[CMF-checkins] SVN: CMF/trunk/ forward ported r74276 and r77182 from 2.1 branch

Yvo Schubbe y.2007- at wcm-solutions.de
Thu Jun 28 13:31:47 EDT 2007


Log message for revision 77183:
  forward ported r74276 and r77182 from 2.1 branch
  - postonly fixes
  - fix for skin lookup

Changed:
  U   CMF/trunk/CMFCore/MembershipTool.py
  U   CMF/trunk/CMFCore/RegistrationTool.py
  U   CMF/trunk/CMFCore/SkinsTool.py
  U   CMF/trunk/CMFCore/WorkflowTool.py
  U   CMF/trunk/CMFCore/dtml/selectWorkflows.dtml
  U   CMF/trunk/CMFDefault/RegistrationTool.py
  U   CMF/trunk/CMFDefault/skins/zpt_control/change_password.py
  U   CMF/trunk/CMFDefault/skins/zpt_control/folder_localrole_edit.py
  U   CMF/trunk/CMFDefault/skins/zpt_control/members_add_control.py
  U   CMF/trunk/CMFDefault/skins/zpt_control/members_delete_control.py
  U   CMF/trunk/DCWorkflow/States.py
  U   CMF/trunk/DCWorkflow/WorkflowUIMixin.py

-=-
Modified: CMF/trunk/CMFCore/MembershipTool.py
===================================================================
--- CMF/trunk/CMFCore/MembershipTool.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFCore/MembershipTool.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -18,6 +18,7 @@
 from warnings import warn
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.requestmethod import postonly
 from AccessControl.User import nobody
 from Acquisition import aq_base
 from Acquisition import aq_inner
@@ -90,7 +91,8 @@
     manage_mapRoles = DTMLFile('membershipRolemapping', _dtmldir )
 
     security.declareProtected(SetOwnPassword, 'setPassword')
-    def setPassword(self, password, domains=None):
+    @postonly
+    def setPassword(self, password, domains=None, REQUEST=None):
         '''Allows the authenticated member to set his/her own password.
         '''
         registration = queryUtility(IRegistrationTool)
@@ -167,7 +169,8 @@
         return roles
 
     security.declareProtected(ManagePortal, 'setRoleMapping')
-    def setRoleMapping(self, portal_role, userfolder_role):
+    @postonly
+    def setRoleMapping(self, portal_role, userfolder_role, REQUEST=None):
         """
         set the mapping of roles between roles understood by
         the portal and roles coming from outside user sources
@@ -283,7 +286,8 @@
     createMemberarea = createMemberArea
 
     security.declareProtected(ManageUsers, 'deleteMemberArea')
-    def deleteMemberArea(self, member_id):
+    @postonly
+    def deleteMemberArea(self, member_id, REQUEST=None):
         """ Delete member area of member specified by member_id.
         """
         members = self.getMembersFolder()
@@ -417,7 +421,9 @@
         return tuple(local_roles)
 
     security.declareProtected(View, 'setLocalRoles')
-    def setLocalRoles(self, obj, member_ids, member_role, reindex=1):
+    @postonly
+    def setLocalRoles(self, obj, member_ids, member_role, reindex=1,
+                      REQUEST=None):
         """ Add local roles on an item.
         """
         if ( _checkPermission(ChangeLocalRoles, obj)
@@ -436,7 +442,9 @@
             obj.reindexObjectSecurity()
 
     security.declareProtected(View, 'deleteLocalRoles')
-    def deleteLocalRoles(self, obj, member_ids, reindex=1, recursive=0):
+    @postonly
+    def deleteLocalRoles(self, obj, member_ids, reindex=1, recursive=0,
+                         REQUEST=None):
         """ Delete local roles of specified members.
         """
         if _checkPermission(ChangeLocalRoles, obj):
@@ -465,8 +473,9 @@
             member.setMemberProperties(properties)
 
     security.declareProtected(ManageUsers, 'deleteMembers')
+    @postonly
     def deleteMembers(self, member_ids, delete_memberareas=1,
-                      delete_localroles=1):
+                      delete_localroles=1, REQUEST=None):
         """ Delete members specified by member_ids.
         """
 

Modified: CMF/trunk/CMFCore/RegistrationTool.py
===================================================================
--- CMF/trunk/CMFCore/RegistrationTool.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFCore/RegistrationTool.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -19,6 +19,7 @@
 from random import choice
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.requestmethod import postonly
 from Globals import DTMLFile
 from Globals import InitializeClass
 from OFS.SimpleItem import SimpleItem
@@ -129,8 +130,9 @@
         return ''.join( [ choice(chars) for i in range(6) ] )
 
     security.declareProtected(AddPortalMember, 'addMember')
+    @postonly
     def addMember(self, id, password, roles=('Member',), domains='',
-                  properties=None):
+                  properties=None, REQUEST=None):
         '''Creates a PortalMember and returns it. The properties argument
         can be a mapping with additional member properties. Raises an
         exception if the given id already exists, the password does not

Modified: CMF/trunk/CMFCore/SkinsTool.py
===================================================================
--- CMF/trunk/CMFCore/SkinsTool.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFCore/SkinsTool.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -308,8 +308,8 @@
         mtool = getUtility(IMembershipTool)
         utool = getToolByName(self, 'portal_url')
         member = mtool.getAuthenticatedMember()
-        if hasattr(aq_base(member), 'portal_skin'):
-            mskin = member.portal_skin
+        if hasattr(aq_base(member), 'getProperty'):
+            mskin = member.getProperty('portal_skin', None)
             if mskin:
                 req = self.REQUEST
                 cookie = req.cookies.get(self.request_varname, None)

Modified: CMF/trunk/CMFCore/WorkflowTool.py
===================================================================
--- CMF/trunk/CMFCore/WorkflowTool.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFCore/WorkflowTool.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -19,6 +19,7 @@
 from warnings import warn
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.requestmethod import postonly
 from Acquisition import aq_base, aq_inner, aq_parent
 from Globals import DTMLFile
 from Globals import InitializeClass
@@ -107,8 +108,8 @@
             manage_tabs_message=manage_tabs_message)
 
     security.declareProtected( ManagePortal, 'manage_changeWorkflows')
+    @postonly
     def manage_changeWorkflows(self, default_chain, props=None, REQUEST=None):
-
         """ Changes which workflows apply to objects of which type.
         """
         if props is None:
@@ -357,7 +358,8 @@
     #   'IConfigurableWorkflowTool' interface methods
     #
     security.declareProtected(ManagePortal, 'setDefaultChain')
-    def setDefaultChain(self, default_chain):
+    @postonly
+    def setDefaultChain(self, default_chain, REQUEST=None):
         """ Set the default chain for this tool.
         """
         default_chain = default_chain.replace(',', ' ')
@@ -371,7 +373,9 @@
         self._default_chain = tuple(ids)
 
     security.declareProtected(ManagePortal, 'setChainForPortalTypes')
-    def setChainForPortalTypes(self, pt_names, chain, verify=True):
+    @postonly
+    def setChainForPortalTypes(self, pt_names, chain, verify=True,
+                               REQUEST=None):
         """ Set a chain for specific portal types.
         """
         cbt = self._chains_by_type
@@ -438,6 +442,7 @@
     #   Other methods
     #
     security.declareProtected(ManagePortal, 'updateRoleMappings')
+    @postonly
     def updateRoleMappings(self, REQUEST=None):
         """ Allow workflows to update the role-permission mappings.
         """

Modified: CMF/trunk/CMFCore/dtml/selectWorkflows.dtml
===================================================================
--- CMF/trunk/CMFCore/dtml/selectWorkflows.dtml	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFCore/dtml/selectWorkflows.dtml	2007-06-28 17:31:46 UTC (rev 77183)
@@ -50,7 +50,7 @@
 Click the button below to update the security settings of all
 workflow-aware objects in this portal.
 
-<form action="updateRoleMappings" method="GET">
+<form action="updateRoleMappings" method="POST">
 <input type="submit" name="submit" value="Update security settings" />
 </form>
 </p>

Modified: CMF/trunk/CMFDefault/RegistrationTool.py
===================================================================
--- CMF/trunk/CMFDefault/RegistrationTool.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFDefault/RegistrationTool.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -16,6 +16,7 @@
 """
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.requestmethod import postonly
 from Acquisition import aq_base
 from Globals import InitializeClass
 from Products.MailHost.interfaces import IMailHost
@@ -183,13 +184,9 @@
         host.send( mail_text )
 
     security.declareProtected(ManagePortal, 'editMember')
-    def editMember( self
-                  , member_id
-                  , properties=None
-                  , password=None
-                  , roles=None
-                  , domains=None
-                  ):
+    @postonly
+    def editMember(self, member_id, properties=None, password=None,
+                   roles=None, domains=None, REQUEST=None):
         """ Edit a user's properties and security settings
 
         o Checks should be done before this method is called using

Modified: CMF/trunk/CMFDefault/skins/zpt_control/change_password.py
===================================================================
--- CMF/trunk/CMFDefault/skins/zpt_control/change_password.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFDefault/skins/zpt_control/change_password.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -12,7 +12,7 @@
     return context.setStatus(False, result)
 
 member = mtool.getAuthenticatedMember()
-mtool.setPassword(password, domains)
+mtool.setPassword(password, domains, REQUEST=context.REQUEST)
 if member.getProperty('last_login_time') == DateTime('1999/01/01'):
     member.setProperties(last_login_time='2000/01/01')
 

Modified: CMF/trunk/CMFDefault/skins/zpt_control/folder_localrole_edit.py
===================================================================
--- CMF/trunk/CMFDefault/skins/zpt_control/folder_localrole_edit.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFDefault/skins/zpt_control/folder_localrole_edit.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -9,10 +9,12 @@
 if change_type == 'add':
     mtool.setLocalRoles(obj=context,
                         member_ids=context.REQUEST.get('member_ids', ()),
-                        member_role=context.REQUEST.get('member_role', ''))
+                        member_role=context.REQUEST.get('member_role', ''),
+                        REQUEST=context.REQUEST)
 else:
     mtool.deleteLocalRoles(obj=context,
-                           member_ids=context.REQUEST.get('member_ids', ()))
+                           member_ids=context.REQUEST.get('member_ids', ()),
+                           REQUEST=context.REQUEST)
 
 context.setStatus(True, _(u'Local Roles changed.'))
 context.setRedirect(context, 'object/localroles')

Modified: CMF/trunk/CMFDefault/skins/zpt_control/members_add_control.py
===================================================================
--- CMF/trunk/CMFDefault/skins/zpt_control/members_add_control.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFDefault/skins/zpt_control/members_add_control.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -12,7 +12,8 @@
 try:
     rtool.addMember( id=member_id, password=password,
                      properties={'username': member_id,
-                                 'email': member_email} )
+                                 'email': member_email},
+                     REQUEST=context.REQUEST)
 except ValueError, errmsg:
     return context.setStatus(False, errmsg)
 else:

Modified: CMF/trunk/CMFDefault/skins/zpt_control/members_delete_control.py
===================================================================
--- CMF/trunk/CMFDefault/skins/zpt_control/members_delete_control.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/CMFDefault/skins/zpt_control/members_delete_control.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -6,7 +6,7 @@
 
 mtool = getToolByInterfaceName('Products.CMFCore.interfaces.IMembershipTool')
 
-mtool.deleteMembers(ids)
+mtool.deleteMembers(ids, REQUEST=context.REQUEST)
 
 if len(ids) == 1:
     return context.setStatus(True, _(u'Selected member deleted.'))

Modified: CMF/trunk/DCWorkflow/States.py
===================================================================
--- CMF/trunk/DCWorkflow/States.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/DCWorkflow/States.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -16,6 +16,7 @@
 """
 
 from AccessControl import ClassSecurityInfo
+from AccessControl.requestmethod import postonly
 from Acquisition import aq_inner
 from Acquisition import aq_parent
 from Globals import DTMLFile
@@ -196,6 +197,7 @@
                                      manage_tabs_message=manage_tabs_message,
                                      )
 
+    @postonly
     def setPermissions(self, REQUEST):
         """Set the permissions in REQUEST for this State."""
         pr = self.permission_roles
@@ -214,7 +216,8 @@
             pr[p] = roles
         return self.manage_permissions(REQUEST, 'Permissions changed.')
 
-    def setPermission(self, permission, acquired, roles):
+    @postonly
+    def setPermission(self, permission, acquired, roles, REQUEST=None):
         """Set a permission for this State."""
         pr = self.permission_roles
         if pr is None:
@@ -227,6 +230,7 @@
 
     manage_groups = PageTemplateFile('state_groups.pt', _dtmldir)
 
+    @postonly
     def setGroups(self, REQUEST, RESPONSE=None):
         """Set the group to role mappings in REQUEST for this State.
         """

Modified: CMF/trunk/DCWorkflow/WorkflowUIMixin.py
===================================================================
--- CMF/trunk/DCWorkflow/WorkflowUIMixin.py	2007-06-28 17:25:27 UTC (rev 77182)
+++ CMF/trunk/DCWorkflow/WorkflowUIMixin.py	2007-06-28 17:31:46 UTC (rev 77183)
@@ -20,6 +20,7 @@
 from Globals import DTMLFile
 from Globals import InitializeClass
 from AccessControl import ClassSecurityInfo
+from AccessControl.requestmethod import postonly
 from Acquisition import aq_get
 
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
@@ -53,6 +54,7 @@
     manage_groups = PageTemplateFile('workflow_groups.pt', _dtmldir)
 
     security.declareProtected(ManagePortal, 'setProperties')
+    @postonly
     def setProperties(self, title, manager_bypass=0, props=None, 
                       REQUEST=None, description=''):
         """Sets basic properties.
@@ -81,6 +83,7 @@
                                       )
 
     security.declareProtected(ManagePortal, 'addManagedPermission')
+    @postonly
     def addManagedPermission(self, p, REQUEST=None):
         """Adds to the list of permissions to manage.
         """
@@ -94,6 +97,7 @@
                 REQUEST, manage_tabs_message='Permission added.')
 
     security.declareProtected(ManagePortal, 'delManagedPermissions')
+    @postonly
     def delManagedPermissions(self, ps, REQUEST=None):
         """Removes from the list of permissions to manage.
         """
@@ -134,7 +138,8 @@
             return [g['id'] for g in groups]
 
     security.declareProtected(ManagePortal, 'addGroup')
-    def addGroup(self, group, RESPONSE=None):
+    @postonly
+    def addGroup(self, group, RESPONSE=None, REQUEST=None):
         """Adds a group by name.
         """
         if group not in self.getAvailableGroups():
@@ -146,7 +151,8 @@
                 % self.absolute_url())
 
     security.declareProtected(ManagePortal, 'delGroups')
-    def delGroups(self, groups, RESPONSE=None):
+    @postonly
+    def delGroups(self, groups, RESPONSE=None, REQUEST=None):
         """Removes groups by name.
         """
         self.groups = tuple([g for g in self.groups if g not in groups])
@@ -181,7 +187,8 @@
         return self.valid_roles()
 
     security.declareProtected(ManagePortal, 'setRoles')
-    def setRoles(self, roles, RESPONSE=None):
+    @postonly
+    def setRoles(self, roles, RESPONSE=None, REQUEST=None):
         """Changes the list of roles mapped to groups by this workflow.
         """
         avail = self.getAvailableRoles()



More information about the CMF-checkins mailing list