Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Paul Graydon
erp5
Commits
bad1a707
Commit
bad1a707
authored
Sep 25, 2013
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
monkey patch PythonScript so that we have Guard like DCWorkflow.Transition.
parent
ea12774e
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
125 additions
and
0 deletions
+125
-0
product/ERP5Type/dtml/editGuardForm.dtml
product/ERP5Type/dtml/editGuardForm.dtml
+28
-0
product/ERP5Type/patches/PythonScript.py
product/ERP5Type/patches/PythonScript.py
+97
-0
No files found.
product/ERP5Type/dtml/editGuardForm.dtml
0 → 100644
View file @
bad1a707
<dtml-var manage_page_header>
<dtml-var manage_tabs>
<form action="manage_setGuard" method="POST">
<table>
<tr>
<th align="left" valign="top">Guard</th>
<td>
<dtml-with getGuard>
<table>
<tr>
<th align="left">Permission(s)</th>
<td><input type="text" name="guard_permissions" value="&dtml-getPermissionsText;" /></td>
<th align="left">Role(s)</th>
<td><input type="text" name="guard_roles" value="&dtml-getRolesText;" /></td>
<th align="left">Group(s)</th>
<td><input type="text" name="guard_groups" value="&dtml-getGroupsText;" /></td>
</tr>
</table>
</dtml-with>
</td>
</tr>
</table>
<input type="submit" name="submit" value="Save changes" />
</form>
<dtml-var manage_page_footer>
product/ERP5Type/patches/PythonScript.py
View file @
bad1a707
...
...
@@ -10,11 +10,16 @@
# FOR A PARTICULAR PURPOSE
#
##############################################################################
from
Products.CMFCore.utils
import
_checkPermission
from
Products.DCWorkflow.Guard
import
Guard
from
Products.PythonScripts.PythonScript
import
PythonScript
from
App.special_dtml
import
DTMLFile
from
Products.ERP5Type
import
_dtmldir
from
AccessControl
import
ModuleSecurityInfo
,
getSecurityManager
from
OFS.misc_
import
p_
from
App.ImageFile
import
ImageFile
from
Acquisition
import
aq_base
,
aq_parent
from
zExceptions
import
Forbidden
def
haveProxyRole
(
self
):
"""if a script has proxy role, return True"""
...
...
@@ -50,3 +55,95 @@ PythonScript.manage = manage_editForm
PythonScript
.
manage_main
=
manage_editForm
PythonScript
.
manage_editDocument
=
manage_editForm
PythonScript
.
manage_editForm
=
manage_editForm
security
=
ModuleSecurityInfo
(
'Products.PythonScripts.PythonScript.PythonScript'
)
PythonScript
.
manage_options
+=
(
{
'label'
:
'Guard'
,
'action'
:
'manage_guardForm'
,
},
)
PythonScript
.
_guard_form
=
DTMLFile
(
'editGuardForm'
,
_dtmldir
)
def
manage_guardForm
(
self
,
REQUEST
,
manage_tabs_message
=
None
):
'''
'''
return
self
.
_guard_form
(
REQUEST
,
management_view
=
'Guard'
,
manage_tabs_message
=
manage_tabs_message
,
)
PythonScript
.
manage_guardForm
=
manage_guardForm
security
.
declareProtected
(
'View management screens'
,
'manage_guardForm'
)
def
manage_setGuard
(
self
,
props
=
None
,
REQUEST
=
None
):
'''
'''
g
=
Guard
()
if
g
.
changeFromProperties
(
props
or
REQUEST
):
self
.
guard
=
g
else
:
self
.
guard
=
None
if
REQUEST
is
not
None
:
return
self
.
manage_guardForm
(
REQUEST
,
'Properties changed.'
)
PythonScript
.
manage_setGuard
=
manage_setGuard
security
.
declareProtected
(
'Change Python Scripts'
,
'manage_setGuard'
)
def
getGuard
(
self
):
guard
=
getattr
(
self
,
'guard'
,
None
)
if
guard
is
not
None
:
return
guard
else
:
return
Guard
().
__of__
(
self
)
# Create a temporary guard.
PythonScript
.
getGuard
=
getGuard
def
checkGuard
(
guard
,
ob
):
# returns 1 if guard passes against ob, else 0.
# TODO : implement TALES evaluation by defining an appropriate
# context.
u
=
None
if
guard
.
permissions
:
for
p
in
guard
.
permissions
:
if
_checkPermission
(
p
,
ob
):
break
else
:
return
0
if
guard
.
roles
:
if
u
is
None
:
u
=
getSecurityManager
().
getUser
()
# Require at least one of the given roles.
u_roles
=
u
.
getRolesInContext
(
ob
)
for
role
in
guard
.
roles
:
if
role
in
u_roles
:
break
else
:
return
0
if
guard
.
groups
:
# Require at least one of the specified groups.
if
u
is
None
:
u
=
getSecurityManager
().
getUser
()
b
=
aq_base
(
u
)
if
hasattr
(
b
,
'getGroupsInContext'
):
u_groups
=
u
.
getGroupsInContext
(
ob
)
elif
hasattr
(
b
,
'getGroups'
):
u_groups
=
u
.
getGroups
()
else
:
u_groups
=
()
for
group
in
guard
.
groups
:
if
group
in
u_groups
:
break
else
:
return
0
return
1
PythonScript_exec
=
PythonScript
.
_exec
def
_exec
(
self
,
*
args
):
# PATCH BEGIN : check guard against context, if guard exists.
guard
=
getattr
(
self
,
'guard'
,
None
)
if
guard
is
not
None
:
if
not
checkGuard
(
guard
,
aq_parent
(
self
)):
raise
Forbidden
,
'Calling %s %s is denied by Guard.'
%
(
self
.
meta_type
,
self
.
id
)
# PATCH END
return
PythonScript_exec
(
self
,
*
args
)
PythonScript
.
_exec
=
_exec
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment