Commit f4fd281a authored by Rafael Monnerat's avatar Rafael Monnerat

erp5_maileva_connector: Rework security to not require roles

   The way to use the connector should NOT require us to set Roles on portal_web_services objects.

   Documents on portal_web_services contains passwords to third-party software so, that should be not accessible by the user (even with proper roles).

   I set a minimal set of proxy roles and re-work to use path rather them object to not require roles everywhere.
parent 3cd7fef0
portal = context.getPortalObject()
maileva_connector = portal.ERP5Site_getAvailableMailevaSOAPConnector()
maileva_connector_path = portal.ERP5Site_getAvailableMailevaSOAPConnector()
maileva_connector = portal.restrictTraverse(maileva_connector_path)
notification_dict = maileva_connector.checkPendingNotifications()
......
from zExceptions import Unauthorized
if REQUEST is not None:
raise Unauthorized
maileva_connector = context.portal_catalog.getResultValue(
portal_type='Maileva SOAP Connector',
reference=reference,
validation_state='validated')
if not maileva_connector:
raise ValueError('Maileav soap connector is not defined')
return maileva_connector
return maileva_connector.getRelativeUrl()
......@@ -50,7 +50,15 @@
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>reference="maileva_soap_connector"</string> </value>
<value> <string>reference="maileva_soap_connector", REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
......
maileva_connector = context.getPortalObject().ERP5Site_getAvailableMailevaSOAPConnector()
portal = context.getPortalObject()
maileva_connector = portal.restrictedTraverse(portal.ERP5Site_getAvailableMailevaSOAPConnector())
result = maileva_connector.getPendingNotificationDetails(track_id)
if result['status'] == "SENT":
document = context.getFollowUpValue()
......
from zExceptions import Unauthorized
if REQUEST is not None:
raise Unauthorized
connector = context.getResourceValue()
connector.processResponse(response, context.getObject(), failed)
......@@ -50,7 +50,15 @@
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>response, failed=False</string> </value>
<value> <string>response, failed=False, REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
......
from zExceptions import Unauthorized
if REQUEST is not None:
raise Unauthorized
connector = context.getResourceValue()
connector.submitRequest(context)
......@@ -50,7 +50,15 @@
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
<value> <string>REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
......
......@@ -4,7 +4,8 @@ now = DateTime()
portal = context.getPortalObject()
# Do some check here
maileva_connector = portal.ERP5Site_getAvailableMailevaSOAPConnector()
maileva_connector_path = portal.ERP5Site_getAvailableMailevaSOAPConnector()
maileva_connector = portal.restrictedTraverse(maileva_connector_path)
today = now.toZone('UTC').asdatetime().strftime('%Y-%m-%d')
number = str(portal.portal_ids.generateNewId(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment