Changeset 1264


Ignore:
Timestamp:
01/10/07 16:27:28 (13 years ago)
Author:
tarmo
Message:

Methods checked and secured. Added some FIXMEs that
someone should fix... Closes #1062, spent 4h.

Location:
trunk
Files:
14 edited

Legend:

Unmodified
Added
Removed
  • trunk/BlogPost.py

    r1212 r1264  
    3030from Products.Archetypes.atapi import DisplayList 
    3131from FieldsWidgets import TagsField, TagsWidget 
    32 from permissions import ModerateContent 
     32from permissions import ModerateContent, MODIFY_CONTENT 
    3333 
    3434from GroupBlog import monthNames 
     
    6969    schema = schema 
    7070 
     71    security.declarePrivate('manage_afterAdd') 
    7172    def manage_afterAdd(self, item, container): 
    7273        """1) Replaces the left side portlets with the content type's own action portlet. 2) add obj id to list of recent entries in parent GroupBlog. 3) add to list of collaboration proposals if such""" 
     
    9192        BaseContent.manage_afterAdd(self, item, container) 
    9293 
     94    security.declarePrivate('at_post_edit_script') 
    9395    def at_post_edit_script(self): 
    9496        """ Rename id to resemble title, add to list of collaboration proposals of community if such, and add to recent posts of blog. """ 
     
    184186#                    eval('self.'+mutator+'(value)') 
    185187 
     188    security.declareProtected(MODIFY_CONTENT, 'setCoverImage') 
    186189    def setCoverImage(self, value, **kwargs): 
    187190        """ This modification for a mutator flags object to have a coverImage """ 
     
    191194        has_cover.set(self,True) 
    192195 
     196    security.declareProtected(MODIFY_CONTENT, 'setBodyText') 
    193197    def setBodyText(self, value, **kwargs): 
    194198        bt=self.getField('bodyText') 
     
    207211 
    208212    def myDateToArchive(self): 
    209         """ Get year and month """ 
     213        # Get year and month 
    210214        myresults = [] 
    211215        # This function returns array like ['2006', 'October'] for the the current element. 
  • trunk/Collection.py

    r1141 r1264  
    3030from config import PROJECTNAME, ALL_CONTENT_TYPES, CONTENT_TYPES, DEFAULT_ICONS 
    3131from Resources import CommonMixIn 
     32from permissions import MODIFY_CONTENT 
    3233 
    3334schema = BaseSchema + Schema(( 
     
    8182    typeDescMsgId='description_collection' 
    8283    global_allow = 1 
     84    security = ClassSecurityInfo() 
    8385    _at_rename_after_creation = True 
    8486 
     
    103105        return highest 
    104106 
     107    security.declareProtected(MODIFY_CONTENT,'addRefsToResources') 
    105108    def addRefsToResources(self, ref, empty=0): 
    106109        """ add reference to resource """ 
     
    147150        return arr         
    148151 
     152    security.declareProtected(MODIFY_CONTENT,'delResources') 
    149153    def delResources(self, REQUEST): 
    150154        """ delete selected resource """ 
     
    165169            return False 
    166170 
     171    security.declareProtected(MODIFY_CONTENT,'moveUpResources') 
    167172    def moveUpResources(self, REQUEST): 
    168173        """ move up """ 
     
    198203            #field.set(self, new_list) 
    199204 
     205    security.declareProtected(MODIFY_CONTENT,'moveDownResources') 
    200206    def moveDownResources(self, REQUEST): 
    201207        """ move down """ 
     
    247253 
    248254    def manage_afterAdd(self, item, container): 
    249         """Replaces the left side portlets with the content type's own action portlet.""" 
     255        #Replaces the left side portlets with the content type's own action portlet. 
    250256        BaseContent.manage_afterAdd(self, item, container) 
    251257        if not hasattr(item.aq_base, 'left_slots'): 
  • trunk/GroupBlog.py

    r1074 r1264  
    3030 
    3131from config import PROJECTNAME, MODIFY_CONTENT, VIEW, DEFAULT_ICONS 
     32from permissions import MODIFY_CONTENT 
    3233from SharedMetadata import * 
    3334from FieldsWidgets import LinkLinesField, LinkLinesWidget 
     
    198199 
    199200    def manage_afterAdd(self, item, container): 
    200         """Replaces the left side portlets with the content type's own action portlet.""" 
     201        # Replaces the left side portlets with the content type's own action portlet. 
    201202        BaseFolder.manage_afterAdd(self, item, container) 
    202203        mtool = getToolByName(self, 'portal_membership') 
     
    237238 
    238239    def prefill_title(self): 
    239         """ When GroupBlog is created we need to get same values as group itself here"""         
     240        # When GroupBlog is created we need to get same values as group itself here 
    240241        # It seems that the marching order in creating a group sets these to 'x:s workspace' after creating object. 
    241242        groupid = self.getId() 
     
    246247 
    247248    def prefill_description(self): 
    248         """ When GroupBlog is created we need to get same values as group itself here"""         
     249        # When GroupBlog is created we need to get same values as group itself here 
    249250        groupid = self.getId() 
    250251        grouptool = getToolByName(self, 'portal_groups') 
     
    310311 
    311312    def getRoles(self, memberid=None): 
    312         """Helper method to get roles""" 
     313        # Helper method to get roles 
    313314        if memberid: 
    314315            return self.get_local_roles_for_userid(memberid) 
     
    324325        """ Because I prefer lists, not tuples """ 
    325326        return list(self.getField('recent_activity').get(self)) 
    326          
     327 
     328    security.declareProtected(MODIFY_CONTENT,'addRecent_activity') 
    327329    def addRecent_activity(self, obj_uid, act_type): 
    328330        """ Recent activity is a list of (obj_UID, date, activity type {'modified piece', 'created' etc.}) 
     
    338340        acts_field.set(self, acts) 
    339341         
     342    security.declareProtected(MODIFY_CONTENT,'addRecent_post') 
    340343    def addRecent_post(self,postid): 
    341344        """ Recent posts are lists of id's, because then picking the post objects when inside group is easy and quick """ 
     
    349352        self.setRecent_posts(postlist[:10])             
    350353 
     354    security.declareProtected(MODIFY_CONTENT,'removeRecent_post') 
    351355    def removeRecent_post(self,postid): 
    352356        postlist= list(self.getField('recent_posts').get(self)) 
     
    355359        self.setRecent_posts(postlist)             
    356360 
     361    security.declareProtected(MODIFY_CONTENT,'replaceRecent_post') 
    357362    def replaceRecent_post(self, old, new): 
    358363        postlist= list(self.getField('recent_posts').get(self)) 
     
    375380        return 0 
    376381             
    377  
    378382    def join_group(self): 
    379383        """ The logged in user joins the current group """ 
     
    433437 
    434438     
     439    security.declareProtected(MODIFY_CONTENT,'setProperties') 
    435440    def setProperties(self, newprops=None, **kw): 
    436441        """ Try to get mutator for each value and if there isn't one then change groups properties """ 
     
    486491    # These have to be duplicated since its difficult to base these folderish objects on non-folderish Resources  
    487492 
     493    security.declareProtected(MODIFY_CONTENT,'setCoverImage') 
    488494    def setCoverImage(self, value, **kwargs): 
    489495        """ Normal mutator, but flags object to have a coverImage (hasCoverImage = True) """ 
     
    494500        self.reindexObject() 
    495501 
     502    security.declareProtected(MODIFY_CONTENT,'delCoverImage') 
    496503    def delCoverImage(self): 
    497504        """ Reverse of setCoverImage """ 
  • trunk/LeMillReference.py

    r1089 r1264  
    171171 
    172172    def manage_afterAdd(self, item, container): 
    173         """ manage after add """ 
    174173        Material.manage_afterAdd(self, item, container) 
    175174    #    if not hasattr(item.aq_base, 'left_slots'): 
  • trunk/LeMillSearchTool.py

    r1079 r1264  
    213213 
    214214    def get_urls_of_remote_lemilles(self): 
    215         """ get remote lemill locations. ie. ('http://localhost:9090/SecondLeMill',) """ 
     215        # get remote lemill locations. ie. ('http://localhost:9090/SecondLeMill',) 
    216216        result = [] 
    217217        for x in self.remote_lemilles.values(): 
     
    223223 
    224224    def ping(self, address): 
    225         """ ping remote lemill, see if it's alive """ 
     225        # ping remote lemill, see if it's alive 
    226226        address = address +'/'+ self.getId() 
    227227        r = xmlrpclib.Server(address) 
     
    255255        return 0 
    256256 
     257    security.declareProtected(MANAGE_PORTAL, 'delete_remote_lemill') 
    257258    def delete_remote_lemill(self, id): 
    258         """ delete remote lemill address from our list """ 
     259        # delete remote lemill address from our list 
    259260        del self.remote_lemilles[id] 
    260261        self._p_changed = True 
     
    263264        return self.enable_remotesearch 
    264265     
     266    security.declareProtected(MANAGE_PORTAL, 'setEnableRemoteSearch') 
    265267    def setEnableRemoteSearch(self, enable): 
    266268        self.enable_remotesearch = enable 
  • trunk/LeMillTool.py

    r1261 r1264  
    4343    security.declarePublic('createUniqueGroupId') 
    4444    def createUniqueGroupId(self, basename): 
    45         """ Groups should always use titles for display, but urls use ids so lets make ids understandable & unique.  """ 
     45        #Groups should always use titles for display, but urls use ids so lets make ids understandable & unique. 
    4646        # basename should be user's id or material's id, we add _group+numbers after that.  
    4747        basename=str(basename) 
     
    106106 
    107107    def resize_image(self, image, to_width=120, to_height=120, format="PNG"): 
    108         """ resize image to given width and height. StringIO, im will be returned""" 
     108        # resize image to given width and height. StringIO, im will be returned 
    109109        try: 
    110110            from PIL import Image 
     
    157157 
    158158    def savePiece(self, uid, values): 
    159         """ Edit one piece """ 
     159        # Edit one piece 
    160160        piece=self.uid_catalog(UID=uid) 
    161161        piece=piece[0].getObject() 
  • trunk/LeMillUserTool.py

    r664 r1264  
    4242    security.declarePublic('getEmail') 
    4343    def getEmail(self,author): 
    44         """ get the email of a user """ 
    4544        mtool = getToolByName(self, 'portal_membership')  
    4645        member  =   mtool.getMemberById(author) 
     
    5049    security.declarePublic('getSkype') 
    5150    def getSkype(self,author): 
    52         """get the skype name of the user""" 
    5351        mtool = getToolByName(self, 'portal_membership')  
    5452        member  =   mtool.getMemberById(author) 
     
    5856    security.declarePublic('getHomepage') 
    5957    def getHomepage(self,author): 
    60         """get the external homepage of the user""" 
    6158        mtool   =   getToolByName(self, 'portal_membership')  
    6259        member  =   mtool.getMemberById(author) 
     
    110107        '''Returns a list of entries in catalog metadata format like searches usually do''' 
    111108         
    112     security.declareProtected(AddGroups, 'setLeMillOwnership') #<-- permissions not thought through yet 
     109    #FIXME: permissions not thought through yet 
     110    security.declareProtected(AddGroups, 'setLeMillOwnership') 
    113111    def setLeMillOwnership(self, group, object): 
    114         '''Sets group as an owner for an object and add object's id to groups list''' 
     112        """Sets group as an owner for an object and add object's id to groups list""" 
    115113        groupstool = getToolByName(self, 'portal_groups') 
    116114        groupstool.setGroupOwnership(self, group, object) 
  • trunk/MemberFolder.py

    r1258 r1264  
    2727from AccessControl import ClassSecurityInfo, Unauthorized 
    2828from config import * 
     29from permissions import MODIFY_CONTENT 
    2930from Products.PloneLanguageTool.availablelanguages import countries 
    3031try: 
     
    340341        return self.getCollectionsFolder().objectValues('Collection') 
    341342 
     343    security.declareProtected(MODIFY_CONTENT,'delCollection') 
    342344    def delCollection(self, obj_id): 
    343345        obj=self.collections.get(obj_id) 
     
    431433            return '' 
    432434 
    433     def debugProps(self): 
    434         """...""" 
    435         mtool = getToolByName(self, 'portal_memberdata') 
    436         raise 'FOO',str(mtool.propdict()) 
    437          
    438  
    439435    def prefill_email(self): 
    440         """ When memberfolder is created first time we need to get some values right, as they will be used in templates""" 
     436        # When memberfolder is created first time we need to get some values right, as they will be used in templates 
    441437        return self.__getMemberProperty('email') 
    442438         
     
    466462 
    467463 
    468  
     464    security.declareProtected(MODIFY_CONTENT,'flagCoverImageOn') 
    469465    def flagCoverImageOn(self): 
    470466        self.getField('hasCoverImage').set(self, True) 
    471467 
     468    security.declareProtected(MODIFY_CONTENT,'flagCoverImageOff') 
    472469    def flagCoverImageOff(self): 
    473470        self.getField('hasCoverImage').set(self, False) 
    474471 
    475  
     472    security.declarePrivate('at_post_edit_script') 
    476473    def at_post_edit_script(self): 
    477474        putil = getToolByName(self,'plone_utils') 
     
    557554        acts_field.set(self, acts) 
    558555 
     556    security.declareProtected(MODIFY_CONTENT,'resize_portrait') 
    559557    def resize_portrait(self, portrait, member_id): 
    560558        """ resize user portrait if it is larger than 160x120 """ 
     
    592590 
    593591    def sendInvitationMail(self, message, email): 
    594         """ send it """ 
    595592        mhost=self.MailHost 
    596593        utool=getToolByName(self,'portal_url') 
     
    609606            print msg   
    610607 
    611     security.declarePublic('addListOfContacts') 
     608    #FIXME: This needs to be changed so it's called in the currently logged in user's folder, 
     609    #so we can do permission checking! The same goes for the next method as well 
    612610    def addListOfContacts(self): 
    613611        """ Add person to contacts """ 
  • trunk/MultimediaMaterial.py

    r1071 r1264  
    2525from SharedMetadata import * 
    2626from Material import Material 
     27from permissions import MODIFY_CONTENT 
    2728import re 
    2829 
     
    6566    security.declareObjectPublic() 
    6667 
     68    security.declarePrivate('manage_afterAdd') 
    6769    def manage_afterAdd(self, item, container):     
    68         """ manage after add """ 
    6970        Material.manage_afterAdd(self, item, container) 
    7071 
     
    8182        return dump 
    8283 
     84    security.declareProtected(MODIFY_CONTENT,'setBodyText') 
    8385    def setBodyText(self, value): 
    8486        """ set body text. replace <img src=".../image_small" /> with image large """ 
     
    9193        return self.getField('mediapieces').get(self) 
    9294 
     95    security.declareProtected(MODIFY_CONTENT,'delChapter') 
    9396    def delChapter(self, REQUEST): 
    9497        """ delete chapter """ 
  • trunk/PILOTMaterial.py

    r1263 r1264  
    100100    security.declareObjectPublic() 
    101101 
     102    security.declarePrivate('manage_afterAdd') 
    102103    def manage_afterAdd(self, item, container): 
    103         """ manage after add """ 
    104104        Material.manage_afterAdd(self, item, container) 
    105105        if not hasattr(item.aq_base, 'left_slots'): 
  • trunk/PresentationMaterial.py

    r1212 r1264  
    3232from types import ListType 
    3333from OFS.content_types import guess_content_type 
    34  
     34from permissions import MODIFY_CONTENT 
    3535 
    3636description = Schema(( 
     
    9090 
    9191    def manage_afterAdd(self, item, container): 
    92         """ manage after add """ 
    9392        Material.manage_afterAdd(self, item, container) 
    9493        if not hasattr(item.aq_base, 'left_slots'): 
     
    151150            return 0 
    152151 
    153  
     152    security.declareProtected(MODIFY_CONTENT,'multiUploader') 
    154153    def multiUploader(self): 
    155154        """ Deals with buttons in slide_uploader form, bit like script_chapterController """ 
     
    184183 
    185184 
     185    security.declareProtected(MODIFY_CONTENT,'createPieces') 
    186186    def createPieces(self): 
    187187        """ get uploads from form, order them to look like they're coming from SlideWidget and send them to set-method of ChapterField """ 
  • trunk/Resources.py

    r1261 r1264  
    8484    security = ClassSecurityInfo() 
    8585 
     86    security.declarePrivate('manage_afterAdd') 
    8687    def manage_afterAdd(self, item, container): 
    8788        # Replaces the left side portlets with the content type's own action portlet. 
     
    9495            self._setProperty('left_slots', ['here/portlet_%s_actions/macros/portlet' % item.meta_type.lower(),], 'lines') 
    9596 
     97    security.declarePrivate('at_post_create_script') 
    9698    def at_post_create_script(self): 
    9799        self.at_post_edit_script() 
    98100 
     101    security.declarePrivate('at_post_edit_script') 
    99102    def at_post_edit_script(self): 
    100103        # Store current ID 
     
    157160        self.recalculateAuthors() 
    158161 
     162    security.declarePrivate('migrate_history') 
    159163    def migrate_history(self): 
    160164        """ migrate_history """ 
     
    202206 
    203207 
     208    security.declarePrivate('recalculateAuthors') 
    204209    def recalculateAuthors(self, removeAdmin=''): 
    205210        """ Recalculates author order """ 
     
    327332        return self.getDefaultIcon() 
    328333 
     334    security.declareProtected(MODIFY_CONTENT,'setCoverImage') 
    329335    def setCoverImage(self, value, **kwargs): 
    330336        """ Normal mutator, but flags object to have a coverImage (hasCoverImage = True) """ 
     
    338344        self.reindexObject() 
    339345 
     346    security.declareProtected(MODIFY_CONTENT,'delCoverImage') 
    340347    def delCoverImage(self): 
    341348        """ Reverse of setCoverImage """ 
     
    350357    def getAuthors(self): 
    351358        """ used to get the list of authors """ 
    352  
    353359        return self.getField('creators').get(self) 
    354360 
     
    407413        return fields 
    408414 
    409     # private on purpose 
     415    security.declarePrivate('addMeAsAuthor') 
    410416    def addMeAsAuthor(self): 
    411417        curlist = list(self.getAuthors()) 
     
    436442        return ', '.join(names) 
    437443 
     444    security.declareProtected(MODIFY_CONTENT,'setBodyText') 
    438445    def setBodyText(self,value,**kwargs): 
    439446        bodyText=self.getField('bodyText') 
     
    459466        return '' 
    460467 
     468    security.declarePrivate('getHistory') 
    461469    def getHistory(self): 
    462470        try: 
     
    520528        self.getHistory().insert(0, entry) 
    521529 
     530    security.declarePrivate('storeInHistory') 
    522531    def storeInHistory(self,fields,summary=None,storeAuthor=True): 
    523532        data = dict((key, self.getField(key).getRaw(self)) for key in fields) 
     
    640649 
    641650 
     651    #FIXME: This probably should *not* be public! --tarmo 
    642652    security.declarePublic('setGroupsShared') 
    643653    def setGroupsShared(self, value): 
     
    719729    #at_post_create_script=at_post_edit_script 
    720730 
     731    security.declareProtected(MODIFY_CONTENT,'addFieldReferences') 
    721732    def addFieldReferences(self, ref, to_field): 
    722733        """ add reference to image """ 
  • trunk/SectionFolder.py

    r1252 r1264  
    2828import re, datetime, urllib 
    2929from AccessControl import ClassSecurityInfo 
    30  
     30from permissions import MODIFY_CONTENT, ADD_CONTENT_PERMISSION 
    3131 
    3232communityschema= ATFolderSchema + Schema(( 
     
    4848    meta_type = "Section Folder" 
    4949    security = ClassSecurityInfo() 
    50      
     50 
    5151    def getAllContentTypes(self): 
    5252        """ returns a list of all content types """ 
     
    7474 
    7575    # Override initializeArchetype to turn on syndication by default 
     76    security.declarePrivate('initializeArchetype') 
    7677    def initializeArchetype(self, **kwargs): 
    7778        ret_val = ATFolder.initializeArchetype(self, **kwargs) 
     
    8687        return ret_val 
    8788 
     89    # private 
    8890    def _lemill_invokeFactory(self, container, meta_type, id=None, title=''): 
    8991        """ add new object, edit it's title and invoke _renameAfterCreation """ 
     
    100102 
    101103 
    102      
     104    #FIXME: Should this method be removed completely? 
     105    security.declareProtected(MODIFY_CONTENT,'start_new_version') 
    103106    def start_new_version(self, REQUEST=None, objId=None): 
    104107        """ 
     
    145148 
    146149 
     150    security.declareProtected(MODIFY_CONTENT,'start_translation') 
    147151    def start_translation(self, REQUEST=None, objId=None): 
    148152        """ 
     
    367371            return shownFields 
    368372 
    369     #def getFolder(self): 
    370     #    return self 
    371  
    372373    def amIManager(self): 
    373374        """Check whether I'm a manager.""" 
     
    436437 
    437438    def url_quote(self,word): 
    438         """...""" 
    439439        return urllib.quote(word) 
    440440 
     
    648648    default_view = ('lemill_content_view') 
    649649    filter_content_types = True 
    650  
     650    security = ClassSecurityInfo() 
     651 
     652    security.declareProtected(ADD_CONTENT_PERMISSION,'uploadIt') 
    651653    def uploadIt(self, REQUEST): 
    652654        """ gets file from upload and makes new object. 
     
    708710        else: return 'hits' 
    709711 
     712    security.declareProtected(ADD_CONTENT_PERMISSION,'lemidlet_post') 
    710713    def lemidlet_post(self, REQUEST): 
    711714        """ LeMidlet will post image here....""" 
     
    763766    default_view = ('lemill_community_view') 
    764767    filter_content_types = True 
     768    security = ClassSecurityInfo() 
    765769 
    766770    schema=communityschema 
     
    770774        mtool = getToolByName(self, "portal_membership") 
    771775        member=mtool.getAuthenticatedMember() 
     776        if not member: return 
    772777        if member.getHomeFolder()==None: 
    773778            member.createMemberarea() 
     
    786791        return list(self.getField('collaboration_proposals').get(self)) 
    787792         
     793    security.declareProtected(ADD_CONTENT_PERMISSION,'addCollaboration_proposal') 
    788794    def addCollaboration_proposal(self, obj_uid): 
    789795        """ Collaboration proposals are stored as list of UID:s, because then we don't have to care about group path when finding them """ 
     
    806812        cp_field.set(self, cp) 
    807813 
     814    security.declareProtected(ADD_CONTENT_PERMISSION,'removeCollaboration_proposal') 
    808815    def removeCollaboration_proposal(self, obj_uid): 
    809816        cp= self.getCollaboration_proposals() 
  • trunk/Story.py

    r1050 r1264  
    143143    security.declareObjectPublic() 
    144144 
    145  
     145#FIXME: Should this be a method of the Story class? Right now it's a function of the Story module. --tarmo 
    146146def getHasCoverImage(self): 
    147147    """ this gets asked often """ 
Note: See TracChangeset for help on using the changeset viewer.