diff --git a/product/ERP5Type/__init__.py b/product/ERP5Type/__init__.py index 5d0a040540bcf1c3029b2306a415644d376fdc5c..8b29a1efa06fc6003ceb5759c1eb56e16db4c3d6 100644 --- a/product/ERP5Type/__init__.py +++ b/product/ERP5Type/__init__.py @@ -67,7 +67,7 @@ def initialize( context ): portal_tools = ( ClassTool.ClassTool, CacheTool.CacheTool, MemcachedTool.MemcachedTool, - SessionTool.SessionTool ) + SessionTool.SessionTool ) # Do initialization step initializeProduct(context, this_module, globals(), document_module = Document, @@ -90,10 +90,13 @@ def initialize( context ): initializeLocalDocumentRegistry() from AccessControl.SecurityInfo import allow_module +from AccessControl.SecurityInfo import ModuleSecurityInfo allow_module('Products.ERP5Type.Cache') -allow_module('Products.ERP5Type.Utils') # XXX this looks dangerous - # selected methods only should be allowed eg. cartesianProduct +ModuleSecurityInfo('Products.ERP5Type.Utils').declarePublic( + 'sortValueList', 'convertToUpperCase', 'convertToMixedCase', + 'cartesianProduct', 'sleep') + allow_module('Products.ERP5Type.Message') allow_module('Products.ERP5Type.Error') allow_module('Products.ERP5Type.Log')