Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
139
Merge Requests
139
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
erp5
Commits
c4e5b100
Commit
c4e5b100
authored
Feb 08, 2024
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
*: restrict send API usage
parent
c503f318
Changes
15
Hide whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
55 additions
and
8 deletions
+55
-8
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.py
...inTemplateItem/portal_skins/erp5_base/Entity_sendEmail.py
+4
-0
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.xml
...nTemplateItem/portal_skins/erp5_base/Entity_sendEmail.xml
+1
-1
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.py
...inTemplateItem/portal_skins/erp5_base/MailMessage_send.py
+3
-0
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.xml
...nTemplateItem/portal_skins/erp5_base/MailMessage_send.xml
+1
-1
bt5/erp5_crm/TestTemplateItem/portal_components/test.erp5.testCRM.py
...m/TestTemplateItem/portal_components/test.erp5.testCRM.py
+22
-0
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.py
.../SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.py
+4
-0
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.xml
...SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.xml
+1
-1
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.py
...interface_post/InternetMessagePost_sendMailHostMessage.py
+3
-0
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.xml
...nterface_post/InternetMessagePost_sendMailHostMessage.xml
+1
-1
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.py
...Item/portal_skins/erp5_short_message/ShortMessage_send.py
+3
-0
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.xml
...tem/portal_skins/erp5_short_message/ShortMessage_send.xml
+1
-1
bt5/erp5_short_message/ToolComponentTemplateItem/portal_components/tool.erp5.SMSTool.py
...ponentTemplateItem/portal_components/tool.erp5.SMSTool.py
+3
-3
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.EmailDocument.py
...lateItem/portal_components/document.erp5.EmailDocument.py
+2
-0
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.Event.py
...mentTemplateItem/portal_components/document.erp5.Event.py
+3
-0
product/ERP5Type/patches/MailHost.py
product/ERP5Type/patches/MailHost.py
+3
-0
No files found.
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.py
View file @
c4e5b100
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
from
email.utils
import
formataddr
portal
=
context
.
getPortalObject
()
event
=
portal
.
restrictedTraverse
(
event_relative_url
)
...
...
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Entity_sendEmail.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
event_relative_url, **kw
</string>
</value>
<value>
<string>
event_relative_url,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.py
View file @
c4e5b100
...
...
@@ -2,6 +2,9 @@
This script is also used by notification tool, that's why it is in erp5_base.
"""
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
from
email.utils
import
formataddr
portal
=
context
.
getPortalObject
()
...
...
bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/MailMessage_send.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None, extra_header_dict=None, **kw
</string>
</value>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None, extra_header_dict=None,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_crm/TestTemplateItem/portal_components/test.erp5.testCRM.py
View file @
c4e5b100
...
...
@@ -2069,6 +2069,28 @@ class TestCRMMailSend(BaseTestCRM):
message
=
message_from_string
(
last_message
)
self
.
assertEqual
(
"test"
,
message
.
get
(
"X-test-header"
))
def
test_MailMessage_send_security
(
self
):
mail_message
=
self
.
portal
.
event_module
.
newContent
(
portal_type
=
"Mail Message"
,
source
=
'person_module/me'
,
destination
=
'person_module/recipient'
)
self
.
assertGreater
(
self
.
publish
(
mail_message
.
getPath
()
+
'/send'
,
user
=
'ERP5TypeTestCase'
).
getStatus
(),
300
)
self
.
assertGreater
(
self
.
publish
(
mail_message
.
getPath
()
+
'/MailMessage_send'
,
user
=
'ERP5TypeTestCase'
).
getStatus
(),
300
)
self
.
assertGreater
(
self
.
publish
(
self
.
portal
.
MailHost
.
getPath
()
+
'/send'
,
user
=
'ERP5TypeTestCase'
).
getStatus
(),
300
)
self
.
assertFalse
(
self
.
portal
.
MailHost
.
getMessageList
())
def
test_suite
():
suite
=
unittest
.
TestSuite
()
...
...
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.py
View file @
c4e5b100
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
if
body
is
None
:
body
=
context
.
getTextContent
()
#XXX This does not support structured text format.
...
...
bt5/erp5_forge/SkinTemplateItem/portal_skins/erp5_forge/BugLine_send.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None, **kw
</string>
</value>
<value>
<string>
from_url=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=None,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
...
...
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.py
View file @
c4e5b100
...
...
@@ -5,5 +5,8 @@
# spawned with parameters :
# conflict_retry=False,
# max_retry=0,
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
context
.
getPortalObject
().
MailHost
.
send
(
context
.
getData
())
bt5/erp5_interface_post/SkinTemplateItem/portal_skins/erp5_interface_post/InternetMessagePost_sendMailHostMessage.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string></string>
</value>
<value>
<string>
REQUEST=None
</string>
</value>
</item>
<item>
<key>
<string>
id
</string>
</key>
...
...
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.py
View file @
c4e5b100
...
...
@@ -2,6 +2,9 @@
Send the current sms by using a SMS gateway.
Use default mobile phone of source and destination
"""
if
REQUEST
is
not
None
:
from
zExceptions
import
Unauthorized
raise
Unauthorized
#Get recipients
recipient_phone_list
=
[
...
...
bt5/erp5_short_message/SkinTemplateItem/portal_skins/erp5_short_message/ShortMessage_send.xml
View file @
c4e5b100
...
...
@@ -50,7 +50,7 @@
</item>
<item>
<key>
<string>
_params
</string>
</key>
<value>
<string>
from_url=None, from_title=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=False, **kw
</string>
</value>
<value>
<string>
from_url=None, from_title=None, to_url=None, reply_url=None, subject=None, body=None, attachment_format=None, attachment_list=None, download=False,
REQUEST=None,
**kw
</string>
</value>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
...
...
bt5/erp5_short_message/ToolComponentTemplateItem/portal_components/tool.erp5.SMSTool.py
View file @
c4e5b100
...
...
@@ -30,14 +30,13 @@
from
AccessControl
import
ClassSecurityInfo
from
Products.ERP5Type.Tool.BaseTool
import
BaseTool
from
Products.ERP5Type.Permissions
import
ManagePortal
from
Products.ERP5Type.Utils
import
non_publishable
#from Products.ERP5ShortMessage import _dtmldir
class
SMSTool
(
BaseTool
):
"""
This tool manages gadgets.
It is used as a central point to manage gadgets (ERP5 or external ones)...
This tool takes care of sending SMS.
"""
id
=
'portal_sms'
meta_type
=
'ERP5 SMS Tool'
...
...
@@ -50,6 +49,7 @@ class SMSTool(BaseTool):
#manage_overview = DTMLFile('explainSMSTool', _dtmldir )
security
.
declareProtected
(
ManagePortal
,
'send'
)
@
non_publishable
def
send
(
self
,
text
,
recipient
,
sender
,
gateway_reference
=
'default'
,
document_relative_url
=
None
,
activate_kw
=
None
):
"""Send the message
...
...
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.EmailDocument.py
View file @
c4e5b100
...
...
@@ -32,6 +32,7 @@ from DateTime import DateTime
from
AccessControl
import
ClassSecurityInfo
from
Products.ERP5Type.Accessor.Constant
import
PropertyGetter
as
ConstantGetter
from
Products.ERP5Type
import
Permissions
,
PropertySheet
from
Products.ERP5Type.Utils
import
non_publishable
from
erp5.component.document.TextDocument
import
TextDocument
from
erp5.component.document.File
import
File
from
erp5.component.mixin.MailMessageMixin
import
MailMessageMixin
,
testCharsetAndConvert
...
...
@@ -359,6 +360,7 @@ class EmailDocument(TextDocument, MailMessageMixin):
return content_information.get('
Return
-
Path
', content_information.get('
From
'))
security.declareProtected(Permissions.UseMailhostServices, '
sendMailHostMessage
')
@non_publishable
def sendMailHostMessage(self, message):
"""
Send one by one
...
...
product/ERP5/bootstrap/erp5_core/DocumentTemplateItem/portal_components/document.erp5.Event.py
View file @
c4e5b100
...
...
@@ -32,9 +32,11 @@ from AccessControl import ClassSecurityInfo
from
Products.ERP5Type
import
Permissions
,
PropertySheet
from
Products.ERP5Type.Accessor.Constant
import
PropertyGetter
as
ConstantGetter
from
Products.ERP5Type.Globals
import
InitializeClass
from
Products.ERP5Type.Utils
import
non_publishable
from
erp5.component.document.Movement
import
Movement
from
erp5.component.document.EmailDocument
import
EmailDocument
class
AcknowledgeableMixin
:
"""
Mixin class for all documents that we can acknowledge
...
...
@@ -154,6 +156,7 @@ class Event(Movement, EmailDocument, AcknowledgeableMixin):
return
self
security
.
declareProtected
(
Permissions
.
UseMailhostServices
,
'send'
)
@
non_publishable
def
send
(
self
,
from_url
=
None
,
to_url
=
None
,
reply_url
=
None
,
subject
=
None
,
body
=
None
,
attachment_format
=
None
,
attachment_list
=
None
,
download
=
False
,
**
kw
):
...
...
product/ERP5Type/patches/MailHost.py
View file @
c4e5b100
...
...
@@ -20,6 +20,7 @@ In ERP5, we have Activity Tool to postpone mail delivery.
from
inspect
import
getargspec
,
isfunction
from
Products.MailHost.MailHost
import
MailBase
from
Products.ERP5Type.Utils
import
non_publishable
import
six
for
f
in
six
.
itervalues
(
MailBase
.
__dict__
):
...
...
@@ -44,3 +45,5 @@ def _makeMailer(self):
return
smtp_mailer
MailBase
.
_makeMailer
=
_makeMailer
MailBase
.
send
=
non_publishable
(
MailBase
.
send
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment