From a55d172c924f8929a8212f243a89aecdc4f2de0f Mon Sep 17 00:00:00 2001 From: Jean-Paul Smets <jp@nexedi.com> Date: Mon, 1 Oct 2007 11:14:41 +0000 Subject: [PATCH] A simple implementation of format control. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16744 20353a03-c40f-0410-a6d1-a30d3c3de9de --- ...cument_checkConversionFormatPermission.xml | 176 ++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_checkConversionFormatPermission.xml diff --git a/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_checkConversionFormatPermission.xml b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_checkConversionFormatPermission.xml new file mode 100644 index 0000000000..1354c4ce0f --- /dev/null +++ b/bt5/erp5_dms/SkinTemplateItem/portal_skins/erp5_dms/Document_checkConversionFormatPermission.xml @@ -0,0 +1,176 @@ +<?xml version="1.0"?> +<ZopeData> + <record id="1" aka="AAAAAAAAAAE="> + <pickle> + <tuple> + <tuple> + <string>Products.PythonScripts.PythonScript</string> + <string>PythonScript</string> + </tuple> + <none/> + </tuple> + </pickle> + <pickle> + <dictionary> + <item> + <key> <string>Python_magic</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>Script_magic</string> </key> + <value> <int>3</int> </value> + </item> + <item> + <key> <string>__ac_local_roles__</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_bind_names</string> </key> + <value> + <object> + <klass> + <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>_asgns</string> </key> + <value> + <dictionary> + <item> + <key> <string>name_container</string> </key> + <value> <string>container</string> </value> + </item> + <item> + <key> <string>name_context</string> </key> + <value> <string>context</string> </value> + </item> + <item> + <key> <string>name_m_self</string> </key> + <value> <string>script</string> </value> + </item> + <item> + <key> <string>name_subpath</string> </key> + <value> <string>traverse_subpath</string> </value> + </item> + </dictionary> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>_body</string> </key> + <value> <string>"""\n + A very simple implementation which makes sure\n + that pure auditors can only view in non editable formats\n + (pdf, html, txt, png, etc.)\n +"""\n +from AccessControl import getSecurityManager\n +user = getSecurityManager().getUser()\n +role_list = user.getRolesInContext(context)\n +\n +# Users involved in the document may view it in editable mode\n +if "Associate" in role_list or "Assignee" in role_list or\\\n + "Assignor" in role_list or "Manager" in role_list:\n + return 1\n +\n +# All users with view permission may view the document \n +# in read only mode\n +if format in (\'html\', \'stripped-html\', \'pdf\', \'png\', \'jpg\', \'gif\'):\n + return 1\n +\n +# All other formats are prohibitted\n +return 0\n +</string> </value> + </item> + <item> + <key> <string>_code</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_filepath</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_owner</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_params</string> </key> + <value> <string>format=None</string> </value> + </item> + <item> + <key> <string>errors</string> </key> + <value> + <tuple/> + </value> + </item> + <item> + <key> <string>func_code</string> </key> + <value> + <object> + <klass> + <global name="FuncCode" module="Shared.DC.Scripts.Signature"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>co_argcount</string> </key> + <value> <int>1</int> </value> + </item> + <item> + <key> <string>co_varnames</string> </key> + <value> + <tuple> + <string>format</string> + <string>AccessControl</string> + <string>getSecurityManager</string> + <string>_getattr_</string> + <string>user</string> + <string>context</string> + <string>role_list</string> + </tuple> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>func_defaults</string> </key> + <value> + <tuple> + <none/> + </tuple> + </value> + </item> + <item> + <key> <string>id</string> </key> + <value> <string>Document_checkConversionFormatPermission</string> </value> + </item> + <item> + <key> <string>warnings</string> </key> + <value> + <tuple/> + </value> + </item> + </dictionary> + </pickle> + </record> +</ZopeData> -- 2.30.9