePortal security.declarePublic('View') from Products.CMFCore.permissions import View
from Products.ERP5 import _dtmldir from mimetypes import guess_type from email.mime.multipart import MIMEMultipart from email.mime.text import MIMEText from email.mime.base import MIMEBase from email.mime.audio import MIMEAudio from email.mime.image import MIMEImage from email.header import make_header from email import encoders class ConversionError(Exception): pass class MimeTypeException(Exception): pass security = ModuleSecurityInfo('Products.ERP5.Tool.NotificationTool') security.declarePublic('buildEmailMessage',) def buildAttachmentDictList(document_list, document_type_list=()): """return a list of dictionary which will be used by buildEmailMessage""" attachment_list = [] for attachment in document_list: mime_type = None content = None name = None if not attachment.getPortalType() in document_type_list: mime_type = 'application/pdf' content = attachment.asPDF() # XXX - Not implemented yet else: # # Document type attachment #
############################################################################## """Python Scripts standard utility module This module provides helpful functions and classes for use in Python Scripts. It can be accessed from Python with the statement "import Products.PythonScripts.standard" """ __version__ = '$Revision: 1.14 $'[11:-2] from AccessControl import ModuleSecurityInfo, getSecurityManager security = ModuleSecurityInfo() security.declarePublic('special_formats', 'whole_dollars', 'dollars_and_cents', 'structured_text', 'restructured_text', 'sql_quote', 'html_quote', 'url_quote', 'url_quote_plus', 'newline_to_br', 'thousands_commas', 'url_unquote', 'url_unquote_plus', 'urlencode') from DocumentTemplate.DT_Var import special_formats, \ whole_dollars, dollars_and_cents, structured_text, sql_quote, \ html_quote, url_quote, url_quote_plus, newline_to_br, thousands_commas, \ url_unquote, url_unquote_plus, restructured_text from urllib import urlencode from Globals import HTML from AccessControl.DTML import RestrictedDTML security.declarePublic('DTML') class DTML(RestrictedDTML, HTML):
from Products.CMFCore.permissions import setDefaultRoles from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo("plone.app.workflow.permissions") # Controls access to the "sharing" page security.declarePublic("DelegateRoles") DelegateRoles = "Sharing page: Delegate roles" setDefaultRoles(DelegateRoles, ( 'Manager', 'Site Administrator', 'Owner', 'Editor', 'Reviewer', )) # Control the individual roles security.declarePublic("DelegateReaderRole") DelegateReaderRole = "Sharing page: Delegate Reader role" setDefaultRoles( DelegateReaderRole, ('Manager', 'Site Administrator', 'Owner', 'Editor', 'Reviewer')) security.declarePublic("DelegateEditorRole") DelegateEditorRole = "Sharing page: Delegate Editor role" setDefaultRoles(DelegateEditorRole, ('Manager', 'Site Administrator', 'Owner', 'Editor')) security.declarePublic("DelegateContributorRole") DelegateContributorRole = "Sharing page: Delegate Contributor role" setDefaultRoles(DelegateContributorRole, (
from thread import allocate_lock from webdav.common import rfc1123_date from exceptions import AccessControl_Unauthorized from exceptions import NotFound security = ModuleSecurityInfo('Products.CMFCore.utils') _dtmldir = os_path.join(package_home(globals()), 'dtml') _wwwdir = os_path.join(package_home(globals()), 'www') # # Simple utility functions, callable from restricted code. # _marker = [] # Create a new marker object. security.declarePublic('getToolByName') def getToolByName(obj, name, default=_marker): """ Get the tool, 'toolname', by acquiring it. o Application code should use this method, rather than simply acquiring the tool by name, to ease forward migration (e.g., to Zope3). """ try: tool = aq_get(obj, name, default, 1) except AttributeError: if default is _marker: raise return default
# -*- coding: utf-8 -*- # Copyright (c) 2002-2013 Infrae. All rights reserved. # See also LICENSE.txt # from AccessControl import ModuleSecurityInfo import zope.deferredimport module_security = ModuleSecurityInfo('silva.app.news.codesources.inline') module_security.declarePublic('get_items') zope.deferredimport.deprecated( 'Please refresh your News viewer code source', get_items='silva.app.news.codesources.api:get_items')
############################################################################## # # Copyright (c) 2003 Zope Corporation and Contributors. All Rights Reserved. # # This software is subject to the provisions of the Zope Public License, # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """ CMFActionIcons product permissions. $Id: permissions.py 36457 2004-08-12 15:07:44Z jens $ """ from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFActionIcons.permissions') security.declarePublic('ManagePortal') from Products.CMFCore.permissions import ManagePortal security.declarePublic('View') from Products.CMFCore.permissions import View
# Avoid hard dependency on Plone (4.0) get_member_by_login_name = None from Products.PasswordResetTool import django_random from interfaces.portal_password_reset import portal_password_reset as IPWResetTool import datetime import time import socket from DateTime import DateTime from zope.component import getUtility from zope.interface import implements module_security = ModuleSecurityInfo('Products.PasswordResetTool.PasswordResetTool') module_security.declarePublic('InvalidRequestError') class InvalidRequestError(Exception): def __init__(self, value=''): self.value = value def __str__(self): return repr(self.value) module_security.declarePublic('ExpiredRequestError') class ExpiredRequestError(Exception): def __init__(self, value=''): self.value = value
# coding=utf-8 from AccessControl import ModuleSecurityInfo from AccessControl import allow_class groupmembership_security = ModuleSecurityInfo( 'Products.GSGroupMember.groupmembership') groupmembership_security.declarePublic('get_group_users') groupmembership_security.declarePublic('get_unverified_group_users') groupmembership_security.declarePublic('join_group') groupmembership_security.declarePublic('user_member_of_group')
from Products.ZWiki.Utils import BLATHER, html_quote, html_unquote, formattedTraceback, \ ZOPEVERSION #XXX avoid import loop #from Products.ZWiki.plugins.purplenumbers import add_purple_numbers_to from Products.ZWiki.Regexps import dtmlorsgmlexpr, footnoteexpr from Products.ZWiki.i18n import _ # XXX temporary hack, used for placing subtopics in the page. Supposed to # be secret, invisible, and never encountered by users. Ha! MIDSECTIONMARKER = 'ZWIKIMIDSECTION' # XXX trying to make these public for editform from AccessControl import ModuleSecurityInfo modulesecurity = ModuleSecurityInfo() modulesecurity.declarePublic('yes') modulesecurity.declarePublic('no') def yes(self): """public""" return 1 def no(self): """public""" return 0 modulesecurity.apply(globals())
# coding=utf-8 from AccessControl import ModuleSecurityInfo from AccessControl import allow_class moduleSecurity = ModuleSecurityInfo('Products.GSSiteMenu.sitemenu') moduleSecurity.declarePublic('SiteMenuItem') moduleSecurity.declarePublic('SiteMenu') from sitemenu import FolderMenuItem, SimpleMenuItem, SimpleBrowserMenuItem, SiteMenu allow_class(FolderMenuItem) allow_class(SimpleMenuItem) allow_class(SimpleBrowserMenuItem) allow_class(SiteMenu)
from OFS.ObjectManager import UNIQUE except ImportError: UNIQUE = 2 import StructuredText from StructuredText.HTMLWithImages import HTMLWithImages _STXDWI = StructuredText.DocumentWithImages.__class__ security = ModuleSecurityInfo( 'Products.CMFCore.utils' ) security.declarePublic( 'getToolByName' , 'cookString' , 'tuplize' , 'format_stx' , 'keywordsplitter' , 'normalize' , 'expandpath' , 'minimalpath' ) security.declarePrivate( '_getAuthenticatedUser' , '_checkPermission' , '_verifyActionPermissions' , '_getViewFor' , '_limitGrantedRoles' , '_mergedLocalRoles' , '_modifyPermissionMappings' , '_ac_inherited_permissions' )
from AccessControl import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles security = ModuleSecurityInfo('pcommerce.core.config') security.declarePublic('AddProduct') AddProduct = 'PCommerce: Add Product' setDefaultRoles(AddProduct, ( 'Manager', 'Contributer', 'Owner', )) security.declarePublic('AddVariation') AddVariation = 'PCommerce: Add Variation' setDefaultRoles(AddVariation, ( 'Manager', 'Contributer', 'Owner', )) security.declarePublic('AddImage') AddVariation = 'PCommerce: Add Image' setDefaultRoles(AddVariation, ( 'Manager', 'Contributer', 'Owner', )) security.declarePublic('AddPrice') AddPrice = 'PCommerce: Add Price'
""" CMFDefault product permissions $Id: permissions.py 36693 2004-12-04 21:10:32Z jens $ """ from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFDefault.permissions') security.declarePublic('AccessContentsInformation') from Products.CMFCore.permissions import AccessContentsInformation security.declarePublic('AddPortalContent') from Products.CMFCore.permissions import AddPortalContent security.declarePublic('AddPortalFolders') from Products.CMFCore.permissions import AddPortalFolders security.declarePublic('AddPortalMember') from Products.CMFCore.permissions import AddPortalMember security.declarePublic('DeleteObjects') from Products.CMFCore.permissions import DeleteObjects security.declarePublic('FTPAccess') from Products.CMFCore.permissions import FTPAccess security.declarePublic('ListFolderContents') from Products.CMFCore.permissions import ListFolderContents security.declarePublic('ListPortalMembers') from Products.CMFCore.permissions import ListPortalMembers
""" from sgmllib import SGMLParser import re import os from Globals import package_home from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo( 'Products.CMFDefault.utils' ) security.declarePublic( 'formatRFC822Headers' , 'parseHeadersBody' , 'semi_split' , 'comma_split' , 'seq_strip' , 'tuplize' , 'scrubHTML' , 'isHTMLSafe' , 'bodyfinder' , 'html_headcheck' ) security.declarePrivate( '_dtmldir' , '_bodyre' , '_endbodyre' , '_htfinder' ) _dtmldir = os.path.join( package_home( globals() ), 'dtml' ) def formatRFC822Headers( headers ):
from AccessControl import allow_class, ModuleSecurityInfo, ClassSecurityInfo from AccessControl.class_init import InitializeClass from Products.PythonScripts.Utility import allow_module from zope.security.checker import defineChecker, CheckerPublic, NamesChecker allow_module("plone.subrequest") # Whitelist plone.api allow_module('plone.api.portal') portal = ModuleSecurityInfo('plone.api.portal') portal.declarePublic('get_tool') # zope transcation stuff ModuleSecurityInfo("transaction").declarePublic("savepoint") # Basic ZODB stuff import persistent.list import persistent.dict defineChecker(persistent.list, NamesChecker(['PersistentList'])) defineChecker(persistent.dict, NamesChecker(['PersistentDict'])) dict_checker = NamesChecker(['__call__','__init__','__getitem__', '__len__', '__iter__', 'get', 'has_key', 'copy', '__str__', 'keys', 'values', 'items', 'iterkeys', 'iteritems', 'itervalues', '__contains__']) persistent.dict.PersistentDict.__Security_checker__ = dict_checker list_checker = NamesChecker(['__call__','__init__','__getitem__', '__getslice__', '__len__', '__iter__', '__contains__', 'index', 'count', '__str__', '__add__', '__radd__','__setitem__' ]) persistent.list.PersistentList.__Security_checker__ = list_checker
$Id: exceptions.py 110577 2010-04-07 06:33:17Z jens $ """ from AccessControl import ModuleSecurityInfo from AccessControl import Unauthorized as AccessControl_Unauthorized from OFS.CopySupport import CopyError from webdav.Lockable import ResourceLockedError from zExceptions import BadRequest from zExceptions import NotFound from zExceptions import Unauthorized as zExceptions_Unauthorized security = ModuleSecurityInfo('Products.CMFCore.exceptions') # Use AccessControl_Unauthorized to raise Unauthorized errors and # zExceptions_Unauthorized to catch them all. security.declarePublic('AccessControl_Unauthorized') security.declarePublic('BadRequest') security.declarePublic('CopyError') security.declarePublic('NotFound') security.declarePublic('ResourceLockedError') security.declarePublic('zExceptions_Unauthorized') security.declarePublic('SkinPathError') class SkinPathError(Exception): """ Invalid skin path error. """
$Id$ """ from sgmllib import SGMLParser import re import os from Globals import package_home from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo( 'Products.CMFDefault.utils' ) security.declarePrivate('_dtmldir') _dtmldir = os.path.join( package_home( globals() ), 'dtml' ) security.declarePublic('formatRFC822Headers') def formatRFC822Headers( headers ): """ Convert the key-value pairs in 'headers' to valid RFC822-style headers, including adding leading whitespace to elements which contain newlines in order to preserve continuation-line semantics. """ munged = [] linesplit = re.compile( r'[\n\r]+?' ) for key, value in headers: vallines = linesplit.split( value ) munged.append( '%s: %s' % ( key, '\r\n '.join( vallines ) ) ) return '\r\n'.join( munged )
############################################################################## """ CMFDefault product exceptions. $Id$ """ from zope.schema import ValidationError from zope.i18nmessageid import MessageFactory _ = MessageFactory('cmf_default') from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFDefault.exceptions') security.declarePublic('AccessControl_Unauthorized') from Products.CMFCore.exceptions import AccessControl_Unauthorized security.declarePublic('BadRequest') from Products.CMFCore.exceptions import BadRequest security.declarePublic('CopyError') from Products.CMFCore.exceptions import CopyError security.declarePublic('ResourceLockedError') from Products.CMFCore.exceptions import ResourceLockedError security.declarePublic('WorkflowException') from Products.CMFCore.WorkflowCore import WorkflowException security.declarePublic('zExceptions_Unauthorized')
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """ Permissions used throughout CMFTopic. $Id$ """ from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFTopic.permissions') from Products.CMFCore.permissions import setDefaultRoles security.declarePublic('AddTopics') AddTopics = 'Add portal topics' setDefaultRoles(AddTopics, ('Manager', )) security.declarePublic('ChangeTopics') ChangeTopics = 'Change portal topics' setDefaultRoles(ChangeTopics, ( 'Manager', 'Owner', )) security.declarePublic('AccessContentsInformation') from Products.CMFCore.permissions import AccessContentsInformation security.declarePublic('ListFolderContents') from Products.CMFCore.permissions import ListFolderContents
""" CMFWorkspace product permissions $Id$ """ from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFWorkspace.permissions') security.declarePublic('AddPortalFolders') try: from Products.CMFCore.permissions import AddPortalFolders except ImportError: from Products.CMFCore.CMFCorePermissions import AddPortalFolders security.declarePublic('ManagePortal') try: from Products.CMFCore.permissions import ManagePortal except ImportError: from Products.CMFCore.CMFCorePermissions import ManagePortal security.declarePublic('View') try: from Products.CMFCore.permissions import View except ImportError: from Products.CMFCore.CMFCorePermissions import View security.declarePublic('ManageWorkspaces') ManageWorkspaces = 'Manage Workspaces'
# The following code lifted from Products.CMFCore for portability from AccessControl import ModuleSecurityInfo from Acquisition import aq_get from Acquisition import aq_parent from Acquisition.interfaces import IAcquirer from zope.component import getUtility from zope.component.interfaces import ComponentLookupError security = ModuleSecurityInfo('alm.solrindex.utils') _marker = [] # Create a new marker object. _tool_interface_registry = {} security.declarePublic('getToolByName') def getToolByName(obj, name, default=_marker): """ Get the tool, 'toolname', by acquiring it. o Application code should use this method, rather than simply acquiring the tool by name, to ease forward migration (e.g., to Zope3). """ tool_interface = _tool_interface_registry.get(name) if tool_interface is not None: try: utility = getUtility(tool_interface) # Site managers, except for five.localsitemanager, return unwrapped # utilities. If the result is something which is acquisition-unaware # but unwrapped we wrap it on the context. if IAcquirer.providedBy(obj) and \
# Helpers for cs_youtube ... import urlparse from AccessControl import ModuleSecurityInfo module_security = ModuleSecurityInfo( 'Products.SilvaExternalSources.codesources.youtube') # correct urls have a path which start with '/v/' and youtube netloc # urls have which have a path that starts with '/watch' or with '/embed' # need to get formatted, invalid urls have a path different than that module_security.declarePublic('validate_youtube_url') def validate_youtube_url(value, REQUEST=None): """Validate that a url can be used as a youtube URL. >>> validate_youtube_url("http://www.youtube.com/watch?v=4T1BITS4Hz0&feature=g-all-u") True >>> validate_youtube_url("http://www.youtube.com/v/4T1BITS4Hz0") True >>> validate_youtube_url("http://youtube.com/v/4T1BITS4Hz0") True >>> validate_youtube_url("http://www.youtube.com/embed/fwUHKgVc2zc") True >>> validate_youtube_url("http://www.youtube.com/v/4T1BITS4Hz0?version=3&hl=nl_NL") True >>> validate_youtube_url("http://youtu.be/Lh6QPg5BGsE") True
import PortalObject, PortalContent, PortalFolder import MembershipTool, WorkflowTool, CatalogTool, DiscussionTool import ActionsTool, UndoTool, RegistrationTool, SkinsTool import MemberDataTool, TypesTool import DirectoryView, FSImage, FSPropertiesObject import FSDTMLMethod, FSPythonScript, FSSTXMethod import FSZSQLMethod import CookieCrumbler import ContentTypeRegistry import CachingPolicyManager import utils from AccessControl import ModuleSecurityInfo prod_security = ModuleSecurityInfo( 'Products' ) prod_security.declarePublic( 'CMFCore' ) security = ModuleSecurityInfo( 'Products.CMFCore' ) security.declarePublic( 'utils' ) try: import FSPageTemplate except ImportError: HAS_PAGE_TEMPLATES = 0 else: HAS_PAGE_TEMPLATES = 1 ADD_FOLDERS_PERMISSION = 'Add portal folders' bases = (
# FOR A PARTICULAR PURPOSE. # ############################################################################## """ CMFDefault product exceptions. $Id$ """ from zope.schema import ValidationError from zope.i18nmessageid import MessageFactory _ = MessageFactory('cmf_default') from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFDefault.exceptions') security.declarePublic('AccessControl_Unauthorized') from Products.CMFCore.exceptions import AccessControl_Unauthorized security.declarePublic('BadRequest') from Products.CMFCore.exceptions import BadRequest security.declarePublic('CopyError') from Products.CMFCore.exceptions import CopyError security.declarePublic('ResourceLockedError') from Products.CMFCore.exceptions import ResourceLockedError security.declarePublic('WorkflowException') from Products.CMFCore.WorkflowCore import WorkflowException security.declarePublic('zExceptions_Unauthorized')
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """ CMFCalendar product permissions """ from AccessControl import ModuleSecurityInfo from AccessControl.Permission import addPermission security = ModuleSecurityInfo('Products.CMFCalendar.permissions') security.declarePublic('AddEvents') AddEvents = 'Add portal events' addPermission(AddEvents, ('Manager', 'Owner', 'Member')) security.declarePublic('ChangeEvents') ChangeEvents = 'Change portal events' addPermission(ChangeEvents, ( 'Manager', 'Owner', )) security.declarePublic('AddPortalContent') from Products.CMFCore.permissions import AddPortalContent security.declarePublic('ManagePortal') from Products.CMFCore.permissions import ManagePortal
from AccessControl import ModuleSecurityInfo from AccessControl import Unauthorized as AccessControl_Unauthorized from OFS.CopySupport import CopyError from zExceptions import BadRequest from zExceptions import NotFound from zExceptions import Unauthorized as zExceptions_Unauthorized try: from zExceptions import ResourceLockedError except ImportError: from webdav.Lockable import ResourceLockedError security = ModuleSecurityInfo('Products.CMFCore.exceptions') # Use AccessControl_Unauthorized to raise Unauthorized errors and # zExceptions_Unauthorized to catch them all. security.declarePublic('AccessControl_Unauthorized') security.declarePublic('BadRequest') security.declarePublic('CopyError') security.declarePublic('NotFound') @security.public class SkinPathError(Exception): """ Invalid skin path error. """ pass
from cgi import escape from sgmllib import SGMLParser from AccessControl import ModuleSecurityInfo from Globals import package_home from ZTUtils.Zope import complex_marshal from exceptions import IllegalHTML security = ModuleSecurityInfo('Products.CMFDefault.utils') security.declarePrivate('_dtmldir') _dtmldir = os.path.join(package_home(globals()), 'dtml') _wwwdir = os.path.join(package_home(globals()), 'www') security.declarePublic('formatRFC822Headers') def formatRFC822Headers(headers): """ Convert the key-value pairs in 'headers' to valid RFC822-style headers, including adding leading whitespace to elements which contain newlines in order to preserve continuation-line semantics. """ munged = [] linesplit = re.compile(r'[\n\r]+?') for key, value in headers: vallines = linesplit.split(value) while vallines: if vallines[-1].rstrip() == '':
from zope.event import notify from AccessControl import ModuleSecurityInfo from Products.CMFCore.WorkflowCore import ActionSucceededEvent def notifyActionSucceeded(state_change): """Called from workflow after scripts.""" notify(ActionSucceededEvent(state_change.object, state_change.workflow, state_change.transition.getId(), None)) # Allow from Python scripts security = ModuleSecurityInfo('intranett.policy.workflow') security.declarePublic('notifyActionSucceeded')
""" import Products from AccessControl import ModuleSecurityInfo from AccessControl import Permissions from AccessControl.Permission import _registeredPermissions from AccessControl.Permission import pname from Globals import ApplicationDefaultPermissions security = ModuleSecurityInfo('Products.CMFCore.permissions') # # General Zope permissions # security.declarePublic('AccessContentsInformation') AccessContentsInformation = Permissions.access_contents_information security.declarePublic('ChangePermissions') ChangePermissions = Permissions.change_permissions security.declarePublic('DeleteObjects') DeleteObjects = Permissions.delete_objects security.declarePublic('FTPAccess') FTPAccess = Permissions.ftp_access security.declarePublic('ManageProperties') ManageProperties = Permissions.manage_properties security.declarePublic('ManageUsers')
from AccessControl import ModuleSecurityInfo from AccessControl.Permission import addPermission security = ModuleSecurityInfo('cnm.website.permissions') security.declarePublic('DeleteThisObject') DeleteThisObject = 'CNM: Delete this object' addPermission(DeleteThisObject, default_roles=('Manager', 'Owner'))
# ############################################################################## """ Product-specifict permissions. $Id$ """ from AccessControl import ModuleSecurityInfo from AccessControl import Permissions from AccessControl.Permission import _registeredPermissions from AccessControl.Permission import pname from Globals import ApplicationDefaultPermissions import Products security = ModuleSecurityInfo( 'Products.PluggableAuthService.permissions' ) security.declarePublic( 'ManageUsers' ) ManageUsers = Permissions.manage_users security.declarePublic( 'ManageGroups' ) ManageGroups = "Manage Groups" security.declarePrivate( 'setDefaultRoles' ) def setDefaultRoles( permission, roles ): """ Set the defaults roles for a permission. o XXX This ought to be in AccessControl.SecurityInfo. """ registered = _registeredPermissions if not registered.has_key( permission ):
from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFStaging.permissions') security.declarePublic('ManagePortal') security.declarePublic('ModifyPortalContent') try: from Products.CMFCore.permissions import ManagePortal from Products.CMFCore.permissions import ModifyPortalContent except ImportError: from Products.CMFCore.CMFCorePermissions import ManagePortal from Products.CMFCore.CMFCorePermissions import ModifyPortalContent security.declarePublic('StageObjects') StageObjects = 'Use version control' security.declarePublic('UseVersionControl') UseVersionControl = 'Use version control' security.declarePublic('LockObjects') LockObjects = 'WebDAV Lock items' security.declarePublic('UnlockObjects') UnlockObjects = 'WebDAV Unlock items'
# -*- coding: utf-8 -*- # Copyright (c) 2012-2013 Infrae. All rights reserved. # See also LICENSE.txt from random import choice from AccessControl import ModuleSecurityInfo module_security = ModuleSecurityInfo( 'Products.SilvaExternalSources.codesources.make_HTML_token') chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz-0123456789' length = 12 module_security.declarePublic('make_token') def make_token(): return ''.join(choice(chars) for x in xrange(length))
except ImportError: UNIQUE = 2 from Products.PageTemplates.Expressions import getEngine from Products.PageTemplates.Expressions import SecureModuleImporter security = ModuleSecurityInfo( 'Products.CMFCore.utils' ) _dtmldir = os_path.join( package_home( globals() ), 'dtml' ) # # Simple utility functions, callable from restricted code. # _marker = [] # Create a new marker object. security.declarePublic('getToolByName') def getToolByName(obj, name, default=_marker): """ Get the tool, 'toolname', by acquiring it. o Application code should use this method, rather than simply acquiring the tool by name, to ease forward migration (e.g., to Zope3). """ try: tool = aq_get(obj, name, default, 1) except AttributeError: if default is _marker: raise return default else:
from zope.i18n.interfaces import IUserPreferredCharsets from zope.i18nmessageid import MessageFactory from Products.CMFCore.interfaces import IPropertiesTool from Products.CMFDefault.interfaces import IHTMLScrubber from Products.CMFDefault.exceptions import EmailAddressInvalid from Products.CMFDefault.exceptions import IllegalHTML security = ModuleSecurityInfo('Products.CMFDefault.utils') security.declarePrivate('_dtmldir') _dtmldir = os.path.join(package_home(globals()), 'dtml') _wwwdir = os.path.join(package_home(globals()), 'www') security.declarePublic('formatRFC822Headers') def formatRFC822Headers(headers): """ Convert the key-value pairs in 'headers' to valid RFC822-style headers, including adding leading whitespace to elements which contain newlines in order to preserve continuation-line semantics. """ munged = [] linesplit = re.compile(r'[\n\r]+?') for key, value in headers: vallines = linesplit.split(value) while vallines: if vallines[-1].rstrip() == '':
# ############################################################################## """ Product-specifict permissions. $Id$ """ from AccessControl import ModuleSecurityInfo from AccessControl import Permissions from AccessControl.Permission import _registeredPermissions from AccessControl.Permission import pname from Globals import ApplicationDefaultPermissions import Products security = ModuleSecurityInfo('Products.PluggableAuthService.permissions') security.declarePublic('ManageUsers') ManageUsers = Permissions.manage_users security.declarePublic('ManageGroups') ManageGroups = "Manage Groups" security.declarePrivate('setDefaultRoles') def setDefaultRoles(permission, roles): """ Set the defaults roles for a permission. o XXX This ought to be in AccessControl.SecurityInfo. """ registered = _registeredPermissions
# -*- coding: utf-8 -*- from Products.CMFCore.permissions import setDefaultRoles from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo("collective.dancefloor") PROJECTNAME = 'collective.dancefloor' #permission to manage local newsletters security.declarePublic("DelegateLocalNewsletterManager") DelegateLocalNewsletterManager = "Sharing page: delegate Local Newsletter Manager role" setDefaultRoles(DelegateLocalNewsletterManager, ()) #permission to manage local newsletters security.declarePublic("ManageLocalNewsletter") ManageLocalNewsletter = "collective.dancefloor: Manage Local Newsletters" setDefaultRoles(ManageLocalNewsletter, ('Manager', ))
# Contributors. All Rights Reserved. # # This software is subject to the provisions of the Zope Public License, # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## from AccessControl import ModuleSecurityInfo from AccessControl import allow_class xwfutils_security = ModuleSecurityInfo('Products.XWFCore.XWFUtils') xwfutils_security.declarePublic('convertCatalogResultsToXml') xwfutils_security.declarePublic('convertObjectsToXml') xwfutils_security.declarePublic('createRequestFromRequest') xwfutils_security.declarePublic('convertTextToAscii') xwfutils_security.declarePublic('createBatch') xwfutils_security.declarePublic('generate_user_id') xwfutils_security.declarePublic('assign_ownership') xwfutils_security.declarePublic('markupEmail') xwfutils_security.declarePublic('getToolByName') xwfutils_security.declarePublic('convertTextUsingContentType') xwfutils_security.declarePublic('rfc822_date') xwfutils_security.declarePublic('change_timezone') xwfutils_security.declarePublic('all_timezones') xwfutils_security.declarePublic('munge_date') xwfutils_security.declarePublic('curr_time') xwfutils_security.declarePublic('getOption')
from AccessControl import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles security = ModuleSecurityInfo('pcommerce.core.config') security.declarePublic('AddProduct') AddProduct = 'PCommerce: Add Product' setDefaultRoles(AddProduct, ('Manager','Contributer','Owner',)) security.declarePublic('AddVariation') AddVariation = 'PCommerce: Add Variation' setDefaultRoles(AddVariation, ('Manager','Contributer','Owner',)) security.declarePublic('AddImage') AddVariation = 'PCommerce: Add Image' setDefaultRoles(AddVariation, ('Manager','Contributer','Owner',)) security.declarePublic('AddPrice') AddPrice = 'PCommerce: Add Price' setDefaultRoles(AddPrice, ('Manager','Contributer','Owner',)) security.declarePublic('AddToCart') AddToCart = 'PCommerce: Add to Cart' setDefaultRoles(AddToCart, ('Anonymous', 'Authenticated',)) security.declarePublic('CheckOut') CheckOut = 'PCommerce: Check out' setDefaultRoles(CheckOut, ('Authenticated',)) security.declarePublic('ManageOrders') ManageOrders = 'PCommerce: Manage Orders'
def __init__(self, container): self.container = container def checkName(self, identifier, content, file=None, interface=None): try: checkValidId(self.container, str(identifier)) except BadRequest as error: raise ContentError(error.args[0], self.container) return True def chooseName(self, name, content, file=None, interface=None): return str(name) module_security.declarePublic('Id') class Id(object): """silva id mangler usage: from Products.Silva import mangle if mangle.Id(myId).isValid(): ... myId = mangle.Id(myId).new() """ __allow_access_to_unprotected_subobjects__ = 1 OK = 0
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE # ############################################################################## """ Permissions used throughout CMFTopic. $Id$ """ from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFTopic.permissions') from Products.CMFCore.permissions import setDefaultRoles security.declarePublic('AddTopics') AddTopics = 'Add portal topics' setDefaultRoles(AddTopics, ('Manager',)) security.declarePublic('ChangeTopics') ChangeTopics = 'Change portal topics' setDefaultRoles(ChangeTopics, ('Manager', 'Owner',)) security.declarePublic('AccessContentsInformation') from Products.CMFCore.permissions import AccessContentsInformation security.declarePublic('ListFolderContents') from Products.CMFCore.permissions import ListFolderContents security.declarePublic('View') from Products.CMFCore.permissions import View
[ 'CHP', permissions.ChangePermissions,], [ 'DOB', permissions.DeleteObjects,], [ 'LFC', permissions.ListFolderContents,], [ 'MGR', perm_ManageGroups, ], [ 'MPR', permissions.ManageProperties,], [ 'MPC', permissions.ModifyPortalContent,], [ 'VIE', permissions.View,], [ 'ADC', cPermission_gvSIGi18nAddTRACatalogo,], The user that shall be able to create root catalogs in the containing folder shall be assigned the in the containing folder the local role TRACreator by using the Plone sharing tab in the containing folder (must be logged as Manager). """ security.declarePublic('cTRACreator_role') security.declarePublic('cTRAManager_role') security.declarePublic('cTRACoordinator_role') security.declarePublic('cTRAVisitor_role') security.declarePublic('cTRATranslator_role') security.declarePublic('cTRAReviewer_role') security.declarePublic('TRARoles_list') cTRACreator_role = 'TRACreator' cTRAManager_role = 'TRAManager' cTRACoordinator_role = 'TRACoordinator' cTRADeveloper_role = 'TRADeveloper' cTRAReviewer_role = 'TRAReviewer' cTRATranslator_role = 'TRATranslator' cTRAVisitor_role = 'TRAVisitor'
"""Common configuration constants """ from AccessControl import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles PROJECTNAME = 'raptus.filesystemindex' security = ModuleSecurityInfo('raptus.filesystemindex.config') security.declarePublic('ADD_PERMISSION') ADD_PERMISSION = 'raptus.filesystemindex: Add FileSystemIndex' setDefaultRoles(ADD_PERMISSION, ('Manager','Contributor',))
""" global _tool_interface_registry _tool_interface_registry[tool_id] = tool_interface security.declarePrivate('getToolInterface') def getToolInterface(tool_id): """ Get the interface registered for a tool ID """ global _tool_interface_registry return _tool_interface_registry.get(tool_id, None) security.declarePublic('getToolByName') def getToolByName(obj, name, default=_marker): """ Get the tool, 'toolname', by acquiring it. o Application code should use this method, rather than simply acquiring the tool by name, to ease forward migration (e.g., to Zope3). """ tool_interface = _tool_interface_registry.get(name) if tool_interface is not None: try: utility = getUtility(tool_interface) # Site managers, except for five.localsitemanager, return unwrapped
############################################################################## # # Copyright (c) 2004 Zope Corporation and Contributors. All Rights Reserved. # # This software is subject to the provisions of the Zope Public License, # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS # FOR A PARTICULAR PURPOSE. # ############################################################################## """ CMFSetup product exceptions. $Id$ """ from AccessControl import ModuleSecurityInfo security = ModuleSecurityInfo('Products.CMFSetup.exceptions') security.declarePublic('BadRequest') from Products.CMFCore.exceptions import BadRequest
# No roles exist and no grants requested. Leave unchanged. return 0 else: # Add new roles for this group. local_roles[group] = list(grant_roles) ob.__ac_local_roles__ = local_roles return 1 # Edit the roles. roles = list(roles) changed = 0 for role in managed_roles: if role in grant_roles and role not in roles: # Add one role for this group. roles.append(role) changed = 1 elif role not in grant_roles and role in roles: # Remove one role for this group. roles.remove(role) changed = 1 if changed: if not roles and local_roles.has_key(group): del local_roles[group] else: local_roles[group] = roles ob.__ac_local_roles__ = local_roles return changed security.declarePublic('Message') Message = _ = MessageFactory('cmf_default')
"""Common configuration constants """ from AccessControl import ModuleSecurityInfo from Products.CMFCore.permissions import setDefaultRoles PROJECTNAME = "raptus.article.media" security = ModuleSecurityInfo("raptus.article.media.config") security.declarePublic("ADD_PERMISSION") ADD_PERMISSION = {} ADD_PERMISSION["Video"] = "raptus.article: Add Video" setDefaultRoles(ADD_PERMISSION["Video"], ("Manager", "Contributor")) ADD_PERMISSION["VideoEmbed"] = "raptus.article: Add Embeded Video" setDefaultRoles(ADD_PERMISSION["VideoEmbed"], ("Manager", "Contributor")) ADD_PERMISSION["Audio"] = "raptus.article: Add Audio" setDefaultRoles(ADD_PERMISSION["Audio"], ("Manager", "Contributor"))
from exceptions import AccessControl_Unauthorized from exceptions import NotFound from warnings import warn security = ModuleSecurityInfo( 'Products.CMFCore.utils' ) _dtmldir = os_path.join( package_home( globals() ), 'dtml' ) _wwwdir = os_path.join( package_home( globals() ), 'www' ) # # Simple utility functions, callable from restricted code. # _marker = [] # Create a new marker object. security.declarePublic('getToolByName') def getToolByName(obj, name, default=_marker): """ Get the tool, 'toolname', by acquiring it. o Application code should use this method, rather than simply acquiring the tool by name, to ease forward migration (e.g., to Zope3). """ try: tool = aq_get(obj, name, default, 1) except AttributeError: if default is _marker: raise return default else:
import Products from AccessControl import ModuleSecurityInfo from AccessControl import Permissions from AccessControl.Permission import _registeredPermissions from AccessControl.Permission import pname from Globals import ApplicationDefaultPermissions security = ModuleSecurityInfo('Products.CMFCore.permissions') # # General Zope permissions # security.declarePublic('AccessContentsInformation') AccessContentsInformation = Permissions.access_contents_information security.declarePublic('ChangePermissions') ChangePermissions = Permissions.change_permissions security.declarePublic('DeleteObjects') DeleteObjects = Permissions.delete_objects security.declarePublic('FTPAccess') FTPAccess = Permissions.ftp_access security.declarePublic('ManageProperties') ManageProperties = Permissions.manage_properties security.declarePublic('ManageUsers')
import socket from AccessControl import ModuleSecurityInfo HAS_SSL=hasattr(socket, "ssl") del socket security = ModuleSecurityInfo('collective.browserid.config') security.declarePublic('DEFAULT_HOST') DEFAULT_HOST = 'https://browserid.org/verify' security.declarePublic('DEFAULT_TIMEOUT') DEFAULT_TIMEOUT = 15 security.declarePublic('PLUGIN_META_TYPE') PLUGIN_META_TYPE = "BrowserID plugin"