[CMF-checkins] SVN: CMF/branches/1.6/DCWorkflow/ Add postonly protections to methods managing permissions, roles, and groups for workflow

Alec Mitchell apm13 at columbia.edu
Sat Mar 31 09:45:26 EDT 2007


Log message for revision 73952:
  Add postonly protections to methods managing permissions, roles, and groups for workflow
  

Changed:
  U   CMF/branches/1.6/DCWorkflow/States.py
  U   CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py

-=-
Modified: CMF/branches/1.6/DCWorkflow/States.py
===================================================================
--- CMF/branches/1.6/DCWorkflow/States.py	2007-03-31 09:50:35 UTC (rev 73951)
+++ CMF/branches/1.6/DCWorkflow/States.py	2007-03-31 13:45:25 UTC (rev 73952)
@@ -27,6 +27,7 @@
 from ContainerTab import ContainerTab
 from permissions import ManagePortal
 from utils import _dtmldir
+from Products.CMFCore.utils import postonly
 
 
 class StateDefinition(SimpleItem):
@@ -213,8 +214,9 @@
                 roles = tuple(roles)
             pr[p] = roles
         return self.manage_permissions(REQUEST, 'Permissions changed.')
+    setPermissions = postonly(setPermissions)
 
-    def setPermission(self, permission, acquired, roles):
+    def setPermission(self, permission, acquired, roles, REQUEST=None):
         """Set a permission for this State."""
         pr = self.permission_roles
         if pr is None:
@@ -224,6 +226,7 @@
         else:
             roles = tuple(roles)
         pr[permission] = roles
+    setPermission = postonly(setPermission)
 
     manage_groups = PageTemplateFile('state_groups.pt', _dtmldir)
 
@@ -247,6 +250,7 @@
             RESPONSE.redirect(
                 "%s/manage_groups?manage_tabs_message=Groups+changed."
                 % self.absolute_url())
+    setGroups = postonly(setGroups)
 
 InitializeClass(StateDefinition)
 

Modified: CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py
===================================================================
--- CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py	2007-03-31 09:50:35 UTC (rev 73951)
+++ CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py	2007-03-31 13:45:25 UTC (rev 73952)
@@ -27,6 +27,7 @@
 from permissions import ManagePortal
 from Guard import Guard
 from utils import _dtmldir
+from Products.CMFCore.utils import postonly
 
 try:
     #
@@ -66,6 +67,7 @@
         if REQUEST is not None:
             return self.manage_properties(
                 REQUEST, manage_tabs_message='Properties changed.')
+    setProperties = postonly(setProperties)
 
     _permissions_form = DTMLFile('workflow_permissions', _dtmldir)
 
@@ -90,6 +92,7 @@
         if REQUEST is not None:
             return self.manage_permissions(
                 REQUEST, manage_tabs_message='Permission added.')
+    addManagedPermission = postonly(addManagedPermission)
 
     security.declareProtected(ManagePortal, 'delManagedPermissions')
     def delManagedPermissions(self, ps, REQUEST=None):
@@ -103,6 +106,7 @@
         if REQUEST is not None:
             return self.manage_permissions(
                 REQUEST, manage_tabs_message='Permission(s) removed.')
+    delManagedPermissions = postonly(delManagedPermissions)
 
     security.declareProtected(ManagePortal, 'getPossiblePermissions')
     def getPossiblePermissions(self):
@@ -132,7 +136,7 @@
             return [g['id'] for g in groups]
 
     security.declareProtected(ManagePortal, 'addGroup')
-    def addGroup(self, group, RESPONSE=None):
+    def addGroup(self, group, RESPONSE=None, REQUEST=None):
         """Adds a group by name.
         """
         if group not in self.getAvailableGroups():
@@ -142,9 +146,10 @@
             RESPONSE.redirect(
                 "%s/manage_groups?manage_tabs_message=Added+group."
                 % self.absolute_url())
+    addGroup = postonly(addGroup)
 
     security.declareProtected(ManagePortal, 'delGroups')
-    def delGroups(self, groups, RESPONSE=None):
+    def delGroups(self, groups, RESPONSE=None, REQUEST=None):
         """Removes groups by name.
         """
         self.groups = tuple([g for g in self.groups if g not in groups])
@@ -152,6 +157,7 @@
             RESPONSE.redirect(
                 "%s/manage_groups?manage_tabs_message=Groups+removed."
                 % self.absolute_url())
+    delGroups = postonly(delGroups)
 
     security.declareProtected(ManagePortal, 'getAvailableRoles')
     def getAvailableRoles(self):
@@ -179,7 +185,7 @@
         return self.valid_roles()
 
     security.declareProtected(ManagePortal, 'setRoles')
-    def setRoles(self, roles, RESPONSE=None):
+    def setRoles(self, roles, RESPONSE=None, REQUEST=None):
         """Changes the list of roles mapped to groups by this workflow.
         """
         avail = self.getAvailableRoles()
@@ -191,6 +197,7 @@
             RESPONSE.redirect(
                 "%s/manage_groups?manage_tabs_message=Roles+changed."
                 % self.absolute_url())
+    setRoles = postonly(setRoles)
 
     security.declareProtected(ManagePortal, 'getGuard')
     def getGuard(self):



More information about the CMF-checkins mailing list