[CMF-checkins] SVN: CMF/branches/1.6/DCWorkflow/ Add postonly
protections to methods managing permissions, roles,
and groups for workflow
Alec Mitchell
apm13 at columbia.edu
Sat Mar 31 09:45:26 EDT 2007
Log message for revision 73952:
Add postonly protections to methods managing permissions, roles, and groups for workflow
Changed:
U CMF/branches/1.6/DCWorkflow/States.py
U CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py
-=-
Modified: CMF/branches/1.6/DCWorkflow/States.py
===================================================================
--- CMF/branches/1.6/DCWorkflow/States.py 2007-03-31 09:50:35 UTC (rev 73951)
+++ CMF/branches/1.6/DCWorkflow/States.py 2007-03-31 13:45:25 UTC (rev 73952)
@@ -27,6 +27,7 @@
from ContainerTab import ContainerTab
from permissions import ManagePortal
from utils import _dtmldir
+from Products.CMFCore.utils import postonly
class StateDefinition(SimpleItem):
@@ -213,8 +214,9 @@
roles = tuple(roles)
pr[p] = roles
return self.manage_permissions(REQUEST, 'Permissions changed.')
+ setPermissions = postonly(setPermissions)
- def setPermission(self, permission, acquired, roles):
+ def setPermission(self, permission, acquired, roles, REQUEST=None):
"""Set a permission for this State."""
pr = self.permission_roles
if pr is None:
@@ -224,6 +226,7 @@
else:
roles = tuple(roles)
pr[permission] = roles
+ setPermission = postonly(setPermission)
manage_groups = PageTemplateFile('state_groups.pt', _dtmldir)
@@ -247,6 +250,7 @@
RESPONSE.redirect(
"%s/manage_groups?manage_tabs_message=Groups+changed."
% self.absolute_url())
+ setGroups = postonly(setGroups)
InitializeClass(StateDefinition)
Modified: CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py
===================================================================
--- CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py 2007-03-31 09:50:35 UTC (rev 73951)
+++ CMF/branches/1.6/DCWorkflow/WorkflowUIMixin.py 2007-03-31 13:45:25 UTC (rev 73952)
@@ -27,6 +27,7 @@
from permissions import ManagePortal
from Guard import Guard
from utils import _dtmldir
+from Products.CMFCore.utils import postonly
try:
#
@@ -66,6 +67,7 @@
if REQUEST is not None:
return self.manage_properties(
REQUEST, manage_tabs_message='Properties changed.')
+ setProperties = postonly(setProperties)
_permissions_form = DTMLFile('workflow_permissions', _dtmldir)
@@ -90,6 +92,7 @@
if REQUEST is not None:
return self.manage_permissions(
REQUEST, manage_tabs_message='Permission added.')
+ addManagedPermission = postonly(addManagedPermission)
security.declareProtected(ManagePortal, 'delManagedPermissions')
def delManagedPermissions(self, ps, REQUEST=None):
@@ -103,6 +106,7 @@
if REQUEST is not None:
return self.manage_permissions(
REQUEST, manage_tabs_message='Permission(s) removed.')
+ delManagedPermissions = postonly(delManagedPermissions)
security.declareProtected(ManagePortal, 'getPossiblePermissions')
def getPossiblePermissions(self):
@@ -132,7 +136,7 @@
return [g['id'] for g in groups]
security.declareProtected(ManagePortal, 'addGroup')
- def addGroup(self, group, RESPONSE=None):
+ def addGroup(self, group, RESPONSE=None, REQUEST=None):
"""Adds a group by name.
"""
if group not in self.getAvailableGroups():
@@ -142,9 +146,10 @@
RESPONSE.redirect(
"%s/manage_groups?manage_tabs_message=Added+group."
% self.absolute_url())
+ addGroup = postonly(addGroup)
security.declareProtected(ManagePortal, 'delGroups')
- def delGroups(self, groups, RESPONSE=None):
+ def delGroups(self, groups, RESPONSE=None, REQUEST=None):
"""Removes groups by name.
"""
self.groups = tuple([g for g in self.groups if g not in groups])
@@ -152,6 +157,7 @@
RESPONSE.redirect(
"%s/manage_groups?manage_tabs_message=Groups+removed."
% self.absolute_url())
+ delGroups = postonly(delGroups)
security.declareProtected(ManagePortal, 'getAvailableRoles')
def getAvailableRoles(self):
@@ -179,7 +185,7 @@
return self.valid_roles()
security.declareProtected(ManagePortal, 'setRoles')
- def setRoles(self, roles, RESPONSE=None):
+ def setRoles(self, roles, RESPONSE=None, REQUEST=None):
"""Changes the list of roles mapped to groups by this workflow.
"""
avail = self.getAvailableRoles()
@@ -191,6 +197,7 @@
RESPONSE.redirect(
"%s/manage_groups?manage_tabs_message=Roles+changed."
% self.absolute_url())
+ setRoles = postonly(setRoles)
security.declareProtected(ManagePortal, 'getGuard')
def getGuard(self):
More information about the CMF-checkins
mailing list