[CMF-checkins] SVN: CMF/branches/1.6/CMFCore/ Add post protection
to role and user management methods, requires Zope 2.8.9,
2.9.7, or 2.10.3+ or Hotfix_20070320
Alec Mitchell
apm13 at columbia.edu
Sat Mar 31 05:50:37 EDT 2007
Log message for revision 73951:
Add post protection to role and user management methods, requires Zope 2.8.9, 2.9.7, or 2.10.3+ or Hotfix_20070320
Changed:
U CMF/branches/1.6/CMFCore/MembershipTool.py
U CMF/branches/1.6/CMFCore/utils.py
-=-
Modified: CMF/branches/1.6/CMFCore/MembershipTool.py
===================================================================
--- CMF/branches/1.6/CMFCore/MembershipTool.py 2007-03-30 14:32:29 UTC (rev 73950)
+++ CMF/branches/1.6/CMFCore/MembershipTool.py 2007-03-31 09:50:35 UTC (rev 73951)
@@ -45,6 +45,7 @@
from utils import _getAuthenticatedUser
from utils import getToolByName
from utils import UniqueObject
+from utils import postonly
logger = logging.getLogger('CMFCore.MembershipTool')
@@ -282,7 +283,7 @@
createMemberarea = createMemberArea
security.declareProtected(ManageUsers, 'deleteMemberArea')
- def deleteMemberArea(self, member_id):
+ def deleteMemberArea(self, member_id, REQUEST=None):
""" Delete member area of member specified by member_id.
"""
members = self.getMembersFolder()
@@ -293,6 +294,7 @@
return 1
else:
return 0
+ postonly(deleteMemberArea)
security.declarePublic('isAnonymousUser')
def isAnonymousUser(self):
@@ -413,7 +415,8 @@
return tuple(local_roles)
security.declareProtected(View, 'setLocalRoles')
- def setLocalRoles(self, obj, member_ids, member_role, reindex=1):
+ def setLocalRoles(self, obj, member_ids, member_role, reindex=1,
+ REQUEST=None):
""" Add local roles on an item.
"""
if ( _checkPermission(ChangeLocalRoles, obj)
@@ -430,9 +433,11 @@
# reindexObjectSecurity, which is in CMFCatalogAware and
# thus PortalContent and PortalFolder.
obj.reindexObjectSecurity()
+ setLocalRoles = postonly(setLocalRoles)
security.declareProtected(View, 'deleteLocalRoles')
- def deleteLocalRoles(self, obj, member_ids, reindex=1, recursive=0):
+ def deleteLocalRoles(self, obj, member_ids, reindex=1, recursive=0,
+ REQUEST=None):
""" Delete local roles of specified members.
"""
if _checkPermission(ChangeLocalRoles, obj):
@@ -448,6 +453,7 @@
if reindex:
# reindexObjectSecurity is always recursive
obj.reindexObjectSecurity()
+ deleteLocalRoles = postonly(deleteLocalRoles)
security.declarePrivate('addMember')
def addMember(self, id, password, roles, domains, properties=None):
@@ -471,7 +477,7 @@
security.declareProtected(ManageUsers, 'deleteMembers')
def deleteMembers(self, member_ids, delete_memberareas=1,
- delete_localroles=1):
+ delete_localroles=1, REQUEST=None):
""" Delete members specified by member_ids.
"""
@@ -511,6 +517,7 @@
reindex=1, recursive=1 )
return tuple(member_ids)
+ deleteMembers = postonly(deleteMembers)
security.declarePublic('getHomeFolder')
def getHomeFolder(self, id=None, verifyPermission=0):
Modified: CMF/branches/1.6/CMFCore/utils.py
===================================================================
--- CMF/branches/1.6/CMFCore/utils.py 2007-03-30 14:32:29 UTC (rev 73950)
+++ CMF/branches/1.6/CMFCore/utils.py 2007-03-31 09:50:35 UTC (rev 73951)
@@ -862,3 +862,14 @@
def __init__(self, **kw):
self.__dict__.update(kw)
+
+# postonly decorator is only available in Zope 2.8.9, 2.9.7, 2.10.3 and 2.11,
+# or in Hotfix_20070320.
+try:
+ from AccessControl.requestmethod import postonly
+except ImportError:
+ try:
+ from Products.Hotfix_20070320 import postonly
+ except ImportError:
+ def postonly(callable):
+ return callable
More information about the CMF-checkins
mailing list