patches/Restricted: allow random.Random

all member of random module are available (because in ZopeGuards, there's a
random.__allow_access_to_unprotected_subobjects__ = 1), SystemRandom class
also is, but Random class was not, even though there should be nothing unsafe
in this.

This is needed if we want to use a random number generator with a fixed seed
to get reproductible results. We could use random.seed module level function
but since this is also used by several things in ERP5 this does not produce
reproductible sequences.

bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testRestrictedPythonSecurity.py

@@ -129,6 +129,10 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
         expected=[('q', 's')]
     )
 
+  def testRandom(self):
+    self.createAndRunScript('import random',
+                            'return random.Random().getrandbits(10)')
+
   def testSystemRandom(self):
     self.createAndRunScript('import random',
                             'return random.SystemRandom().getrandbits(10)')

product/ERP5Type/patches/Restricted.py

@@ -393,6 +393,8 @@ del member_id, member
 
 from random import SystemRandom
 allow_type(SystemRandom)
+from random import Random
+allow_type(Random)
 ModuleSecurityInfo('os').declarePublic('urandom')
 
 #