[Zope-Checkins] SVN: Zope/trunk/ Use new-style security
declarations everywhere possible. This means
Florent Guillaume
fg at nuxeo.com
Mon Nov 21 11:54:06 EST 2005
Log message for revision 40300:
Use new-style security declarations everywhere possible. This means
remove the use of __ac_permissions__, foo__roles__ and
default__class_init__. A few corner cases can't be converted because of
circular imports.
Changed:
U Zope/trunk/doc/CHANGES.txt
U Zope/trunk/lib/python/AccessControl/Owned.py
U Zope/trunk/lib/python/AccessControl/Role.py
U Zope/trunk/lib/python/AccessControl/User.py
U Zope/trunk/lib/python/App/ApplicationManager.py
U Zope/trunk/lib/python/App/CacheManager.py
U Zope/trunk/lib/python/App/DavLockManager.py
U Zope/trunk/lib/python/App/Factory.py
U Zope/trunk/lib/python/App/FactoryDispatcher.py
U Zope/trunk/lib/python/App/ImageFile.py
U Zope/trunk/lib/python/App/Management.py
U Zope/trunk/lib/python/App/Product.py
U Zope/trunk/lib/python/App/Undo.py
U Zope/trunk/lib/python/Globals/__init__.py
U Zope/trunk/lib/python/HelpSys/HelpSys.py
U Zope/trunk/lib/python/HelpSys/HelpTopic.py
U Zope/trunk/lib/python/HelpSys/ObjectRef.py
U Zope/trunk/lib/python/OFS/Application.py
U Zope/trunk/lib/python/OFS/Cache.py
U Zope/trunk/lib/python/OFS/CopySupport.py
U Zope/trunk/lib/python/OFS/DTMLDocument.py
U Zope/trunk/lib/python/OFS/DTMLMethod.py
U Zope/trunk/lib/python/OFS/FindSupport.py
U Zope/trunk/lib/python/OFS/Folder.py
U Zope/trunk/lib/python/OFS/History.py
U Zope/trunk/lib/python/OFS/Image.py
U Zope/trunk/lib/python/OFS/ObjectManager.py
U Zope/trunk/lib/python/OFS/PropertyManager.py
U Zope/trunk/lib/python/OFS/PropertySheets.py
U Zope/trunk/lib/python/OFS/SimpleItem.py
U Zope/trunk/lib/python/OFS/Traversable.py
U Zope/trunk/lib/python/OFS/ZDOM.py
U Zope/trunk/lib/python/OFS/misc_.py
U Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py
U Zope/trunk/lib/python/Products/OFSP/Draft.py
U Zope/trunk/lib/python/Products/OFSP/Version.py
U Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py
U Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py
U Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py
U Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py
U Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py
U Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py
U Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py
U Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py
U Zope/trunk/lib/python/Shared/DC/Scripts/Script.py
U Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py
U Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py
U Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py
U Zope/trunk/lib/python/ZClasses/Property.py
U Zope/trunk/lib/python/ZClasses/ZClass.py
U Zope/trunk/lib/python/ZClasses/ZClassOwner.py
U Zope/trunk/lib/python/webdav/Collection.py
U Zope/trunk/lib/python/webdav/NullResource.py
U Zope/trunk/lib/python/webdav/Resource.py
-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/doc/CHANGES.txt 2005-11-21 16:54:03 UTC (rev 40300)
@@ -26,6 +26,11 @@
Features added
+ - Use new-style security declarations everywhere possible. This
+ means remove the use of __ac_permissions__, foo__roles__ and
+ default__class_init__. A few corner cases can't be converted
+ because of circular imports.
+
- Fixed unclear security declarations. Warn when an attempt is
made to have a security declaration on a nonexistent method.
Modified: Zope/trunk/lib/python/AccessControl/Owned.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/Owned.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/AccessControl/Owned.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,7 +16,11 @@
"""
import Globals, urlparse, SpecialUsers, ExtensionClass
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager, Unauthorized
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import take_ownership
from Acquisition import aq_get, aq_parent, aq_base
from zope.interface import implements
@@ -35,13 +39,8 @@
implements(IOwned)
- __ac_permissions__=(
- ('View management screens',
- ('manage_owner', 'owner_info')),
- ('Take ownership',
- ('manage_takeOwnership','manage_changeOwnershipType'),
- ("Owner",)),
- )
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(take_ownership, ('Owner',))
manage_options=({'label': 'Ownership',
'action': 'manage_owner',
@@ -50,8 +49,10 @@
},
)
+ security.declareProtected(view_management_screens, 'manage_owner')
manage_owner=Globals.DTMLFile('dtml/owner', globals())
+ security.declareProtected(view_management_screens, 'owner_info')
def owner_info(self):
"""Get ownership info for display
"""
@@ -67,7 +68,7 @@
}
return d
- getOwner__roles__=()
+ security.declarePrivate('getOwner')
def getOwner(self, info=0,
aq_get=aq_get,
UnownableOwner=UnownableOwner,
@@ -101,7 +102,7 @@
if user is None: user = SpecialUsers.nobody
return user
- getOwnerTuple__roles__=()
+ security.declarePrivate('getOwnerTuple')
def getOwnerTuple(self):
"""Return a tuple, (userdb_path, user_id) for the owner.
@@ -111,7 +112,7 @@
"""
return aq_get(self, '_owner', None, 1)
- getWrappedOwner__roles__=()
+ security.declarePrivate('getWrappedOwner')
def getWrappedOwner(self):
"""Get the owner, modestly wrapped in the user folder.
@@ -141,7 +142,7 @@
return user.__of__(udb)
- changeOwnership__roles__=()
+ security.declarePrivate('changeOwnership')
def changeOwnership(self, user, recursive=0):
"""Change the ownership to the given user.
@@ -174,6 +175,7 @@
if owner == info: return 0
return security.checkPermission('Take ownership', self)
+ security.declareProtected(take_ownership, 'manage_takeOwnership')
def manage_takeOwnership(self, REQUEST, RESPONSE, recursive=0):
"""Take ownership (responsibility) for an object.
@@ -193,6 +195,7 @@
RESPONSE.redirect(REQUEST['HTTP_REFERER'])
+ security.declareProtected(take_ownership, 'manage_changeOwnershipType')
def manage_changeOwnershipType(self, explicit=1,
RESPONSE=None, REQUEST=None):
"""Change the type (implicit or explicit) of ownership.
@@ -269,7 +272,7 @@
except: pass
if s is None: object._p_deactivate()
-Globals.default__class_init__(Owned)
+InitializeClass(Owned)
class EmergencyUserCannotOwn(Exception):
Modified: Zope/trunk/lib/python/AccessControl/Role.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/Role.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/AccessControl/Role.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,10 @@
from Globals import DTMLFile, MessageDialog, Dictionary
from Acquisition import Implicit, Acquired, aq_get
-import Globals, ExtensionClass, PermissionMapping, Products
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_permissions
+import ExtensionClass, PermissionMapping, Products
from App.Common import aq_base
from zope.interface import implements
@@ -41,21 +44,7 @@
implements(IRoleManager)
- __ac_permissions__=(
- ('Change permissions',
- ('manage_access', 'permission_settings',
- 'ac_inherited_permissions',
- 'manage_roleForm', 'manage_role',
- 'manage_acquiredForm', 'manage_acquiredPermissions',
- 'manage_permissionForm', 'manage_permission',
- 'manage_changePermissions', 'permissionsOfRole',
- 'rolesOfPermission', 'acquiredRolesAreUsedBy',
- 'manage_defined_roles', 'userdefined_roles',
- 'manage_listLocalRoles', 'manage_editLocalRoles',
- 'manage_setLocalRoles', 'manage_addLocalRoles',
- 'manage_delLocalRoles'
- )),
- )
+ security = ClassSecurityInfo()
manage_options=(
{'label':'Security', 'action':'manage_access',
@@ -74,6 +63,7 @@
#------------------------------------------------------------
+ security.declareProtected(change_permissions, 'ac_inherited_permissions')
def ac_inherited_permissions(self, all=0):
# Get all permissions not defined in ourself that are inherited
# This will be a sequence of tuples with a name as the first item and
@@ -96,6 +86,7 @@
return tuple(r)
+ security.declareProtected(change_permissions, 'permission_settings')
def permission_settings(self, permission=None):
"""Return user-role permission settings.
@@ -130,11 +121,13 @@
result.append(d)
return result
+ security.declareProtected(change_permissions, 'manage_roleForm')
manage_roleForm=DTMLFile('dtml/roleEdit', globals(),
management_view='Security',
help_topic='Security_Manage-Role.stx',
help_product='OFSP')
+ security.declareProtected(change_permissions, 'manage_role')
def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
"""Change the permissions given to the given role.
"""
@@ -146,11 +139,13 @@
if REQUEST is not None: return self.manage_access(REQUEST)
+ security.declareProtected(change_permissions, 'manage_acquiredForm')
manage_acquiredForm=DTMLFile('dtml/acquiredEdit', globals(),
management_view='Security',
help_topic='Security_Manage-Acquisition.stx',
help_product='OFSP')
+ security.declareProtected(change_permissions, 'manage_acquiredPermissions')
def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
"""Change the permissions that acquire.
"""
@@ -165,11 +160,13 @@
if REQUEST is not None: return self.manage_access(REQUEST)
+ security.declareProtected(change_permissions, 'manage_permissionForm')
manage_permissionForm=DTMLFile('dtml/permissionEdit', globals(),
management_view='Security',
help_topic='Security_Manage-Permission.stx',
help_product='OFSP')
+ security.declareProtected(change_permissions, 'manage_permission')
def manage_permission(self, permission_to_manage,
roles=[], acquire=0, REQUEST=None):
"""Change the settings for the given permission.
@@ -197,6 +194,7 @@
_method_manage_access=DTMLFile('dtml/methodAccess', globals())
+ security.declareProtected(change_permissions, 'manage_access')
def manage_access(self, REQUEST, **kw):
"""Return an interface for making permissions settings.
"""
@@ -206,6 +204,7 @@
else:
return apply(self._normal_manage_access,(), kw)
+ security.declareProtected(change_permissions, 'manage_changePermissions')
def manage_changePermissions(self, REQUEST):
"""Change all permissions settings, called by management screen.
"""
@@ -237,6 +236,7 @@
message='Your changes have been saved',
action ='manage_access')
+ security.declareProtected(change_permissions, 'permissionsOfRole')
def permissionsOfRole(self, role):
"""Used by management screen.
"""
@@ -250,6 +250,7 @@
})
return r
+ security.declareProtected(change_permissions, 'rolesOfPermission')
def rolesOfPermission(self, permission):
"""Used by management screen.
"""
@@ -269,6 +270,7 @@
raise ValueError, (
"The permission <em>%s</em> is invalid." % escape(permission))
+ security.declareProtected(change_permissions, 'acquiredRolesAreUsedBy')
def acquiredRolesAreUsedBy(self, permission):
"""Used by management screen.
"""
@@ -293,11 +295,13 @@
__ac_local_roles__=None
+ security.declareProtected(change_permissions, 'manage_listLocalRoles')
manage_listLocalRoles=DTMLFile('dtml/listLocalRoles', globals(),
management_view='Security',
help_topic='Security_Local-Roles.stx',
help_product='OFSP')
+ security.declareProtected(change_permissions, 'manage_editLocalRoles')
manage_editLocalRoles=DTMLFile('dtml/editLocalRoles', globals(),
management_view='Security',
help_topic='Security_User-Local-Roles.stx',
@@ -353,6 +357,7 @@
dict=self.__ac_local_roles__ or {}
return tuple(dict.get(userid, []))
+ security.declareProtected(change_permissions, 'manage_addLocalRoles')
def manage_addLocalRoles(self, userid, roles, REQUEST=None):
"""Set local roles for a user."""
if not roles:
@@ -370,6 +375,7 @@
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+ security.declareProtected(change_permissions, 'manage_setLocalRoles')
def manage_setLocalRoles(self, userid, roles, REQUEST=None):
"""Set local roles for a user."""
if not roles:
@@ -383,6 +389,7 @@
stat='Your changes have been saved.'
return self.manage_listLocalRoles(self, REQUEST, stat=stat)
+ security.declareProtected(change_permissions, 'manage_delLocalRoles')
def manage_delLocalRoles(self, userids, REQUEST=None):
"""Remove all local roles for a user."""
dict=self.__ac_local_roles__
@@ -398,7 +405,7 @@
#------------------------------------------------------------
- access_debug_info__roles__=()
+ security.declarePrivate('access_debug_info')
def access_debug_info(self):
"""Return debug info.
"""
@@ -450,6 +457,7 @@
return 0
return 1
+ security.declareProtected(change_permissions, 'userdefined_roles')
def userdefined_roles(self):
"""Return list of user-defined roles.
"""
@@ -459,6 +467,7 @@
except: pass
return tuple(roles)
+ security.declareProtected(change_permissions, 'manage_defined_roles')
def manage_defined_roles(self, submit=None, REQUEST=None):
"""Called by management screen.
"""
@@ -534,7 +543,7 @@
return d
-Globals.default__class_init__(RoleManager)
+InitializeClass(RoleManager)
def reqattr(request, attr):
Modified: Zope/trunk/lib/python/AccessControl/User.py
===================================================================
--- Zope/trunk/lib/python/AccessControl/User.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/AccessControl/User.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -20,10 +20,12 @@
import socket
from base64 import decodestring
-import Globals
from Acquisition import Implicit
from App.Management import Navigation, Tabs
from Globals import DTMLFile, MessageDialog, Persistent, PersistentMapping
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import manage_users as ManageUsers
from OFS.SimpleItem import Item
from zExceptions import Unauthorized, BadRequest
from zope.interface import implements
@@ -459,6 +461,8 @@
encrypt_passwords = 1
+ security = ClassSecurityInfo()
+
manage_options=(
(
{'label':'Contents', 'action':'manage_main',
@@ -470,32 +474,26 @@
+Item.manage_options
)
- __ac_permissions__=(
- ('Manage users',
- ('manage_users','getUserNames', 'getUser', 'getUsers',
- 'getUserById', 'user_names', 'setDomainAuthenticationMode',
- 'userFolderAddUser', 'userFolderEditUser', 'userFolderDelUsers',
- )
- ),
- )
-
-
# ----------------------------------
# Public UserFolder object interface
# ----------------------------------
+ security.declareProtected(ManageUsers, 'getUserNames')
def getUserNames(self):
"""Return a list of usernames"""
raise NotImplementedError
+ security.declareProtected(ManageUsers, 'getUsers')
def getUsers(self):
"""Return a list of user objects"""
raise NotImplementedError
+ security.declareProtected(ManageUsers, 'getUser')
def getUser(self, name):
"""Return the named user object or None"""
raise NotImplementedError
+ security.declareProtected(ManageUsers, 'getUserById')
def getUserById(self, id, default=None):
"""Return the user corresponding to the given id.
"""
@@ -534,6 +532,8 @@
# Authors of custom user folders don't need to do anything special to
# support these - they will just call the appropriate '_' methods that
# user folder subclasses already implement.
+
+ security.declareProtected(ManageUsers, 'userFolderAddUser')
def userFolderAddUser(self, name, password, roles, domains, **kw):
"""API method for creating a new user object. Note that not all
user folder implementations support dynamic creation of user
@@ -542,6 +542,7 @@
return self._doAddUser(name, password, roles, domains, **kw)
raise NotImplementedError
+ security.declareProtected(ManageUsers, 'userFolderEditUser')
def userFolderEditUser(self, name, password, roles, domains, **kw):
"""API method for changing user object attributes. Note that not
all user folder implementations support changing of user object
@@ -550,6 +551,7 @@
return self._doChangeUser(name, password, roles, domains, **kw)
raise NotImplementedError
+ security.declareProtected(ManageUsers, 'userFolderDelUsers')
def userFolderDelUsers(self, names):
"""API method for deleting one or more user objects. Note that not
all user folder implementations support deletion of user objects."""
@@ -929,6 +931,7 @@
self._doDelUsers(names)
if REQUEST: return self._mainUser(self, REQUEST)
+ security.declareProtected(ManageUsers, 'manage_users')
def manage_users(self,submit=None,REQUEST=None,RESPONSE=None):
"""This method handles operations on users for the web based forms
of the ZMI. Application code (code that is outside of the forms
@@ -968,6 +971,7 @@
return self._mainUser(self, REQUEST)
+ security.declareProtected(ManageUsers, 'user_names')
def user_names(self):
return self.getUserNames()
@@ -994,6 +998,7 @@
# Domain authentication support. This is a good candidate to
# become deprecated in future Zope versions.
+ security.declareProtected(ManageUsers, 'setDomainAuthenticationMode')
def setDomainAuthenticationMode(self, domain_auth_mode):
"""Set the domain-based authentication mode. By default, this
mode is off due to the high overhead of the operation that
@@ -1098,7 +1103,7 @@
pass
-Globals.default__class_init__(UserFolder)
+InitializeClass(UserFolder)
def manage_addUserFolder(self,dtself=None,REQUEST=None,**ignored):
Modified: Zope/trunk/lib/python/App/ApplicationManager.py
===================================================================
--- Zope/trunk/lib/python/App/ApplicationManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/ApplicationManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,6 +15,7 @@
__version__='$Revision: 1.94 $'[11:-2]
import sys,os,time,Globals, Acquisition, os, Undo
+from Globals import InitializeClass
from Globals import DTMLFile
from OFS.ObjectManager import ObjectManager
from OFS.Folder import Folder
@@ -69,8 +70,8 @@
manage_cacheParameters=Globals.DTMLFile('dtml/cacheParameters', globals())
manage_cacheGC=Globals.DTMLFile('dtml/cacheGC', globals())
+InitializeClass(DatabaseManager)
-Globals.default__class_init__(DatabaseManager)
class FakeConnection:
# Supports the methods of Connection that CacheManager needs
@@ -133,7 +134,7 @@
res.append(m.__of__(self))
return res
-Globals.InitializeClass(DatabaseChooser)
+InitializeClass(DatabaseChooser)
class VersionManager(Fake, SimpleItem.Item, Acquisition.Implicit):
@@ -152,7 +153,7 @@
)
)
-Globals.default__class_init__(VersionManager)
+InitializeClass(VersionManager)
@@ -264,7 +265,7 @@
def manage_getSysPath(self):
return list(sys.path)
-Globals.default__class_init__(DebugManager)
+InitializeClass(DebugManager)
Modified: Zope/trunk/lib/python/App/CacheManager.py
===================================================================
--- Zope/trunk/lib/python/App/CacheManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/CacheManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -20,6 +20,7 @@
import time
import Globals
+from Globals import InitializeClass
from DateTime import DateTime
class CacheManager:
@@ -294,5 +295,4 @@
}
return res
-
-Globals.default__class_init__(CacheManager)
+InitializeClass(CacheManager)
Modified: Zope/trunk/lib/python/App/DavLockManager.py
===================================================================
--- Zope/trunk/lib/python/App/DavLockManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/DavLockManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,6 +14,7 @@
__version__ = "$Revision: 1.8 $"[11:-2]
import OFS, Acquisition, Globals
+from Globals import InitializeClass
from AccessControl import getSecurityManager, ClassSecurityInfo
from webdav.Lockable import wl_isLocked
@@ -104,5 +105,4 @@
return result
-
-Globals.default__class_init__(DavLockManager)
+InitializeClass(DavLockManager)
Modified: Zope/trunk/lib/python/App/Factory.py
===================================================================
--- Zope/trunk/lib/python/App/Factory.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Factory.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,6 +16,10 @@
__version__='$Revision: 1.27 $'[11:-2]
import OFS.SimpleItem, Acquisition, Globals, AccessControl.Role
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import edit_factories
+from AccessControl.Permissions import use_factories
class Factory(
AccessControl.Role.RoleManager,
@@ -25,15 +29,13 @@
meta_type='Zope Factory'
icon='p_/Factory_icon'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(use_factories)
+
permission='' # Waaaa
_setObject=_getOb=Acquisition.Acquired
- __ac_permissions__=(
- ('Edit Factories', ('manage_edit','manage_main')),
- ('Use Factories', ('index_html','')),
- )
-
manage_options=(
(
{'label':'Edit', 'action':'manage_main',
@@ -50,11 +52,12 @@
self.initial=initial
self.permission=permission
- initializePermission__roles__ = ()
+ security.declarePrivate('initializePermission')
def initializePermission(self):
- self.manage_setPermissionMapping(('Use Factories',),
+ self.manage_setPermissionMapping((use_factories,),
(self.permission,))
+ security.declareProtected(edit_factories, 'manage_edit')
def manage_edit(self, title, object_type, initial, permission='',
REQUEST=None):
"Modify factory properties."
@@ -63,7 +66,7 @@
self.object_type=object_type
self.initial=initial
self.permission=permission
- self.manage_setPermissionMapping(('Use Factories',), (permission,))
+ self.manage_setPermissionMapping((use_factories,), (permission,))
self._register()
if REQUEST is not None: return self.manage_main(self, REQUEST)
@@ -100,8 +103,10 @@
product.aq_acquire('_manage_remove_product_meta_type')(
product, self.id, self.object_type)
+ security.declareProtected(edit_factories, 'manage_main')
manage_main=Globals.DTMLFile('dtml/editFactory',globals())
+ security.declareProtected(use_factories, 'index_html')
def index_html(self, REQUEST):
" "
return getattr(self, self.initial)(self.aq_parent, REQUEST)
@@ -112,4 +117,7 @@
self.aq_parent.objectIds()
)
+InitializeClass(Factory)
+
+
class ProductFactory(Factory): pass
Modified: Zope/trunk/lib/python/App/FactoryDispatcher.py
===================================================================
--- Zope/trunk/lib/python/App/FactoryDispatcher.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/FactoryDispatcher.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,6 +14,8 @@
# Implement the manage_addProduct method of object managers
import Acquisition, sys, Products
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl.PermissionMapping import aqwrap
from AccessControl.Owned import UnownableOwner
@@ -41,6 +43,8 @@
"""Provide a namespace for product "methods"
"""
+ security = ClassSecurityInfo()
+
_owner=UnownableOwner
def __init__(self, product, dest, REQUEST=None):
@@ -55,13 +59,15 @@
v=v[:v.rfind('/')]
self._u=v[:v.rfind('/')]
+ security.declarePublic('Destination')
def Destination(self):
"Return the destination for factory output"
return self.__dict__['_d'] # we don't want to wrap the result!
+
+ security.declarePublic('this')
this=Destination
- this__roles__=Destination__roles__=None
-
+ security.declarePublic('DestinationURL')
def DestinationURL(self):
"Return the URL for the destination for factory output"
url=getattr(self, '_u', None)
@@ -69,8 +75,6 @@
url=self.Destination().absolute_url()
return url
- DestinationURL__roles__=None
-
def __getattr__(self, name):
p=self.__dict__['_product']
d=p.__dict__
@@ -102,3 +106,4 @@
d = update_menu and '/manage_main?update_menu=1' or '/manage_main'
REQUEST['RESPONSE'].redirect(self.DestinationURL()+d)
+InitializeClass(FactoryDispatcher)
Modified: Zope/trunk/lib/python/App/ImageFile.py
===================================================================
--- Zope/trunk/lib/python/App/ImageFile.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/ImageFile.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,6 +17,8 @@
import os
import time
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from App.config import getConfiguration
from OFS.content_types import guess_content_type
from Globals import package_home
@@ -28,6 +30,8 @@
class ImageFile(Acquisition.Explicit):
"""Image objects stored in external files."""
+ security = ClassSecurityInfo()
+
def __init__(self,path,_prefix=None):
if _prefix is None:
_prefix=getConfiguration().softwarehome
@@ -84,7 +88,7 @@
return open(self.path,'rb').read()
- HEAD__roles__=None
+ security.declarePublic('HEAD')
def HEAD(self, REQUEST, RESPONSE):
""" """
RESPONSE.setHeader('Content-Type', self.content_type)
@@ -97,3 +101,5 @@
def __str__(self):
return '<img src="%s" alt="" />' % self.__name__
+
+InitializeClass(ImageFile)
Modified: Zope/trunk/lib/python/App/Management.py
===================================================================
--- Zope/trunk/lib/python/App/Management.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Management.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,10 +15,13 @@
$Id$
"""
-import sys, Globals, ExtensionClass, urllib
+import sys, ExtensionClass, urllib
from Globals import DTMLFile, HTMLFile
+from Globals import InitializeClass
from zExceptions import Redirect
from AccessControl import getSecurityManager, Unauthorized
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
from cgi import escape
from zope.interface import implements
@@ -28,13 +31,15 @@
class Tabs(ExtensionClass.Base):
"""Mix-in provides management folder tab support."""
- manage_tabs__roles__=('Anonymous',)
+ security = ClassSecurityInfo()
+
+ security.declarePublic('manage_tabs')
manage_tabs=DTMLFile('dtml/manage_tabs', globals())
manage_options =()
- filtered_manage_options__roles__=None
+ security.declarePublic('filtered_manage_options')
def filtered_manage_options(self, REQUEST=None):
validate=getSecurityManager().validate
@@ -131,7 +136,7 @@
out.append(last)
return '/'.join(out)
- class_manage_path__roles__=None
+ security.declarePublic('class_manage_path')
def class_manage_path(self):
if self.__class__.__module__[:1] != '*':
return
@@ -150,7 +155,7 @@
if path:
return '/Control_Panel/Products/%s/manage_workspace' % path
-Globals.default__class_init__(Tabs)
+InitializeClass(Tabs)
class Navigation(ExtensionClass.Base):
@@ -158,36 +163,38 @@
implements(INavigation)
- __ac_permissions__=(
- ('View management screens',
- ('manage', 'manage_menu', 'manage_top_frame',
- 'manage_page_header',
- 'manage_page_footer',
- )),
- )
+ security = ClassSecurityInfo()
+ security.declareProtected(view_management_screens, 'manage')
manage =DTMLFile('dtml/manage', globals())
+
+ security.declareProtected(view_management_screens, 'manage_menu')
manage_menu =DTMLFile('dtml/menu', globals())
+ security.declareProtected(view_management_screens, 'manage_top_frame')
manage_top_frame =DTMLFile('dtml/manage_top_frame', globals())
+
+ security.declareProtected(view_management_screens, 'manage_page_header')
manage_page_header=DTMLFile('dtml/manage_page_header', globals())
+
+ security.declareProtected(view_management_screens, 'manage_page_footer')
manage_page_footer=DTMLFile('dtml/manage_page_footer', globals())
+ security.declarePublic('manage_form_title')
manage_form_title =DTMLFile('dtml/manage_form_title', globals(),
form_title='Add Form',
help_product=None,
help_topic=None)
manage_form_title._setFuncSignature(
varnames=('form_title', 'help_product', 'help_topic') )
- manage_form_title__roles__ = None
+ security.declarePublic('zope_quick_start')
zope_quick_start=DTMLFile('dtml/zope_quick_start', globals())
- zope_quick_start__roles__=None
+ security.declarePublic('manage_copyright')
manage_copyright=DTMLFile('dtml/copyright', globals())
- manage_copyright__roles__ = None
- manage_zmi_logout__roles__ = None
+ security.declarePublic('manage_zmi_logout')
def manage_zmi_logout(self, REQUEST, RESPONSE):
"""Logout current user"""
p = getattr(REQUEST, '_logout_path', None)
@@ -207,12 +214,14 @@
</html>""")
return
-
+ security.declarePublic('manage_zmi_prefs')
manage_zmi_prefs=DTMLFile('dtml/manage_zmi_prefs', globals())
- manage_zmi_prefs__roles__ = None
+# Navigation doesn't have an inherited __class_init__ so doesn't get
+# initialized automatically.
+
file = DTMLFile('dtml/manage_page_style.css', globals())
+Navigation.security.declarePublic('manage_page_style.css')
setattr(Navigation, 'manage_page_style.css', file)
-setattr(Navigation, 'manage_page_style.css__roles__', None)
-Globals.default__class_init__(Navigation)
+InitializeClass(Navigation)
Modified: Zope/trunk/lib/python/App/Product.py
===================================================================
--- Zope/trunk/lib/python/App/Product.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Product.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -41,10 +41,12 @@
import transaction
import Globals, OFS.Folder, OFS.SimpleItem, Acquisition, Products
+from Globals import InitializeClass
import ZClasses, AccessControl.Owned
from OFS.Folder import Folder
from HelpSys.HelpSys import ProductHelp
from AccessControl import Unauthorized
+from AccessControl import ClassSecurityInfo
from Factory import Factory
from Permission import PermissionManager
@@ -79,12 +81,15 @@
def _canCopy(self, op=0):
return 0
-Globals.InitializeClass(ProductFolder)
+InitializeClass(ProductFolder)
class Product(Folder, PermissionManager):
"""Model a product that can be created through the web.
"""
+
+ security = ClassSecurityInfo()
+
meta_type='Product'
icon='p_/Product_icon'
version=''
@@ -171,15 +176,15 @@
except:
pass
+ security.declarePublic('Destination')
def Destination(self):
"Return the destination for factory output"
return self
- Destination__roles__=None
+ security.declarePublic('DestinationURL')
def DestinationURL(self):
"Return the URL for the destination for factory output"
return self.REQUEST['BASE4']
- DestinationURL__roles__=None
def manage_distribute(self, version, RESPONSE, configurable_objects=[],
redistributable=0):
@@ -419,7 +424,7 @@
if REQUEST is not None:
return self.manage_refresh(REQUEST)
-Globals.InitializeClass(Product)
+InitializeClass(Product)
class CompressedOutputFile:
Modified: Zope/trunk/lib/python/App/Undo.py
===================================================================
--- Zope/trunk/lib/python/App/Undo.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/App/Undo.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,7 +16,10 @@
"""
from Acquisition import aq_base, aq_parent, aq_inner
+from Globals import InitializeClass
from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import undo_changes
from DateTime import DateTime
import Globals, ExtensionClass
from ZopeUndo.Prefix import Prefix
@@ -30,19 +33,14 @@
implements(IUndoSupport)
- __ac_permissions__=(
- ('Undo changes', (
- 'manage_undo_transactions',
- 'undoable_transactions',
- 'manage_UndoForm',
- )),
- )
+ security = ClassSecurityInfo()
manage_options=(
{'label':'Undo', 'action':'manage_UndoForm',
'help':('OFSP','Undo.stx')},
)
+ security.declareProtected(undo_changes, 'manage_UndoForm')
manage_UndoForm=Globals.DTMLFile(
'dtml/undo',
globals(),
@@ -64,6 +62,7 @@
else: v=default
return v
+ security.declareProtected(undo_changes, 'undoable_transactions')
def undoable_transactions(self, first_transaction=None,
last_transaction=None,
PrincipiaUndoBatchSize=None):
@@ -123,6 +122,7 @@
return r
+ security.declareProtected(undo_changes, 'manage_undo_transactions')
def manage_undo_transactions(self, transaction_info=(), REQUEST=None):
"""
"""
@@ -139,7 +139,7 @@
REQUEST['RESPONSE'].redirect("%s/manage_UndoForm" % REQUEST['URL1'])
return ''
-Globals.default__class_init__(UndoSupport)
+InitializeClass(UndoSupport)
########################################################################
# Blech, need this cause binascii.b2a_base64 is too pickly
Modified: Zope/trunk/lib/python/Globals/__init__.py
===================================================================
--- Zope/trunk/lib/python/Globals/__init__.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Globals/__init__.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -26,12 +26,12 @@
from App.Common import package_home, attrget, Dictionary
from App.config import getConfiguration as _getConfiguration
from Persistence import Persistent, PersistentMapping
-from App.special_dtml import HTML, HTMLFile, DTMLFile
from App.class_init import default__class_init__, ApplicationDefaultPermissions
# Nicer alias for class initializer.
InitializeClass = default__class_init__
+from App.special_dtml import HTML, HTMLFile, DTMLFile
from App.Dialogs import MessageDialog
from App.ImageFile import ImageFile
Modified: Zope/trunk/lib/python/HelpSys/HelpSys.py
===================================================================
--- Zope/trunk/lib/python/HelpSys/HelpSys.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/HelpSys/HelpSys.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,12 +15,16 @@
from OFS.SimpleItem import Item
from OFS.ObjectManager import ObjectManager
from Globals import Persistent, DTMLFile, HTML
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import add_documents_images_and_files
+from AccessControl.Permissions import view as View
from Products.ZCatalog.ZCatalog import ZCatalog
from Products.ZCatalog.Lazy import LazyCat
from cgi import escape
import Products
import HelpTopic
-import Globals
class HelpSys(Acquisition.Implicit, ObjectManager, Item, Persistent):
"""
@@ -30,22 +34,18 @@
"""
meta_type='Help System'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(View)
+
manage_options=(
{'label' : 'Contents', 'action' : 'menu'},
{'label' : 'Search', 'action' : 'search'},
)
- __ac_permissions__=(
- ('View',
- ('__call__', 'searchResults', 'HelpButton', '',
- 'index_html', 'menu', 'search', 'results', 'main',
- 'helpLink')),
- ('Access contents information', ('helpValues',)),
- )
-
def __init__(self, id='HelpSys'):
self.id=id
+ security.declareProtected(access_contents_information, 'helpValues')
def helpValues(self, spec=None):
"ProductHelp objects of all Products that have help"
hv=[]
@@ -59,6 +59,8 @@
# Seaching does an aggregated search of all ProductHelp
# objects. Only Help Topics for which the user has permissions
# are returned.
+
+ security.declareProtected(View, '__call__')
def __call__(self, REQUEST=None, **kw):
"Searchable interface"
if REQUEST is not None:
@@ -73,18 +75,29 @@
results.append(apply(getattr(ph, '__call__'), (REQUEST,) , kw))
return LazyCat(results)
+ security.declareProtected(View, 'searchResults')
searchResults=__call__
+ security.declareProtected(View, 'index_html')
index_html=DTMLFile('dtml/frame', globals())
+
+ security.declareProtected(View, 'menu')
menu=DTMLFile('dtml/menu', globals())
+
+ security.declareProtected(View, 'search')
search=DTMLFile('dtml/search', globals())
+
+ security.declareProtected(View, 'results')
results=DTMLFile('dtml/results', globals())
+
+ security.declareProtected(View, 'main')
main=HTML("""<html></html>""")
standard_html_header=DTMLFile('dtml/menu_header', globals())
standard_html_footer=DTMLFile('dtml/menu_footer', globals())
button=DTMLFile('dtml/button', globals())
+ security.declareProtected(View, 'HelpButton')
def HelpButton(self, topic, product):
"""
Insert a help button linked to a help topic.
@@ -93,6 +106,7 @@
helpURL=DTMLFile('dtml/helpURL',globals())
+ security.declareProtected(View, 'helpLink')
def helpLink(self, product='OFSP', topic='ObjectManager_Contents.stx'):
# Generate an <a href...> tag linking to a help topic. This
# is a little lighter weight than the help button approach.
@@ -133,7 +147,7 @@
cols.append(TreeCollection(k,v,0))
return cols
-Globals.default__class_init__(HelpSys)
+InitializeClass(HelpSys)
class TreeCollection:
@@ -188,6 +202,8 @@
meta_type='Product Help'
icon='p_/ProductHelp_icon'
+ security = ClassSecurityInfo()
+
lastRegistered=None
meta_types=({'name':'Help Topic',
@@ -200,10 +216,6 @@
Item.manage_options
)
- __ac_permissions__=(
- ('Add Documents, Images, and Files', ('addTopicForm', 'addTopic')),
- )
-
def __init__(self, id='Help', title=''):
self.id=id
self.title=title
@@ -222,8 +234,10 @@
c.addColumn('url')
c.addColumn('id')
+ security.declareProtected(add_documents_images_and_files, 'addTopicForm')
addTopicForm=DTMLFile('dtml/addTopic', globals())
+ security.declareProtected(add_documents_images_and_files, 'addTopic')
def addTopic(self, id, title, REQUEST=None):
"Add a Help Topic"
topic=HelpTopic.DTMLDocumentTopic(
@@ -295,5 +309,4 @@
standard_html_header=DTMLFile('dtml/topic_header', globals())
standard_html_footer=DTMLFile('dtml/topic_footer', globals())
-
-Globals.default__class_init__(ProductHelp)
+InitializeClass(ProductHelp)
Modified: Zope/trunk/lib/python/HelpSys/HelpTopic.py
===================================================================
--- Zope/trunk/lib/python/HelpSys/HelpTopic.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/HelpSys/HelpTopic.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,6 +15,10 @@
from ComputedAttribute import ComputedAttribute
from OFS.SimpleItem import Item
from Globals import Persistent, HTML, DTMLFile, ImageFile
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import view as View
from OFS.DTMLDocument import DTMLDocument
from OFS.PropertyManager import PropertyManager
import os.path
@@ -115,16 +119,19 @@
icon='p_/HelpTopic_icon'
_v_last_read = 0
+ security = ClassSecurityInfo()
+
manage_options=(
{'label':'Properties', 'action':'manage_propertiesForm'},
{'label':'View', 'action':'index_html'},
)
- __ac_permissions__=(
- ('View', ('index_html', 'SearchableText', 'url')),
- ('Access contents information', ('helpValues',)),
- )
+ security.declareProtected(View, 'SearchableText')
+ security.declareProtected(View, 'url')
+
+ security.declareProtected(access_contents_information, 'helpValues')
+
def _set_last_read(self, filepath):
try: mtime = os.stat(filepath)[8]
except: mtime = 0
@@ -141,11 +148,14 @@
self._v_last_read=mtime
self.reindex_object()
+ security.declareProtected(View, 'index_html')
def index_html(self, REQUEST, RESPONSE):
"View the Help Topic"
raise NotImplementedError
+InitializeClass(HelpTopic)
+
class DTMLDocumentTopic(HelpTopicBase, DTMLDocument):
"""
A user addable Help Topic based on DTML Document.
Modified: Zope/trunk/lib/python/HelpSys/ObjectRef.py
===================================================================
--- Zope/trunk/lib/python/HelpSys/ObjectRef.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/HelpSys/ObjectRef.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,6 +15,8 @@
__version__='$Revision: 1.10 $'[11:-2]
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
import sys, os, Globals, Acquisition
from HelpUtil import HelpBase, classobject
from HelpUtil import is_class, is_module
@@ -26,7 +28,8 @@
class ObjectItem(HelpBase, classobject):
""" """
- __roles__=None
+ security = ClassSecurityInfo()
+ security.declareObjectPublic()
hs_main=DTMLFile('dtml/objectitem', globals())
@@ -75,16 +78,19 @@
del mdict
return mlist
- hs_objectvalues__roles__=None
+ security.declarePublic('hs_objectvalues')
def hs_objectvalues(self):
return []
+InitializeClass(ObjectItem)
class ObjectRef(HelpBase):
""" """
+ security = ClassSecurityInfo()
+ security.declareObjectPublic()
+
__names__=None
- __roles__=None
hs_main=DTMLFile('dtml/objectref', globals())
@@ -129,7 +135,7 @@
dict=self.hs_search_mod(v, dict)
return dict
- hs_objectvalues__roles__=None
+ security.declarePublic('hs_objectvalues')
def hs_objectvalues(self):
if self.__names__ is None:
self.hs_deferred__init__()
@@ -140,3 +146,5 @@
def __getitem__(self, key):
return self.__dict__[key].__of__(self)
+
+InitializeClass(ObjectRef)
Modified: Zope/trunk/lib/python/OFS/Application.py
===================================================================
--- Zope/trunk/lib/python/OFS/Application.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Application.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -22,6 +22,8 @@
import Globals, Products, App.Product, App.ProductRegistry
import transaction
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl.User import UserFolder
from Acquisition import aq_base
from App.ApplicationManager import ApplicationManager
@@ -51,8 +53,9 @@
implements(IApplication)
+ security = ClassSecurityInfo()
+
title ='Zope'
- #__roles__=['Manager', 'Anonymous']
__defined_roles__=('Manager','Anonymous','Owner')
web__form__method='GET'
isTopLevelPrincipiaApplicationObject=1
@@ -103,7 +106,7 @@
return self.title
def __class_init__(self):
- Globals.default__class_init__(self)
+ InitializeClass(self)
def PrincipiaRedirect(self, destination, URL1):
"""Utility function to allow user-controlled redirects"""
@@ -135,7 +138,7 @@
ZopeTime = PrincipiaTime
- ZopeAttributionButton__roles__=None
+ security.declarePublic('ZopeAttributionButton')
def ZopeAttributionButton(self):
"""Returns an HTML fragment that displays the 'powered by zope'
button along with a link to the Zope site."""
@@ -194,7 +197,7 @@
# We're at the base of the path.
return ('',)
- fixupZClassDependencies__roles__=()
+ security.declarePrivate('fixupZClassDependencies')
def fixupZClassDependencies(self, rebuild=0):
# Note that callers should not catch exceptions from this method
# to ensure that the transaction gets aborted if the registry
@@ -252,7 +255,7 @@
return result
- checkGlobalRegistry__roles__=()
+ security.declarePrivate('checkGlobalRegistry')
def checkGlobalRegistry(self):
"""Check the global (zclass) registry for problems, which can
be caused by things like disk-based products being deleted.
@@ -268,20 +271,22 @@
return 1
return 0
- _setInitializerRegistry__roles__ = ()
+ security.declarePrivate('_setInitializerFlag')
def _setInitializerFlag(self, flag):
if self._initializer_registry is None:
self._initializer_registry = {}
self._initializer_registry[flag] = 1
- _getInitializerRegistry__roles__ = ()
+ security.declarePrivate('_getInitializerFlag')
def _getInitializerFlag(self, flag):
reg = self._initializer_registry
if reg is None:
reg = {}
return reg.get(flag)
+InitializeClass(Application)
+
class Expired(Globals.Persistent):
icon='p_/broken'
@@ -645,7 +650,7 @@
folder_permissions, raise_exc=debug_mode)
Products.meta_types=Products.meta_types+tuple(meta_types)
- Globals.default__class_init__(Folder.Folder)
+ InitializeClass(Folder.Folder)
def get_products():
""" Return a list of tuples in the form:
@@ -923,7 +928,7 @@
break
Products.meta_types=Products.meta_types+tuple(meta_types)
- Globals.default__class_init__(Folder.Folder)
+ InitializeClass(Folder.Folder)
def reimport_product(product_name):
Modified: Zope/trunk/lib/python/OFS/Cache.py
===================================================================
--- Zope/trunk/lib/python/OFS/Cache.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Cache.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,16 +16,19 @@
"""
import time, sys
import Globals
+from Globals import InitializeClass
from Globals import DTMLFile
from Acquisition import aq_get, aq_acquire, aq_inner, aq_parent, aq_base
from zLOG import LOG, WARNING
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager
from AccessControl.Role import _isBeingUsedAsAMethod
from AccessControl import Unauthorized
+from AccessControl.Permissions import view_management_screens
ZCM_MANAGERS = '__ZCacheManager_ids__'
-ViewManagementScreensPermission = 'View management screens'
+ViewManagementScreensPermission = view_management_screens
ChangeCacheSettingsPermission = 'Change cache settings'
@@ -86,21 +89,11 @@
'help':('OFSP','Cacheable-properties.stx'),
},)
- __ac_permissions__ = (
- (ViewManagementScreensPermission,
- ('ZCacheable_manage',
- 'ZCacheable_invalidate',
- 'ZCacheable_enabled',
- 'ZCacheable_getManagerId',
- 'ZCacheable_getManagerIds',
- 'ZCacheable_configHTML',
- )),
- (ChangeCacheSettingsPermission,
- ('ZCacheable_setManagerId',
- 'ZCacheable_setEnabled',
- ), ('Manager',)),
- )
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(ChangeCacheSettingsPermission, ('Manager',))
+ security.declareProtected(ViewManagementScreensPermission,
+ 'ZCacheable_manage')
ZCacheable_manage = DTMLFile('dtml/cacheable', globals())
_v_ZCacheable_cache = None
@@ -109,7 +102,7 @@
__enabled = 1
_isCacheable = 1
- ZCacheable_getManager__roles__ = ()
+ security.declarePrivate('ZCacheable_getManager')
def ZCacheable_getManager(self):
'''Returns the currently associated cache manager.'''
manager_id = self.__manager_id
@@ -122,7 +115,7 @@
except AttributeError:
return None
- ZCacheable_getCache__roles__ = ()
+ security.declarePrivate('ZCacheable_getCache')
def ZCacheable_getCache(self):
'''Gets the cache associated with this object.
'''
@@ -143,7 +136,7 @@
self._v_ZCacheable_manager_timestamp = manager_timestamp
return c
- ZCacheable_isCachingEnabled__roles__ = ()
+ security.declarePrivate('ZCacheable_isCachingEnabled')
def ZCacheable_isCachingEnabled(self):
'''
Returns true only if associated with a cache manager and
@@ -158,7 +151,7 @@
m = _isBeingUsedAsAMethod(self)
return m
- ZCacheable_getObAndView__roles__ = ()
+ security.declarePrivate('ZCacheable_getObAndView')
def ZCacheable_getObAndView(self, view_name):
"""
If this object is a method of a ZClass and we're working
@@ -178,7 +171,7 @@
ob = self
return ob, view_name
- ZCacheable_get__roles__ = ()
+ security.declarePrivate('ZCacheable_get')
def ZCacheable_get(self, view_name='', keywords=None,
mtime_func=None, default=None):
'''Retrieves the cached view for the object under the
@@ -198,7 +191,7 @@
return default
return default
- ZCacheable_set__roles__ = ()
+ security.declarePrivate('ZCacheable_set')
def ZCacheable_set(self, data, view_name='', keywords=None,
mtime_func=None):
'''Cacheable views should call this method after generating
@@ -214,6 +207,8 @@
LOG('Cache', WARNING, 'ZCache_set() exception',
error=sys.exc_info())
+ security.declareProtected(ViewManagementScreensPermission,
+ 'ZCacheable_invalidate')
def ZCacheable_invalidate(self, view_name='', REQUEST=None):
'''Called after a cacheable object is edited. Causes all
cache entries that apply to the view_name to be removed.
@@ -243,7 +238,7 @@
else:
return message
- ZCacheable_getModTime__roles__=()
+ security.declarePrivate('ZCacheable_getModTime')
def ZCacheable_getModTime(self, mtime_func=None):
'''Returns the highest of the last mod times.'''
# Based on:
@@ -271,6 +266,8 @@
mtime = max(getattr(klass, '_p_mtime', mtime), mtime)
return mtime
+ security.declareProtected(ViewManagementScreensPermission,
+ 'ZCacheable_getManagerId')
def ZCacheable_getManagerId(self):
'''Returns the id of the current ZCacheManager.'''
return self.__manager_id
@@ -282,6 +279,8 @@
return manager.absolute_url()
return None
+ security.declareProtected(ViewManagementScreensPermission,
+ 'ZCacheable_getManagerIds')
def ZCacheable_getManagerIds(self):
'''Returns a list of mappings containing the id and title
of the available ZCacheManagers.'''
@@ -303,6 +302,8 @@
ob = aq_parent(aq_inner(ob))
return tuple(rval)
+ security.declareProtected(ChangeCacheSettingsPermission,
+ 'ZCacheable_setManagerId')
def ZCacheable_setManagerId(self, manager_id, REQUEST=None):
'''Changes the manager_id for this object.'''
self.ZCacheable_invalidate()
@@ -319,11 +320,15 @@
self, REQUEST, management_view='Cache',
manage_tabs_message='Cache settings changed.')
+ security.declareProtected(ViewManagementScreensPermission,
+ 'ZCacheable_enabled')
def ZCacheable_enabled(self):
'''Returns true if caching is enabled for this object
or method.'''
return self.__enabled
+ security.declareProtected(ChangeCacheSettingsPermission,
+ 'ZCacheable_setEnabled')
def ZCacheable_setEnabled(self, enabled=0, REQUEST=None):
'''Changes the enabled flag. Normally used only when
setting up cacheable ZClass methods.'''
@@ -333,6 +338,8 @@
self, REQUEST, management_view='Cache',
manage_tabs_message='Cache settings changed.')
+ security.declareProtected(ViewManagementScreensPermission,
+ 'ZCacheable_configHTML')
def ZCacheable_configHTML(self):
'''Override to provide configuration of caching
behavior that can only be specific to the cacheable object.
@@ -340,7 +347,7 @@
return ''
-Globals.default__class_init__(Cacheable)
+InitializeClass(Cacheable)
def findCacheables(ob, manager_id, require_assoc, subfolders,
@@ -432,19 +439,15 @@
A base class for cache managers. Implement ZCacheManager_getCache().
'''
- ZCacheManager_getCache__roles__ = ()
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(ChangeCacheSettingsPermission, ('Manager',))
+
+ security.declarePrivate('ZCacheManager_getCache')
def ZCacheManager_getCache(self):
raise NotImplementedError
_isCacheManager = 1
- __ac_permissions__ = (
- ('Change cache settings', ('ZCacheManager_locate',
- 'ZCacheManager_setAssociations',
- 'ZCacheManager_associate'),
- ('Manager',)),
- )
-
manage_options = (
{'label':'Associate',
'action':'ZCacheManager_associate',
@@ -473,8 +476,12 @@
global manager_timestamp
manager_timestamp = time.time()
+ security.declareProtected(ChangeCacheSettingsPermission,
+ 'ZCacheManager_associate')
ZCacheManager_associate = DTMLFile('dtml/cmassoc', globals())
+ security.declareProtected(ChangeCacheSettingsPermission,
+ 'ZCacheManager_locate')
def ZCacheManager_locate(self, require_assoc, subfolders,
meta_types=[], REQUEST=None):
'''Locates cacheable objects.
@@ -494,6 +501,8 @@
else:
return rval
+ security.declareProtected(ChangeCacheSettingsPermission,
+ 'ZCacheManager_setAssociations')
def ZCacheManager_setAssociations(self, props=None, REQUEST=None):
'''Associates and un-associates cacheable objects with this
cache manager.
@@ -530,4 +539,4 @@
(addcount, remcount)
)
-Globals.default__class_init__(CacheManager)
+InitializeClass(CacheManager)
Modified: Zope/trunk/lib/python/OFS/CopySupport.py
===================================================================
--- Zope/trunk/lib/python/OFS/CopySupport.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/CopySupport.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -23,8 +23,12 @@
import Globals, Moniker, ExtensionClass
import transaction
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager
-from AccessControl.Permissions import delete_objects as DeleteObjects
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import copy_or_move
+from AccessControl.Permissions import delete_objects
from Acquisition import aq_base, aq_inner, aq_parent
from App.Dialogs import MessageDialog
from webdav.Lockable import ResourceLockedError
@@ -54,13 +58,7 @@
implements(ICopyContainer)
- __ac_permissions__=(
- ('View management screens',
- ('manage_copyObjects', 'manage_pasteObjects',
- 'manage_renameForm', 'manage_renameObject', 'manage_renameObjects',)),
- ('Delete objects',
- ('manage_cutObjects',)),
- )
+ security = ClassSecurityInfo()
# The following three methods should be overridden to store sub-objects
# as non-attributes.
@@ -83,6 +81,7 @@
def manage_CopyContainerAllItems(self, REQUEST):
return map(lambda i, s=self: s._getOb(i), tuple(REQUEST['ids']))
+ security.declareProtected(delete_objects, 'manage_cutObjects')
def manage_cutObjects(self, ids=None, REQUEST=None):
"""Put a reference to the objects named in ids in the clip board"""
if ids is None and REQUEST is not None:
@@ -112,6 +111,7 @@
return self.manage_main(self, REQUEST)
return cp
+ security.declareProtected(view_management_screens, 'manage_copyObjects')
def manage_copyObjects(self, ids=None, REQUEST=None, RESPONSE=None):
"""Put a reference to the objects named in ids in the clip board"""
if ids is None and REQUEST is not None:
@@ -154,6 +154,7 @@
id='copy%s_of_%s' % (n and n+1 or '', orig_id)
n=n+1
+ security.declareProtected(view_management_screens, 'manage_pasteObjects')
def manage_pasteObjects(self, cb_copy_data=None, REQUEST=None):
"""Paste previously copied objects into the current object.
@@ -287,8 +288,10 @@
return result
+ security.declareProtected(view_management_screens, 'manage_renameForm')
manage_renameForm=Globals.DTMLFile('dtml/renameForm', globals())
+ security.declareProtected(view_management_screens, 'manage_renameObjects')
def manage_renameObjects(self, ids=[], new_ids=[], REQUEST=None):
"""Rename several sub-objects"""
if len(ids) != len(new_ids):
@@ -300,6 +303,7 @@
return self.manage_main(self, REQUEST, update_menu=1)
return None
+ security.declareProtected(view_management_screens, 'manage_renameObject')
def manage_renameObject(self, id, new_id, REQUEST=None):
"""Rename a particular sub-object.
"""
@@ -353,7 +357,8 @@
# supposed to be public since it does its own auth ?
#
# Because it's still a "management" function.
- manage_clone__roles__=None
+
+ security.declarePublic('manage_clone')
def manage_clone(self, ob, id, REQUEST=None):
"""Clone an object, creating a new object with the given id.
"""
@@ -497,7 +502,7 @@
raise Unauthorized, absattr(object.id)
if validate_src == 2: # moving
- if not sm.checkPermission(DeleteObjects, parent):
+ if not sm.checkPermission(delete_objects, parent):
raise Unauthorized, 'Delete not allowed.'
else: # /if method_name
@@ -507,7 +512,7 @@
'operation.' % escape(absattr(object.id))),
action = 'manage_main')
-Globals.default__class_init__(CopyContainer)
+InitializeClass(CopyContainer)
class CopySource(ExtensionClass.Base):
@@ -518,9 +523,8 @@
# declare a dummy permission for Copy or Move here that we check
# in cb_isCopyable.
- __ac_permissions__=(
- ('Copy or Move', (), ('Anonymous', 'Manager',)),
- )
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(copy_or_move, ('Anonymous', 'Manager'))
def _canCopy(self, op=0):
"""Called to make sure this object is copyable.
@@ -593,10 +597,10 @@
return 1
def cb_userHasCopyOrMovePermission(self):
- if getSecurityManager().checkPermission('Copy or Move', self):
+ if getSecurityManager().checkPermission(copy_or_move, self):
return 1
-Globals.default__class_init__(CopySource)
+InitializeClass(CopySource)
def sanity_check(c, ob):
Modified: Zope/trunk/lib/python/OFS/DTMLDocument.py
===================================================================
--- Zope/trunk/lib/python/OFS/DTMLDocument.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/DTMLDocument.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,6 +14,7 @@
$Id$
"""
+from Globals import InitializeClass
from ZPublisher.Converters import type_converters
from Globals import HTML, DTMLFile, MessageDialog
from OFS.content_types import guess_content_type
@@ -24,8 +25,9 @@
from webdav.WriteLockInterface import WriteLockInterface
from sgmllib import SGMLParser
from urllib import quote
-import Globals
from AccessControl import getSecurityManager
+from AccessControl.Permissions import change_dtml_methods
+from AccessControl.Permissions import change_dtml_documents
from zExceptions.TracebackSupplement import PathTracebackSupplement
done='done'
@@ -45,12 +47,14 @@
PropertyManager.manage_options +
DTMLMethod.manage_options[2:]
)
-
- ps = DTMLMethod.__ac_permissions__
- __ac_permissions__=(
- ps[0], ('Change DTML Documents', ps[1][1]), ps[2], ps[3], ps[4])
- del ps
+ # Replace change_dtml_methods by change_dtml_documents
+ __ac_permissions__ = tuple([
+ (perms[0] == change_dtml_methods)
+ and (change_dtml_documents, perms[1])
+ or perms
+ for perms in DTMLMethod.__ac_permissions__])
+
def manage_edit(self,data,title,SUBMIT='Change',dtpref_cols='100%',
dtpref_rows='20',REQUEST=None):
"""
@@ -146,7 +150,7 @@
return result
-Globals.default__class_init__(DTMLDocument)
+InitializeClass(DTMLDocument)
default_dd_html="""<dtml-var standard_html_header>
Modified: Zope/trunk/lib/python/OFS/DTMLMethod.py
===================================================================
--- Zope/trunk/lib/python/OFS/DTMLMethod.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/DTMLMethod.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,9 +16,11 @@
"""
import History
from Globals import HTML, DTMLFile, MessageDialog
+from Globals import InitializeClass
from SimpleItem import Item_w__name__, pretty_tb
from OFS.content_types import guess_content_type
from PropertyManager import PropertyManager
+from AccessControl import ClassSecurityInfo
from AccessControl.Role import RoleManager
from webdav.common import rfc1123_date
from webdav.Lockable import ResourceLockedError
@@ -28,6 +30,11 @@
from urllib import quote
import Globals, sys, Acquisition
from AccessControl import getSecurityManager
+from AccessControl.Permissions import change_dtml_methods
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import change_proxy_roles
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import ftp_access
from AccessControl.DTML import RestrictedDTML
from Cache import Cacheable
from zExceptions import Forbidden
@@ -50,6 +57,9 @@
__implements__ = (WriteLockInterface,)
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(View)
+
# Documents masquerade as functions:
class func_code: pass
func_code=func_code()
@@ -74,28 +84,17 @@
+Cacheable.manage_options
)
- # Careful in changes--used by DTMLDocument!
- __ac_permissions__=(
- ('View management screens',
- ('document_src', 'PrincipiaSearchSource')),
- ('Change DTML Methods',
- ('manage_editForm', 'manage', 'manage_main',
- 'manage_edit', 'manage_upload', 'PUT',
- 'manage_historyCopy',
- 'manage_beforeHistoryCopy', 'manage_afterHistoryCopy',
- 'ZCacheable_configHTML', 'getCacheNamespaceKeys',
- 'setCacheNamespaceKeys',
- )
- ),
- ('Change proxy roles', ('manage_proxyForm', 'manage_proxy')),
- ('View', ('__call__', 'get_size', '')),
- ('FTP access', ('manage_FTPstat','manage_FTPget','manage_FTPlist')),
- )
+ # Careful in permissiong changes--used by DTMLDocument!
+ security.declareProtected(change_dtml_methods, 'manage_historyCopy')
+ security.declareProtected(change_dtml_methods, 'manage_beforeHistoryCopy')
+ security.declareProtected(change_dtml_methods, 'manage_afterHistoryCopy')
+
# support a more reasonable default for content-type
# for http HEAD requests.
default_content_type='text/html'
+ security.declareProtected(View, '__call__')
def __call__(self, client=None, REQUEST={}, RESPONSE=None, **kw):
"""Render the document given a client object, REQUEST mapping,
Response, and key word arguments."""
@@ -190,14 +189,17 @@
kw[key] = val
self.ZCacheable_set(result, keywords=kw)
+ security.declareProtected(change_dtml_methods, 'ZCacheable_configHTML')
ZCacheable_configHTML = DTMLFile('dtml/cacheNamespaceKeys', globals())
+ security.declareProtected(change_dtml_methods, 'getCacheNamespaceKeys')
def getCacheNamespaceKeys(self):
'''
Returns the cacheNamespaceKeys.
'''
return self._cache_namespace_keys
+ security.declareProtected(change_dtml_methods, 'setCacheNamespaceKeys')
def setCacheNamespaceKeys(self, keys, REQUEST=None):
'''
Sets the list of names that should be looked up in the
@@ -212,19 +214,26 @@
if REQUEST is not None:
return self.ZCacheable_manage(self, REQUEST)
+ security.declareProtected(View, 'get_size')
def get_size(self):
return len(self.raw)
# deprecated; use get_size!
getSize=get_size
+ security.declareProtected(change_dtml_methods, 'manage')
+
+ security.declareProtected(change_dtml_methods, 'manage_editForm')
manage_editForm=DTMLFile('dtml/documentEdit', globals())
manage_editForm._setName('manage_editForm')
# deprecated!
manage_uploadForm=manage_editForm
+ security.declareProtected(change_dtml_methods, 'manage_main')
manage=manage_main=manage_editDocument=manage_editForm
+
+ security.declareProtected(change_proxy_roles, 'manage_proxyForm')
manage_proxyForm=DTMLFile('dtml/documentProxy', globals())
_size_changes={
@@ -252,6 +261,7 @@
return self.manage_main(self, REQUEST, title=title,
__str__=self.quotedHTML(data))
+ security.declareProtected(change_dtml_methods, 'manage_edit')
def manage_edit(self,data,title,SUBMIT='Change',dtpref_cols='100%',
dtpref_rows='20',REQUEST=None):
"""
@@ -277,6 +287,7 @@
message="Saved changes."
return self.manage_main(self,REQUEST,manage_tabs_message=message)
+ security.declareProtected(change_dtml_methods, 'manage_upload')
def manage_upload(self,file='', REQUEST=None):
"""Replace the contents of the document with the text in file."""
self._validateProxy(REQUEST)
@@ -315,6 +326,7 @@
'do not have proxy roles.\n<!--%s, %s-->' % (self.__name__, u, roles))
+ security.declareProtected(change_proxy_roles, 'manage_proxy')
def manage_proxy(self, roles=(), REQUEST=None):
"Change Proxy Roles"
self._validateProxy(REQUEST, roles)
@@ -325,10 +337,12 @@
message="Saved changes."
return self.manage_proxyForm(self,REQUEST,manage_tabs_message=message)
+ security.declareProtected(view_management_screens, 'PrincipiaSearchSource')
def PrincipiaSearchSource(self):
"Support for searching - the document's contents are searched."
return self.read()
+ security.declareProtected(view_management_screens, 'document_src')
def document_src(self, REQUEST=None, RESPONSE=None):
"""Return unprocessed document source."""
if RESPONSE is not None:
@@ -337,6 +351,7 @@
## Protocol handlers
+ security.declareProtected(change_dtml_methods, 'PUT')
def PUT(self, REQUEST, RESPONSE):
"""Handle HTTP PUT requests."""
self.dav__init(REQUEST, RESPONSE)
@@ -348,6 +363,10 @@
RESPONSE.setStatus(204)
return RESPONSE
+ security.declareProtected(ftp_access, 'manage_FTPstat')
+ security.declareProtected(ftp_access, 'manage_FTPlist')
+
+ security.declareProtected(ftp_access, 'manage_FTPget')
def manage_FTPget(self):
"Get source for FTP download"
return self.read()
@@ -361,6 +380,8 @@
rev1.read(), rev2.read()
))
+InitializeClass(DTMLMethod)
+
import re
token = "[a-zA-Z0-9!#$%&'*+\-.\\\\^_`|~]+"
hdr_start = re.compile(r'(%s):(.*)' % token).match
Modified: Zope/trunk/lib/python/OFS/FindSupport.py
===================================================================
--- Zope/trunk/lib/python/OFS/FindSupport.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/FindSupport.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,14 +17,16 @@
from string import translate
-import Globals, ExtensionClass
+import ExtensionClass
from AccessControl import ClassSecurityInfo
from AccessControl.DTML import RestrictedDTML
from AccessControl.Permission import name_trans
+from AccessControl.Permissions import view_management_screens
from DateTime import DateTime
from DocumentTemplate.DT_Util import Eval
from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
from Globals import DTMLFile
+from Globals import InitializeClass
from zope.interface import implements
from interfaces import IFindSupport
@@ -36,31 +38,32 @@
implements(IFindSupport)
-#findframe is deprecated
+ security = ClassSecurityInfo()
+
+ #findframe is deprecated
+ security.declareProtected(view_management_screens, 'manage_findFrame')
manage_findFrame=DTMLFile('dtml/findFrame', globals())
+
+ security.declareProtected(view_management_screens, 'manage_findForm')
manage_findForm=DTMLFile('dtml/findForm', globals(),
management_view='Find')
+
+ security.declareProtected(view_management_screens, 'manage_findAdv')
manage_findAdv=DTMLFile('dtml/findAdv', globals(),
management_view='Find',
help_topic='Find_Advanced.stx',
help_product='OFSP')
+
+ security.declareProtected(view_management_screens, 'manage_findResult')
manage_findResult=DTMLFile('dtml/findResult', globals(),
management_view='Find')
- __ac_permissions__=(
- ('View management screens',
- ('manage_findFrame', 'manage_findForm', 'manage_findAdv',
- 'manage_findResult')),
- )
-
manage_options=(
{'label':'Find', 'action':'manage_findForm',
'help':('OFSP','Find.stx')},
)
- security = ClassSecurityInfo()
-
- security.declareProtected('View management screens', 'ZopeFind')
+ security.declareProtected(view_management_screens, 'ZopeFind')
def ZopeFind(self, obj, obj_ids=None, obj_metatypes=None,
obj_searchterm=None, obj_expr=None,
obj_mtime=None, obj_mspec=None,
@@ -164,10 +167,10 @@
- security.declareProtected('View management screens', 'PrincipiaFind')
+ security.declareProtected(view_management_screens, 'PrincipiaFind')
PrincipiaFind=ZopeFind
- security.declareProtected('View management screens', 'ZopeFindAndApply')
+ security.declareProtected(view_management_screens, 'ZopeFindAndApply')
def ZopeFindAndApply(self, obj, obj_ids=None, obj_metatypes=None,
obj_searchterm=None, obj_expr=None,
obj_mtime=None, obj_mspec=None,
@@ -259,7 +262,7 @@
return result
-Globals.InitializeClass(FindSupport)
+InitializeClass(FindSupport)
class td(RestrictedDTML, TemplateDict):
Modified: Zope/trunk/lib/python/OFS/Folder.py
===================================================================
--- Zope/trunk/lib/python/OFS/Folder.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Folder.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,7 @@
"""
import AccessControl.Role, webdav.Collection
-import Globals
+from Globals import InitializeClass
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
from AccessControl.Permissions import add_page_templates
@@ -108,4 +108,4 @@
if id is not None:
self.id = str(id)
-Globals.default__class_init__(Folder)
+InitializeClass(Folder)
Modified: Zope/trunk/lib/python/OFS/History.py
===================================================================
--- Zope/trunk/lib/python/OFS/History.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/History.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -15,11 +15,14 @@
$Id$
"""
import Globals, ExtensionClass, difflib
+from Globals import InitializeClass
from DateTime import DateTime
from Acquisition import Implicit, aq_base
from struct import pack, unpack
from cgi import escape
from zExceptions import Redirect
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_history
class TemporalParadox(Exception): pass
@@ -84,26 +87,22 @@
they don't have persistent sub-objects.
"""
+ security = ClassSecurityInfo()
+
HistoricalRevisions=Historian()
- __ac_permissions__=(
- ('View History',
- ('manage_change_history_page','manage_change_history',
- 'manage_historyCompare', 'manage_historicalComparison',
- )
- ),
- )
-
manage_options=({'label':'History', 'action':'manage_change_history_page',
'help':('OFSP','History.stx')
},
)
+ security.declareProtected(view_history, 'manage_change_history_page')
manage_change_history_page=Globals.DTMLFile(
'dtml/history', globals(),
HistoryBatchSize=20,
first_transaction=0, last_transaction=20)
+ security.declareProtected(view_history, 'manage_change_history')
def manage_change_history(self):
first=0
last=20
@@ -161,6 +160,7 @@
_manage_historyComparePage=Globals.DTMLFile(
'dtml/historyCompare', globals(), management_view='History')
+ security.declareProtected(view_history, 'manage_historyCompare')
def manage_historyCompare(self, rev1, rev2, REQUEST,
historyComparisonResults=''):
dt1=DateTime(rev1._p_mtime)
@@ -170,6 +170,7 @@
dt1=dt1, dt2=dt2,
historyComparisonResults=historyComparisonResults)
+ security.declareProtected(view_history, 'manage_historicalComparison')
def manage_historicalComparison(self, REQUEST, keys=[]):
"Compare two selected revisions"
if not keys:
@@ -192,8 +193,9 @@
return self.manage_historyCompare(rev1, rev2, REQUEST)
-Globals.default__class_init__(Historical)
+InitializeClass(Historical)
+
def dump(tag, x, lo, hi, r):
r1=[]
r2=[]
Modified: Zope/trunk/lib/python/OFS/Image.py
===================================================================
--- Zope/trunk/lib/python/OFS/Image.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Image.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,11 +14,18 @@
$Id$
"""
-import Globals, struct
+import struct
from OFS.content_types import guess_content_type
from Globals import DTMLFile
+from Globals import InitializeClass
from PropertyManager import PropertyManager
+from AccessControl import ClassSecurityInfo
from AccessControl.Role import RoleManager
+from AccessControl.Permissions import change_images_and_files
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import ftp_access
+from AccessControl.Permissions import delete_objects
from webdav.common import rfc1123_date
from webdav.Lockable import ResourceLockedError
from webdav.WriteLockInterface import WriteLockInterface
@@ -74,6 +81,8 @@
__implements__ = (WriteLockInterface, HTTPRangeSupport.HTTPRangeInterface)
meta_type='File'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(View)
precondition=''
size=None
@@ -82,6 +91,9 @@
manage_editForm =DTMLFile('dtml/fileEdit',globals(),
Kind='File',kind='file')
manage_editForm._setName('manage_editForm')
+
+ security.declareProtected(view_management_screens, 'manage')
+ security.declareProtected(view_management_screens, 'manage_main')
manage=manage_main=manage_editForm
manage_uploadForm=manage_editForm
@@ -98,22 +110,6 @@
+ Cacheable.manage_options
)
-
- __ac_permissions__=(
- ('View management screens',
- ('manage', 'manage_main',)),
- ('Change Images and Files',
- ('manage_edit','manage_upload','PUT')),
- ('View',
- ('index_html', 'view_image_or_file', 'get_size',
- 'getContentType', 'PrincipiaSearchSource', '')),
- ('FTP access',
- ('manage_FTPstat','manage_FTPget','manage_FTPlist')),
- ('Delete objects',
- ('DELETE',)),
- )
-
-
_properties=({'id':'title', 'type': 'string'},
{'id':'alt', 'type':'string'},
{'id':'content_type', 'type':'string'},
@@ -355,6 +351,7 @@
RESPONSE.write('\r\n--%s--\r\n' % boundary)
return True
+ security.declareProtected(View, 'index_html')
def index_html(self, REQUEST, RESPONSE):
"""
The default view of the contents of a File or Image.
@@ -414,12 +411,14 @@
return ''
+ security.declareProtected(View, 'view_image_or_file')
def view_image_or_file(self, URL1):
"""
The default view of the contents of the File or Image.
"""
raise Redirect, URL1
+ security.declareProtected(View, 'PrincipiaSearchSource')
def PrincipiaSearchSource(self):
""" Allow file objects to be searched.
"""
@@ -427,8 +426,7 @@
return str(self.data)
return ''
- # private
- update_data__roles__=()
+ security.declarePrivate('update_data')
def update_data(self, data, content_type=None, size=None):
if content_type is not None: self.content_type=content_type
if size is None: size=len(data)
@@ -438,6 +436,7 @@
self.ZCacheable_set(None)
self.http__refreshEtag()
+ security.declareProtected(change_images_and_files, 'manage_edit')
def manage_edit(self, title, content_type, precondition='',
filedata=None, REQUEST=None):
"""
@@ -458,6 +457,7 @@
message="Saved changes."
return self.manage_main(self,REQUEST,manage_tabs_message=message)
+ security.declareProtected(change_images_and_files, 'manage_upload')
def manage_upload(self,file='',REQUEST=None):
"""
Replaces the current contents of the File or Image object with file.
@@ -553,6 +553,9 @@
return next, size
+ security.declareProtected(delete_objects, 'DELETE')
+
+ security.declareProtected(change_images_and_files, 'PUT')
def PUT(self, REQUEST, RESPONSE):
"""Handle HTTP PUT requests"""
self.dav__init(REQUEST, RESPONSE)
@@ -569,6 +572,7 @@
RESPONSE.setStatus(204)
return RESPONSE
+ security.declareProtected(View, 'get_size')
def get_size(self):
"""Get the size of a file or image.
@@ -581,6 +585,7 @@
# deprecated; use get_size!
getSize=get_size
+ security.declareProtected(View, 'getContentType')
def getContentType(self):
"""Get the content type of a file or image.
@@ -592,6 +597,10 @@
def __str__(self): return str(self.data)
def __len__(self): return 1
+ security.declareProtected(ftp_access, 'manage_FTPstat')
+ security.declareProtected(ftp_access, 'manage_FTPlist')
+
+ security.declareProtected(ftp_access, 'manage_FTPget')
def manage_FTPget(self):
"""Return body for ftp."""
RESPONSE = self.REQUEST.RESPONSE
@@ -719,23 +728,23 @@
__implements__ = (WriteLockInterface,)
meta_type='Image'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(View)
height=''
width=''
- __ac_permissions__=(
- ('View management screens',
- ('manage', 'manage_main',)),
- ('Change Images and Files',
- ('manage_edit','manage_upload','PUT')),
- ('View',
- ('index_html', 'tag', 'view_image_or_file', 'get_size',
- 'getContentType', '')),
- ('FTP access',
- ('manage_FTPstat','manage_FTPget','manage_FTPlist')),
- ('Delete objects',
- ('DELETE',)),
- )
+ # FIXME: Redundant, already in base class
+ security.declareProtected(change_images_and_files, 'manage_edit')
+ security.declareProtected(change_images_and_files, 'manage_upload')
+ security.declareProtected(change_images_and_files, 'PUT')
+ security.declareProtected(View, 'index_html')
+ security.declareProtected(View, 'get_size')
+ security.declareProtected(View, 'getContentType')
+ security.declareProtected(ftp_access, 'manage_FTPstat')
+ security.declareProtected(ftp_access, 'manage_FTPlist')
+ security.declareProtected(ftp_access, 'manage_FTPget')
+ security.declareProtected(delete_objects, 'DELETE')
_properties=({'id':'title', 'type': 'string'},
{'id':'content_type', 'type':'string','mode':'w'},
@@ -756,13 +765,17 @@
manage_editForm =DTMLFile('dtml/imageEdit',globals(),
Kind='Image',kind='image')
+ manage_editForm._setName('manage_editForm')
+
+ security.declareProtected(View, 'view_image_or_file')
view_image_or_file =DTMLFile('dtml/imageView',globals())
- manage_editForm._setName('manage_editForm')
+
+ security.declareProtected(view_management_screens, 'manage')
+ security.declareProtected(view_management_screens, 'manage_main')
manage=manage_main=manage_editForm
manage_uploadForm=manage_editForm
- # private
- update_data__roles__=()
+ security.declarePrivate('update_data')
def update_data(self, data, content_type=None, size=None):
if size is None: size=len(data)
@@ -785,6 +798,7 @@
def __str__(self):
return self.tag()
+ security.declareProtected(View, 'tag')
def tag(self, height=None, width=None, alt=None,
scale=0, xscale=0, yscale=0, css_class=None, title=None, **args):
"""
Modified: Zope/trunk/lib/python/OFS/ObjectManager.py
===================================================================
--- Zope/trunk/lib/python/OFS/ObjectManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/ObjectManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -24,13 +24,20 @@
import App.Common
import App.FactoryDispatcher, Products
-import App.Management, Acquisition, Globals, Products
+import App.Management, Acquisition
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import delete_objects
+from AccessControl.Permissions import ftp_access
+from AccessControl.Permissions import import_export_objects
from AccessControl import getSecurityManager
from AccessControl.ZopeSecurityPolicy import getRoles
from Acquisition import aq_base
from App.config import getConfiguration
+from Globals import InitializeClass
from Globals import DTMLFile, Persistent
-from Globals import MessageDialog, default__class_init__
+from Globals import MessageDialog
from Globals import REPLACEABLE, NOT_REPLACEABLE, UNIQUE
from webdav.Collection import Collection
from webdav.Lockable import ResourceLockedError
@@ -133,28 +140,20 @@
implements(IObjectManager)
- __ac_permissions__=(
- ('View management screens', ('manage_main',)),
- ('Access contents information',
- ('objectIds', 'objectValues', 'objectItems',''),
- ('Anonymous', 'Manager'),
- ),
- ('Delete objects', ('manage_delObjects',)),
- ('FTP access', ('manage_FTPstat','manage_FTPlist')),
- ('Import/Export objects',
- ('manage_importObject','manage_importExportForm',
- 'manage_exportObject')
- ),
- )
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(access_contents_information)
+ security.setPermissionDefault(access_contents_information,
+ ('Anonymous', 'Manager'))
-
meta_type = 'Object Manager'
meta_types=() # Sub-object types that are specific to this object
_objects = ()
+ security.declareProtected(view_management_screens, 'manage_main')
manage_main=DTMLFile('dtml/main', globals())
+
manage_index_main=DTMLFile('dtml/index_main', globals())
manage_options=(
@@ -177,7 +176,7 @@
mt.sort()
self.meta_types=tuple(mt)
- default__class_init__(self)
+ InitializeClass(self) # default__class_init__
def all_meta_types(self, interfaces=None):
# A list of products registered elsewhere
@@ -362,6 +361,7 @@
if not suppress_events:
notify(ObjectRemovedEvent(ob, self, id))
+ security.declareProtected(access_contents_information, 'objectIds')
def objectIds(self, spec=None):
# Returns a list of subobject ids of the current object.
# If 'spec' is specified, returns objects whose meta_type
@@ -376,12 +376,14 @@
return set
return [ o['id'] for o in self._objects ]
+ security.declareProtected(access_contents_information, 'objectValues')
def objectValues(self, spec=None):
# Returns a list of actual subobjects of the current object.
# If 'spec' is specified, returns only objects whose meta_type
# match 'spec'.
return [ self._getOb(id) for id in self.objectIds(spec) ]
+ security.declareProtected(access_contents_information, 'objectItems')
def objectItems(self, spec=None):
# Returns a list of (id, subobject) tuples of the current object.
# If 'spec' is specified, returns only objects whose meta_type match
@@ -456,6 +458,7 @@
manage_addProduct=App.FactoryDispatcher.ProductDispatcher()
+ security.declareProtected(delete_objects, 'manage_delObjects')
def manage_delObjects(self, ids=[], REQUEST=None):
"""Delete a subordinate object
@@ -512,6 +515,7 @@
r.append(o)
return r
+ security.declareProtected(import_export_objects, 'manage_exportObject')
def manage_exportObject(self, id='', download=None, toxml=None,
RESPONSE=None,REQUEST=None):
"""Exports an object to a file and returns that file."""
@@ -548,8 +552,10 @@
title = 'Object exported')
+ security.declareProtected(import_export_objects, 'manage_importExportForm')
manage_importExportForm=DTMLFile('dtml/importExport',globals())
+ security.declareProtected(import_export_objects, 'manage_importObject')
def manage_importObject(self, file, REQUEST=None, set_owner=1):
"""Import an object from a file"""
dirname, file=os.path.split(file)
@@ -608,6 +614,7 @@
# FTP support methods
+ security.declareProtected(ftp_access, 'manage_FTPlist')
def manage_FTPlist(self, REQUEST):
"""Directory listing for FTP.
"""
@@ -672,6 +679,7 @@
if not REQUEST['id'] in self.objectIds():
raise KeyError(REQUEST['id'])
+ security.declareProtected(ftp_access, 'manage_FTPstat')
def manage_FTPstat(self,REQUEST):
"""Psuedo stat, used by FTP for directory listings.
"""
@@ -710,7 +718,10 @@
return NullResource(self, key, request).__of__(self)
raise KeyError, key
+# Don't InitializeClass, there is a specific __class_init__ on ObjectManager
+# InitializeClass(ObjectManager)
+
def findChildren(obj,dirname=''):
""" recursive walk through the object hierarchy to
find all children of an object (ajung)
@@ -738,5 +749,3 @@
except: pass # Bleah generic pass is bad
return ObjectManager.all_meta_types(self, interfaces)
-
-Globals.default__class_init__(ObjectManager)
Modified: Zope/trunk/lib/python/OFS/PropertyManager.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertyManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/PropertyManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,11 @@
from cgi import escape
from types import ListType
-import ExtensionClass, Globals
+import ExtensionClass
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import manage_properties
from Acquisition import aq_base
from Globals import DTMLFile, MessageDialog
from Globals import Persistent
@@ -97,35 +101,26 @@
implements(IPropertyManager)
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(access_contents_information)
+ security.setPermissionDefault(access_contents_information,
+ ('Anonymous', 'Manager'))
+
manage_options=(
{'label':'Properties', 'action':'manage_propertiesForm',
'help':('OFSP','Properties.stx')},
)
+ security.declareProtected(manage_properties, 'manage_propertiesForm')
manage_propertiesForm=DTMLFile('dtml/properties', globals(),
property_extensible_schema__=1)
+ security.declareProtected(manage_properties, 'manage_propertyTypeForm')
manage_propertyTypeForm=DTMLFile('dtml/propertyType', globals())
title=''
_properties=({'id':'title', 'type': 'string', 'mode':'wd'},)
_reserved_names=()
- __ac_permissions__=(
- ('Manage properties', ('manage_addProperty',
- 'manage_editProperties',
- 'manage_delProperties',
- 'manage_changeProperties',
- 'manage_propertiesForm',
- 'manage_propertyTypeForm',
- 'manage_changePropertyTypes',
- )),
- ('Access contents information',
- ('hasProperty', 'propertyIds', 'propertyValues','propertyItems',
- 'getProperty', 'getPropertyType', 'propertyMap', ''),
- ('Anonymous', 'Manager'),
- ),
- )
-
__propsets__=()
propertysheets=vps(DefaultPropertySheets)
@@ -135,6 +130,7 @@
return 0
return 1
+ security.declareProtected(access_contents_information, 'hasProperty')
def hasProperty(self, id):
"""Return true if object has a property 'id'.
"""
@@ -143,6 +139,7 @@
return 1
return 0
+ security.declareProtected(access_contents_information, 'getProperty')
def getProperty(self, id, d=None):
"""Get the property 'id'.
@@ -153,6 +150,7 @@
return getattr(self, id)
return d
+ security.declareProtected(access_contents_information, 'getPropertyType')
def getPropertyType(self, id):
"""Get the type of property 'id'.
@@ -220,16 +218,19 @@
self._properties=tuple(filter(lambda i, n=id: i['id'] != n,
self._properties))
+ security.declareProtected(access_contents_information, 'propertyIds')
def propertyIds(self):
"""Return a list of property ids.
"""
return map(lambda i: i['id'], self._properties)
+ security.declareProtected(access_contents_information, 'propertyValues')
def propertyValues(self):
"""Return a list of actual property objects.
"""
return map(lambda i,s=self: getattr(s,i['id']), self._properties)
+ security.declareProtected(access_contents_information, 'propertyItems')
def propertyItems(self):
"""Return a list of (id,property) tuples.
"""
@@ -240,6 +241,7 @@
"""
return self._properties
+ security.declareProtected(access_contents_information, 'propertyMap')
def propertyMap(self):
"""Return a tuple of mappings, giving meta-data for properties.
@@ -264,6 +266,7 @@
# Web interface
+ security.declareProtected(manage_properties, 'manage_addProperty')
def manage_addProperty(self, id, value, type, REQUEST=None):
"""Add a new property via the web.
@@ -275,6 +278,7 @@
if REQUEST is not None:
return self.manage_propertiesForm(self, REQUEST)
+ security.declareProtected(manage_properties, 'manage_editProperties')
def manage_editProperties(self, REQUEST):
"""Edit object properties via the web.
@@ -296,6 +300,7 @@
return self.manage_propertiesForm(self,REQUEST,
manage_tabs_message=message)
+ security.declareProtected(manage_properties, 'manage_changeProperties')
def manage_changeProperties(self, REQUEST=None, **kw):
"""Change existing object properties.
@@ -321,6 +326,7 @@
# Note - this is experimental, pending some community input.
+ security.declareProtected(manage_properties, 'manage_changePropertyTypes')
def manage_changePropertyTypes(self, old_ids, props, REQUEST=None):
"""Replace one set of properties with another
@@ -340,6 +346,7 @@
return self.manage_propertiesForm(self, REQUEST)
+ security.declareProtected(manage_properties, 'manage_delProperties')
def manage_delProperties(self, ids=None, REQUEST=None):
"""Delete one or more properties specified by 'ids'."""
if REQUEST:
@@ -367,4 +374,4 @@
if REQUEST is not None:
return self.manage_propertiesForm(self, REQUEST)
-Globals.default__class_init__(PropertyManager)
+InitializeClass(PropertyManager)
Modified: Zope/trunk/lib/python/OFS/PropertySheets.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertySheets.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/PropertySheets.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,6 +18,7 @@
from webdav.interfaces import IWriteLock
from webdav.WriteLockInterface import WriteLockInterface
from ZPublisher.Converters import type_converters
+from Globals import InitializeClass
from Globals import DTMLFile, MessageDialog
from Acquisition import Implicit, Explicit
from App.Common import rfc1123_date, iso8601_date
@@ -26,6 +27,10 @@
from Globals import Persistent
from Traversable import Traversable
from Acquisition import aq_base
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
+from AccessControl.Permissions import manage_properties
+from AccessControl.Permissions import view_management_screens
from AccessControl import getSecurityManager
from webdav.common import isDavCollection
from zExceptions import BadRequest, Redirect
@@ -100,20 +105,10 @@
_extensible=1
icon='p_/Properties_icon'
- __ac_permissions__=(
- ('Manage properties', ('manage_addProperty',
- 'manage_editProperties',
- 'manage_delProperties',
- 'manage_changeProperties',
- 'manage_propertiesForm',
- )),
- ('Access contents information',
- ('xml_namespace', 'hasProperty', 'getProperty', 'getPropertyType',
- 'propertyIds', 'propertyValues','propertyItems', 'propertyInfo',
- 'propertyMap', ''),
- ('Anonymous', 'Manager'),
- ),
- )
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(access_contents_information)
+ security.setPermissionDefault(access_contents_information,
+ ('Anonymous', 'Manager'))
__reserved_ids= ('values','items')
@@ -139,6 +134,7 @@
def getId(self):
return self.id
+ security.declareProtected(access_contents_information, 'xml_namespace')
def xml_namespace(self):
# Return a namespace string usable as an xml namespace
# for this property set.
@@ -156,6 +152,7 @@
return 0
return 1
+ security.declareProtected(access_contents_information, 'hasProperty')
def hasProperty(self, id):
# Return a true value if a property exists with the given id.
for prop in self._propertyMap():
@@ -163,6 +160,7 @@
return 1
return 0
+ security.declareProtected(access_contents_information, 'getProperty')
def getProperty(self, id, default=None):
# Return the property with the given id, returning the optional
# second argument or None if no such property is found.
@@ -170,6 +168,7 @@
return getattr(self.v_self(), id)
return default
+ security.declareProtected(access_contents_information, 'getPropertyType')
def getPropertyType(self, id):
"""Get the type of property 'id', returning None if no
such property exists"""
@@ -263,20 +262,24 @@
pself._properties=tuple(filter(lambda i, n=id: i['id'] != n,
pself._properties))
+ security.declareProtected(access_contents_information, 'propertyIds')
def propertyIds(self):
# Return a list of property ids.
return map(lambda i: i['id'], self._propertyMap())
+ security.declareProtected(access_contents_information, 'propertyValues')
def propertyValues(self):
# Return a list of property values.
return map(lambda i, s=self: s.getProperty(i['id']),
self._propertyMap())
+ security.declareProtected(access_contents_information, 'propertyItems')
def propertyItems(self):
# Return a list of (id, property) tuples.
return map(lambda i, s=self: (i['id'], s.getProperty(i['id'])),
self._propertyMap())
+ security.declareProtected(access_contents_information, 'propertyInfo')
def propertyInfo(self, id):
# Return a mapping containing property meta-data
for p in self._propertyMap():
@@ -289,6 +292,7 @@
# we have to fake it...
return self.p_self()._properties
+ security.declareProtected(access_contents_information, 'propertyMap')
def propertyMap(self):
# Returns a secure copy of the property definitions.
return tuple(map(lambda dict: dict.copy(), self._propertyMap()))
@@ -399,10 +403,13 @@
# Web interface
manage=DTMLFile('dtml/properties', globals())
+
+ security.declareProtected(manage_properties, 'manage_propertiesForm')
def manage_propertiesForm(self, URL1):
" "
raise Redirect, URL1+'/manage'
+ security.declareProtected(manage_properties, 'manage_addProperty')
def manage_addProperty(self, id, value, type, REQUEST=None):
"""Add a new property via the web. Sets a new property with
the given id, type, and value."""
@@ -412,6 +419,7 @@
if REQUEST is not None:
return self.manage(self, REQUEST)
+ security.declareProtected(manage_properties, 'manage_editProperties')
def manage_editProperties(self, REQUEST):
"""Edit object properties via the web."""
for prop in self._propertyMap():
@@ -424,6 +432,7 @@
message='Your changes have been saved',
action ='manage')
+ security.declareProtected(manage_properties, 'manage_changeProperties')
def manage_changeProperties(self, REQUEST=None, **kw):
"""Change existing object properties by passing either a mapping
object of name:value pairs {'foo':6} or passing name=value
@@ -446,6 +455,7 @@
message='Your changes have been saved.',
action ='manage')
+ security.declareProtected(manage_properties, 'manage_delProperties')
def manage_delProperties(self, ids=None, REQUEST=None):
"""Delete one or more properties specified by 'ids'."""
if REQUEST:
@@ -462,7 +472,7 @@
if REQUEST is not None:
return self.manage(self, REQUEST)
-Globals.default__class_init__(PropertySheet)
+InitializeClass(PropertySheet)
class Virtual:
@@ -483,7 +493,7 @@
id='default'
_md={'xmlns': 'http://www.zope.org/propsets/default'}
-Globals.default__class_init__(DefaultProperties)
+InitializeClass(DefaultProperties)
class DAVProperties(Virtual, PropertySheet, View):
@@ -596,7 +606,7 @@
return out
-Globals.default__class_init__(DAVProperties)
+InitializeClass(DAVProperties)
class PropertySheets(Traversable, Implicit, App.Management.Tabs):
@@ -605,19 +615,11 @@
id='propertysheets'
- __ac_permissions__=(
- ('Manage properties', ('manage_addPropertySheet',
- 'addPropertySheet',
- 'delPropertySheet'
- )),
- ('Access contents information',
- ('items', 'values', 'get', ''),
- ('Anonymous', 'Manager'),
- ),
- ('View management screens', ('manage',)),
- )
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(access_contents_information)
+ security.setPermissionDefault(access_contents_information,
+ ('Anonymous', 'Manager'))
-
# optionally to be overridden by derived classes
PropertySheetClass= PropertySheet
@@ -639,10 +641,12 @@
def __getitem__(self, n):
return self.__propsets__()[n].__of__(self)
+ security.declareProtected(access_contents_information, 'values')
def values(self):
propsets=self.__propsets__()
return map(lambda n, s=self: n.__of__(s), propsets)
+ security.declareProtected(access_contents_information, 'items')
def items(self):
propsets=self.__propsets__()
r=[]
@@ -653,6 +657,7 @@
return r
+ security.declareProtected(access_contents_information, 'get')
def get(self, name, default=None):
for propset in self.__propsets__():
if propset.id==name or (hasattr(propset, 'xml_namespace') and \
@@ -660,6 +665,7 @@
return propset.__of__(self)
return default
+ security.declareProtected(manage_properties, 'manage_addPropertySheet')
def manage_addPropertySheet(self, id, ns, REQUEST=None):
""" """
md={'xmlns':ns}
@@ -669,11 +675,13 @@
ps= self.get(id)
REQUEST.RESPONSE.redirect('%s/manage' % ps.absolute_url())
+ security.declareProtected(manage_properties, 'addPropertySheet')
def addPropertySheet(self, propset):
propsets=self.aq_parent.__propsets__
propsets=propsets+(propset,)
self.aq_parent.__propsets__=propsets
+ security.declareProtected(manage_properties, 'delPropertySheet')
def delPropertySheet(self, name):
result=[]
for propset in self.aq_parent.__propsets__:
@@ -709,6 +717,7 @@
# Management interface:
+ security.declareProtected(view_management_screens, 'manage')
manage=Globals.DTMLFile('dtml/propertysheets', globals())
def manage_options(self):
@@ -737,7 +746,7 @@
return PropertySheets.inheritedAttribute('tabs_path_info')(
self, script, path)
-Globals.default__class_init__(PropertySheets)
+InitializeClass(PropertySheets)
class DefaultPropertySheets(PropertySheets):
@@ -749,7 +758,7 @@
def _get_defaults(self):
return (self.default, self.webdav)
-Globals.default__class_init__(DefaultPropertySheets)
+InitializeClass(DefaultPropertySheets)
class FixedSchema(PropertySheet):
@@ -786,7 +795,7 @@
return 0
return self._base._extensible
-Globals.default__class_init__(FixedSchema)
+InitializeClass(FixedSchema)
class vps(Base):
Modified: Zope/trunk/lib/python/OFS/SimpleItem.py
===================================================================
--- Zope/trunk/lib/python/OFS/SimpleItem.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/SimpleItem.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -25,7 +25,10 @@
import AccessControl.Role, AccessControl.Owned, App.Common
import Globals, App.Management, Acquisition, App.Undo
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager, Unauthorized
+from AccessControl.Permissions import view as View
from AccessControl.ZopeSecurityPolicy import getRoles
from Acquisition import aq_base, aq_parent, aq_inner, aq_acquire
from ComputedAttribute import ComputedAttribute
@@ -52,11 +55,12 @@
AccessControl.Owned.Owned,
App.Undo.UndoSupport,
):
-
"""A common base class for simple, non-container objects."""
implements(IItem)
+ security = ClassSecurityInfo()
+
isPrincipiaFolderish=0
isTopLevelPrincipiaApplicationObject=0
@@ -75,7 +79,7 @@
# Direct use of the 'id' attribute is deprecated - use getId()
id=''
- getId__roles__=None
+ security.declarePublic('getId')
def getId(self):
"""Return the id of the object as a string.
@@ -350,7 +354,7 @@
res += '>'
return res
-Globals.default__class_init__(Item)
+InitializeClass(Item)
class Item_w__name__(Item):
@@ -414,11 +418,13 @@
implements(ISimpleItem)
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(View, ('Manager',))
+
manage_options=Item.manage_options+(
{'label':'Security',
'action':'manage_access',
'help':('OFSP', 'Security.stx')},
)
- __ac_permissions__=(('View', ()),)
-
+InitializeClass(SimpleItem)
Modified: Zope/trunk/lib/python/OFS/Traversable.py
===================================================================
--- Zope/trunk/lib/python/OFS/Traversable.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/Traversable.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,6 +17,8 @@
from urllib import quote
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
from AccessControl.ZopeGuards import guarded_getattr
@@ -34,7 +36,9 @@
implements(ITraversable)
- absolute_url__roles__=None # Public
+ security = ClassSecurityInfo()
+
+ security.declarePublic('absolute_url')
def absolute_url(self, relative=0):
"""Return the absolute URL of the object.
@@ -61,7 +65,7 @@
return path2url(spp[1:])
return toUrl(spp)
- absolute_url_path__roles__=None # Public
+ security.declarePublic('absolute_url_path')
def absolute_url_path(self):
"""Return the path portion of the absolute URL of the object.
@@ -75,7 +79,7 @@
return path2url(spp) or '/'
return toUrl(spp, relative=1) or '/'
- virtual_url_path__roles__=None # Public
+ security.declarePublic('virtual_url_path')
def virtual_url_path(self):
"""Return a URL for the object, relative to the site root.
@@ -90,10 +94,10 @@
return path2url(spp[1:])
return path2url(toVirt(spp))
- getPhysicalRoot__roles__=() # Private
+ security.declarePrivate('getPhysicalRoot')
getPhysicalRoot=Acquired
- getPhysicalPath__roles__=None # Public
+ security.declarePublic('getPhysicalPath')
def getPhysicalPath(self):
"""Get the physical path of the object.
@@ -110,7 +114,7 @@
return path
- unrestrictedTraverse__roles__=() # Private
+ security.declarePrivate('unrestrictedTraverse')
def unrestrictedTraverse(self, path, default=_marker, restricted=0):
"""Lookup an object by path.
@@ -232,10 +236,13 @@
else:
raise
- restrictedTraverse__roles__=None # Public
+ security.declarePublic('restrictedTraverse')
def restrictedTraverse(self, path, default=_marker):
# Trusted code traversal code, always enforces security
return self.unrestrictedTraverse(path, default, restricted=1)
+InitializeClass(Traversable)
+
+
def path2url(path):
return '/'.join(map(quote, path))
Modified: Zope/trunk/lib/python/OFS/ZDOM.py
===================================================================
--- Zope/trunk/lib/python/OFS/ZDOM.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/ZDOM.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,6 +16,9 @@
All standard Zope objects support DOM to a limited extent.
"""
import Acquisition
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import access_contents_information
# Node type codes
@@ -82,61 +85,65 @@
Node Interface
"""
- __ac_permissions__=(
- ('Access contents information',
- ('getNodeName', 'getNodeValue', 'getParentNode',
- 'getChildNodes', 'getFirstChild', 'getLastChild',
- 'getPreviousSibling', 'getNextSibling', 'getOwnerDocument',
- 'getAttributes', 'hasChildNodes'),
- ),
- )
+ security = ClassSecurityInfo()
# DOM attributes
# --------------
+ security.declareProtected(access_contents_information, 'getNodeName')
def getNodeName(self):
"""The name of this node, depending on its type"""
return None
+ security.declareProtected(access_contents_information, 'getNodeValue')
def getNodeValue(self):
"""The value of this node, depending on its type"""
return None
+ security.declareProtected(access_contents_information, 'getParentNode')
def getParentNode(self):
"""The parent of this node. All nodes except Document
DocumentFragment and Attr may have a parent"""
return None
+ security.declareProtected(access_contents_information, 'getChildNodes')
def getChildNodes(self):
"""Returns a NodeList that contains all children of this node.
If there are no children, this is a empty NodeList"""
return NodeList()
+ security.declareProtected(access_contents_information, 'getFirstChild')
def getFirstChild(self):
"""The first child of this node. If there is no such node
this returns None."""
return None
+ security.declareProtected(access_contents_information, 'getLastChild')
def getLastChild(self):
"""The last child of this node. If there is no such node
this returns None."""
return None
+ security.declareProtected(access_contents_information,
+ 'getPreviousSibling')
def getPreviousSibling(self):
"""The node immediately preceding this node. If
there is no such node, this returns None."""
return None
+ security.declareProtected(access_contents_information, 'getNextSibling')
def getNextSibling(self):
"""The node immediately preceding this node. If
there is no such node, this returns None."""
return None
+ security.declareProtected(access_contents_information, 'getAttributes')
def getAttributes(self):
"""Returns a NamedNodeMap containing the attributes
of this node (if it is an element) or None otherwise."""
return None
+ security.declareProtected(access_contents_information, 'getOwnerDocument')
def getOwnerDocument(self):
"""The Document object associated with this node.
When this is a document this is None"""
@@ -149,32 +156,33 @@
# DOM Methods
# -----------
+ security.declareProtected(access_contents_information, 'hasChildNodes')
def hasChildNodes(self):
"""Returns true if the node has any children, false
if it doesn't. """
return len(self.objectIds())
+InitializeClass(Node)
+
class Document(Acquisition.Explicit, Node):
"""
Document Interface
"""
- __ac_permissions__=(
- ('Access contents information',
- ('getImplementation', 'getDoctype', 'getDocumentElement'),
- ),
- )
+ security = ClassSecurityInfo()
# Document Methods
# ----------------
+ security.declareProtected(access_contents_information, 'getImplementation')
def getImplementation(self):
"""
The DOMImplementation object that handles this document.
"""
return DOMImplementation()
+ security.declareProtected(access_contents_information, 'getDoctype')
def getDoctype(self):
"""
The Document Type Declaration associated with this document.
@@ -183,6 +191,8 @@
"""
return None
+ security.declareProtected(access_contents_information,
+ 'getDocumentElement')
def getDocumentElement(self):
"""
This is a convenience attribute that allows direct access to
@@ -226,18 +236,17 @@
if it doesn't. """
return 1
+InitializeClass(Document)
+
class DOMImplementation:
"""
DOMImplementation Interface
"""
- __ac_permissions__=(
- ('Access contents information',
- ('hasFeature',),
- ),
- )
+ security = ClassSecurityInfo()
+ security.declareProtected(access_contents_information, 'hasFeature')
def hasFeature(self, feature, version = None):
"""
hasFeature - Test if the DOM implementation implements a specific
@@ -256,22 +265,20 @@
if version == '1.0': return 1
return 0
+InitializeClass(DOMImplementation)
+
class Element(Node):
"""
Element interface
"""
- __ac_permissions__=(
- ('Access contents information',
- ('getTagName', 'getAttribute', 'getAttributeNode',
- 'getElementsByTagName'),
- ),
- )
+ security = ClassSecurityInfo()
# Element Attributes
# ------------------
+ security.declareProtected(access_contents_information, 'getTagName')
def getTagName(self):
"""The name of the element"""
return self.__class__.__name__
@@ -344,15 +351,19 @@
# Element Methods
# ---------------
+ security.declareProtected(access_contents_information, 'getAttribute')
def getAttribute(self, name):
"""Retrieves an attribute value by name."""
return None
+ security.declareProtected(access_contents_information, 'getAttributeNode')
def getAttributeNode(self, name):
""" Retrieves an Attr node by name or None if
there is no such attribute. """
return None
+ security.declareProtected(access_contents_information,
+ 'getElementsByTagName')
def getElementsByTagName(self, tagname):
""" Returns a NodeList of all the Elements with a given tag
name in the order in which they would be encountered in a
@@ -370,7 +381,9 @@
nodeList = nodeList + n1._data
return NodeList(nodeList)
+InitializeClass(Element)
+
class ElementWithAttributes(Element):
"""
Elements that allow DOM access to Zope properties of type 'string'.
Modified: Zope/trunk/lib/python/OFS/misc_.py
===================================================================
--- Zope/trunk/lib/python/OFS/misc_.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/OFS/misc_.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -11,16 +11,22 @@
#
##############################################################################
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from App.ImageFile import ImageFile
class misc_:
"Miscellaneous product information"
- __roles__=None
+ security = ClassSecurityInfo()
+ security.declareObjectPublic()
+InitializeClass(misc_)
+
class p_:
"Shared system information"
- __roles__=None
+ security = ClassSecurityInfo()
+ security.declareObjectPublic()
broken=ImageFile('www/broken.gif', globals())
@@ -63,11 +69,13 @@
ProductHelp_icon=ImageFile('HelpSys/images/productHelp.gif')
HelpTopic_icon=ImageFile('HelpSys/images/helpTopic.gif')
+InitializeClass(p_)
+
class Misc_:
"Miscellaneous product information"
+ security = ClassSecurityInfo()
+ security.declareObjectPublic()
- __roles__=None
-
def __init__(self, name, dict):
self._d=dict
self.__name__=name
@@ -75,3 +83,5 @@
def __str__(self): return self.__name__
def __getitem__(self, name): return self._d[name]
def __setitem__(self, name, v): self._d[name]=v
+
+InitializeClass(Misc_)
Modified: Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py
===================================================================
--- Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/ExternalMethod/ExternalMethod.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -19,6 +19,11 @@
__version__='$Revision: 1.52 $'[11:-2]
from Globals import Persistent, DTMLFile, MessageDialog, HTML
import OFS.SimpleItem, Acquisition
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_external_methods
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import view as View
import AccessControl.Role, sys, os, stat, traceback
from OFS.SimpleItem import pretty_tb
from App.Extensions import getObject, getPath, FuncCode
@@ -81,6 +86,9 @@
meta_type = 'External Method'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(View)
+
func_defaults = ComputedAttribute(lambda self: self.getFuncDefaults())
func_code = ComputedAttribute(lambda self: self.getFuncCode())
@@ -100,17 +108,14 @@
+AccessControl.Role.RoleManager.manage_options
)
- __ac_permissions__=(
- ('View management screens', ('manage_main',)),
- ('Change External Methods', ('manage_edit',)),
- ('View', ('__call__','')),
- )
-
def __init__(self, id, title, module, function):
self.id=id
self.manage_edit(title, module, function)
+ security.declareProtected(view_management_screens, 'manage_main')
manage_main=DTMLFile('dtml/methodEdit', globals())
+
+ security.declareProtected(change_external_methods, 'manage_edit')
def manage_edit(self, title, module, function, REQUEST=None):
"""Change the external method
@@ -182,6 +187,7 @@
self._v_f = self.getFunction()
return self._v_func_code
+ security.declareProtected(View, '__call__')
def __call__(self, *args, **kw):
"""Call an ExternalMethod
@@ -243,3 +249,5 @@
self._v_filepath=getPath('Extensions', self._module,
suffixes=('','py','pyc','pyp'))
return self._v_filepath
+
+InitializeClass(ExternalMethod)
Modified: Zope/trunk/lib/python/Products/OFSP/Draft.py
===================================================================
--- Zope/trunk/lib/python/Products/OFSP/Draft.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/OFSP/Draft.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -12,6 +12,8 @@
##############################################################################
import Globals, AccessControl.User
from Globals import Persistent
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from Acquisition import Implicit
from OFS import SimpleItem
@@ -27,12 +29,7 @@
_version='/version'
meta_type='Zope Draft'
- __ac_permissions__=(
- ('Approve draft changes',
- ('manage_approve__draft__',
- 'manage_Save__draft__','manage_Discard__draft__')
- ),
- )
+ security = ClassSecurityInfo()
def __init__(self, id, baseid, PATH_INFO):
self.id=id
@@ -102,8 +99,12 @@
# ZODB 3
return not db.versionEmpty(self._version)
+ security.declareProtected('Approve draft changes',
+ 'manage_approve__draft__')
manage_approve__draft__=Globals.HTMLFile('dtml/draftApprove', globals())
+ security.declareProtected('Approve draft changes',
+ 'manage_Save__draft__')
def manage_Save__draft__(self, remark, REQUEST=None):
"""Make version changes permanent"""
try: db=self._p_jar.db()
@@ -120,6 +121,8 @@
if REQUEST:
REQUEST['RESPONSE'].redirect(REQUEST['URL2']+'/manage_main')
+ security.declareProtected('Approve draft changes',
+ 'manage_Discard__draft__')
def manage_Discard__draft__(self, REQUEST=None):
'Discard changes made during the version'
try: db=self._p_jar.db()
@@ -146,8 +149,9 @@
'Attempt to %sdelete a non-empty version.<p>'
((self is not item) and 'indirectly ' or ''))
-Globals.default__class_init__(Draft)
+InitializeClass(Draft)
+
def getdraft(ob, jar):
if hasattr(ob,'aq_parent'):
Modified: Zope/trunk/lib/python/Products/OFSP/Version.py
===================================================================
--- Zope/trunk/lib/python/Products/OFSP/Version.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/OFSP/Version.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,6 +18,12 @@
from AccessControl.Role import RoleManager
from Globals import MessageDialog
from Globals import Persistent
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_versions
+from AccessControl.Permissions import join_leave_versions
+from AccessControl.Permissions import save_discard_version_changes
+from AccessControl.Permissions import view_management_screens
from Acquisition import Implicit
from OFS.SimpleItem import Item
from Globals import HTML
@@ -44,6 +50,9 @@
""" """
meta_type='Version'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(view_management_screens)
+
manage_options=(
(
{'label':'Join/Leave', 'action':'manage_main',
@@ -57,14 +66,7 @@
+Item.manage_options
)
- __ac_permissions__=(
- ('View management screens', ('manage','manage_editForm', '')),
- ('Change Versions', ('manage_edit',)),
- ('Join/leave Versions',
- ('manage_main', 'enter','leave','leave_another')),
- ('Save/discard Version changes',
- ('manage_end', 'save','discard')),
- )
+ security.declareProtected(view_management_screens, 'manage')
cookie=''
@@ -74,8 +76,13 @@
self.id=id
self.title=title
+ security.declareProtected(join_leave_versions, 'manage_main')
manage_main=Globals.DTMLFile('dtml/version', globals())
+
+ security.declareProtected(save_discard_version_changes, 'manage_end')
manage_end=Globals.DTMLFile('dtml/versionEnd', globals())
+
+ security.declareProtected(view_management_screens, 'manage_editForm')
manage_editForm =Globals.DTMLFile('dtml/versionEdit', globals())
def title_and_id(self):
@@ -98,6 +105,7 @@
'alt': 'Deprecated object',
'title': 'Version objects are deprecated and should not be used anyore.'},)
+ security.declareProtected(change_versions, 'manage_edit')
def manage_edit(self, title, REQUEST=None):
""" """
self.title=title
@@ -106,6 +114,7 @@
message='Your changes have been saved',
action ='manage_main')
+ security.declareProtected(join_leave_versions, 'enter')
def enter(self, REQUEST, RESPONSE):
"""Begin working in a version"""
RESPONSE.setCookie(
@@ -123,6 +132,7 @@
)
return RESPONSE.redirect(REQUEST['URL1']+'/manage_main')
+ security.declareProtected(join_leave_versions, 'leave')
def leave(self, REQUEST, RESPONSE):
"""Temporarily stop working in a version"""
RESPONSE.setCookie(
@@ -141,10 +151,12 @@
)
return RESPONSE.redirect(REQUEST['URL1']+'/manage_main')
+ security.declareProtected(join_leave_versions, 'leave_another')
def leave_another(self, REQUEST, RESPONSE):
"""Leave a version that may not be the current version"""
return self.leave(REQUEST, RESPONSE)
+ security.declareProtected(save_discard_version_changes, 'save')
def save(self, remark, REQUEST=None):
"""Make version changes permanent"""
try: db=self._p_jar.db()
@@ -162,6 +174,7 @@
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(REQUEST['URL1']+'/manage_main')
+ security.declareProtected(save_discard_version_changes, 'discard')
def discard(self, remark='', REQUEST=None):
'Discard changes made during the version'
try: db=self._p_jar.db()
@@ -219,3 +232,5 @@
'version, because the version would no longer\n'
'be accessable.<p>\n'
% (v,v,v))
+
+InitializeClass(Version)
Modified: Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py
===================================================================
--- Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/PluginIndexes/TextIndex/Vocabulary.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -16,7 +16,11 @@
"""
from Globals import DTMLFile, MessageDialog
-import Globals, AccessControl.Role
+import AccessControl.Role
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import manage_vocabulary
+from AccessControl.Permissions import query_vocabulary
from Acquisition import Implicit
from Persistence import Persistent
from OFS.SimpleItem import Item
@@ -52,6 +56,10 @@
implements(IVocabulary)
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(manage_vocabulary, ('Manager',))
+ security.setPermissionDefault(query_vocabulary, ('Anonymous', 'Manager',))
+
meta_type = "Vocabulary"
_isAVocabulary = 1
@@ -66,18 +74,10 @@
+AccessControl.Role.RoleManager.manage_options
)
- __ac_permissions__=(
+ security.declareProtected(manage_vocabulary, 'manage_main')
+ manage_main = DTMLFile('dtml/manage_vocab', globals())
- ('Manage Vocabulary',
- ['manage_main', 'manage_query'],
- ['Manager']),
-
- ('Query Vocabulary',
- ['query',],
- ['Anonymous', 'Manager']),
- )
-
- manage_main = DTMLFile('dtml/manage_vocab', globals())
+ security.declareProtected(manage_vocabulary, 'manage_query')
manage_query = DTMLFile('dtml/vocab_query', globals())
def __init__(self, id, title='', globbing=None,splitter=None,extra=None):
@@ -106,6 +106,7 @@
def getLexicon(self):
return self.lexicon
+ security.declareProtected(query_vocabulary, 'query')
def query(self, pattern):
""" """
result = []
@@ -132,3 +133,5 @@
def words(self):
return self.lexicon._lexicon.items()
+
+InitializeClass(Vocabulary)
Modified: Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py
===================================================================
--- Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/SiteAccess/VirtualHostMonster.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -4,6 +4,9 @@
"""
from Globals import DTMLFile, MessageDialog, Persistent
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view as View
from OFS.SimpleItem import Item
from Acquisition import Implicit, aq_inner, aq_parent
from ZPublisher import BeforeTraverse
@@ -24,15 +27,19 @@
lines = ()
have_map = 0
- __ac_permissions__=(('View', ('manage_main',)),('Add Site Roots', ('manage_edit', 'set_map')))
+ security = ClassSecurityInfo()
manage_options=({'label':'About', 'action':'manage_main'},
{'label':'Mappings', 'action':'manage_edit'})
+ security.declareProtected(View, 'manage_main')
manage_main = DTMLFile('www/VirtualHostMonster', globals(),
__name__='manage_main')
+
+ security.declareProtected('Add Site Roots', 'manage_edit')
manage_edit = DTMLFile('www/manage_edit', globals())
+ security.declareProtected('Add Site Roots', 'set_map')
def set_map(self, map_text, RESPONSE=None):
"Set domain to path mappings."
lines = map_text.split('\n')
@@ -238,6 +245,9 @@
request.setVirtualRoot([])
return parents.pop() # He'll get put back on
+InitializeClass(VirtualHostMonster)
+
+
def manage_addVirtualHostMonster(self, id, REQUEST=None, **ignored):
""" """
vhm = VirtualHostMonster()
Modified: Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py
===================================================================
--- Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/StandardCacheManagers/AcceleratedHTTPCacheManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -21,8 +21,10 @@
from OFS.Cache import Cache, CacheManager
from OFS.SimpleItem import SimpleItem
import time
-import Globals
+from Globals import InitializeClass
from Globals import DTMLFile
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
import urlparse, httplib
from cgi import escape
from urllib import quote
@@ -108,14 +110,8 @@
class AcceleratedHTTPCacheManager (CacheManager, SimpleItem):
' '
- __ac_permissions__ = (
- ('View management screens', ('getSettings',
- 'manage_main',
- 'manage_stats',
- 'getCacheReport',
- 'sort_link')),
- ('Change cache managers', ('manage_editProps',), ('Manager',)),
- )
+ security = ClassSecurityInfo()
+ security.setPermissionDefault('Change cache managers', ('Manager',))
manage_options = (
{'label':'Properties', 'action':'manage_main',
@@ -138,7 +134,7 @@
' '
return self.id
- ZCacheManager_getCache__roles__ = ()
+ security.declarePrivate('ZCacheManager_getCache')
def ZCacheManager_getCache(self):
cacheid = self.__cacheid
try:
@@ -149,12 +145,15 @@
caches[cacheid] = cache
return cache
+ security.declareProtected(view_management_screens, 'getSettings')
def getSettings(self):
' '
return self._settings.copy() # Don't let DTML modify it.
+ security.declareProtected(view_management_screens, 'manage_main')
manage_main = DTMLFile('dtml/propsAccel', globals())
+ security.declareProtected('Change cache managers', 'manage_editProps')
def manage_editProps(self, title, settings=None, REQUEST=None):
' '
if settings is None:
@@ -170,6 +169,7 @@
return self.manage_main(
self, REQUEST, manage_tabs_message='Properties changed.')
+ security.declareProtected(view_management_screens, 'manage_stats')
manage_stats = DTMLFile('dtml/statsAccel', globals())
def _getSortInfo(self):
@@ -182,6 +182,7 @@
sort_reverse = int(req.get('sort_reverse', 1))
return sort_by, sort_reverse
+ security.declareProtected(view_management_screens, 'getCacheReport')
def getCacheReport(self):
"""
Returns the list of objects in the cache, sorted according to
@@ -201,6 +202,7 @@
rval.reverse()
return rval
+ security.declareProtected(view_management_screens, 'sort_link')
def sort_link(self, name, id):
"""
Utility for generating a sort link.
@@ -215,7 +217,7 @@
return '<a href="%s">%s</a>' % (escape(url, 1), escape(name))
-Globals.default__class_init__(AcceleratedHTTPCacheManager)
+InitializeClass(AcceleratedHTTPCacheManager)
manage_addAcceleratedHTTPCacheManagerForm = DTMLFile('dtml/addAccel',
Modified: Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py
===================================================================
--- Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/StandardCacheManagers/RAMCacheManager.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -23,8 +23,10 @@
from thread import allocate_lock
from cgi import escape
import time
-import Globals
+from Globals import InitializeClass
from Globals import DTMLFile
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
try: from cPickle import Pickler, HIGHEST_PROTOCOL
except: from pickle import Pickler, HIGHEST_PROTOCOL
@@ -347,14 +349,8 @@
caching.
"""
- __ac_permissions__ = (
- ('View management screens', ('getSettings',
- 'manage_main',
- 'manage_stats',
- 'getCacheReport',
- 'sort_link',)),
- ('Change cache managers', ('manage_editProps','manage_invalidate'), ('Manager',)),
- )
+ security = ClassSecurityInfo()
+ security.setPermissionDefault('Change cache managers', ('Manager',))
manage_options = (
{'label':'Properties', 'action':'manage_main',
@@ -391,6 +387,7 @@
caches[cacheid] = cache
return cache
+ security.declareProtected(view_management_screens, 'getSettings')
def getSettings(self):
'Returns the current cache settings.'
res = self._settings.copy()
@@ -398,8 +395,10 @@
res['max_age'] = 0
return res
+ security.declareProtected(view_management_screens, 'manage_main')
manage_main = DTMLFile('dtml/propsRCM', globals())
+ security.declareProtected('Change cache managers', 'manage_editProps')
def manage_editProps(self, title, settings=None, REQUEST=None):
'Changes the cache settings.'
if settings is None:
@@ -419,6 +418,7 @@
return self.manage_main(
self, REQUEST, manage_tabs_message='Properties changed.')
+ security.declareProtected(view_management_screens, 'manage_stats')
manage_stats = DTMLFile('dtml/statsRCM', globals())
def _getSortInfo(self):
@@ -431,6 +431,7 @@
sort_reverse = int(req.get('sort_reverse', 1))
return sort_by, sort_reverse
+ security.declareProtected(view_management_screens, 'getCacheReport')
def getCacheReport(self):
"""
Returns the list of objects in the cache, sorted according to
@@ -446,6 +447,7 @@
rval.reverse()
return rval
+ security.declareProtected(view_management_screens, 'sort_link')
def sort_link(self, name, id):
"""
Utility for generating a sort link.
@@ -458,6 +460,7 @@
url = url + '&sort_reverse=' + (newsr and '1' or '0')
return '<a href="%s">%s</a>' % (escape(url, 1), escape(name))
+ security.declareProtected('Change cache managers', 'manage_invalidate')
def manage_invalidate(self, paths, REQUEST=None):
""" ZMI helper to invalidate an entry """
for path in paths:
@@ -472,7 +475,7 @@
msg = 'Cache entries invalidated'
return self.manage_stats(manage_tabs_message=msg)
-Globals.default__class_init__(RAMCacheManager)
+InitializeClass(RAMCacheManager)
class _ByteCounter:
Modified: Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py
===================================================================
--- Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/ZCatalog/ZCatalog.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -19,7 +19,7 @@
import urllib, time, sys, string, logging
from Globals import DTMLFile, MessageDialog
-import Globals
+from Globals import InitializeClass
from OFS.Folder import Folder
from OFS.ObjectManager import ObjectManager
from DateTime import DateTime
@@ -27,6 +27,7 @@
from Persistence import Persistent
from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
from DocumentTemplate.DT_Util import Eval
+from AccessControl import ClassSecurityInfo
from AccessControl.Permission import name_trans
from AccessControl.DTML import RestrictedDTML
from AccessControl.Permissions import \
@@ -86,6 +87,11 @@
__implements__ = z2IZCatalog
implements(z3IZCatalog)
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(manage_zcatalog_entries, ('Manager',))
+ security.setPermissionDefault(manage_zcatalog_indexes, ('Manager',))
+ security.setPermissionDefault(search_zcatalog, ('Anonymous', 'Manager'))
+
meta_type = "ZCatalog"
icon='misc_/ZCatalog/ZCatalog.gif'
@@ -122,46 +128,30 @@
'help': ('OFSP','Ownership.stx'),}
)
- __ac_permissions__=(
+ security.declareProtected(manage_zcatalog_entries, 'manage_main')
- (manage_zcatalog_entries,
- ['manage_catalogObject', 'manage_uncatalogObject',
- 'catalog_object', 'uncatalog_object', 'refreshCatalog',
+ security.declareProtected(search_zcatalog, 'all_meta_types')
- 'manage_catalogView', 'manage_catalogFind',
- 'manage_catalogSchema', 'manage_catalogIndexes',
- 'manage_catalogAdvanced', 'manage_objectInformation',
+ manage_catalogAddRowForm = DTMLFile('dtml/catalogAddRowForm', globals())
- 'manage_catalogReindex', 'manage_catalogFoundItems',
- 'manage_catalogClear', 'manage_addColumn', 'manage_delColumn',
- 'manage_addIndex', 'manage_delIndex', 'manage_clearIndex',
- 'manage_reindexIndex', 'manage_main', 'availableSplitters',
- 'manage_setProgress',
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogView')
+ manage_catalogView = DTMLFile('dtml/catalogView',globals())
- # these two are deprecated:
- 'manage_delColumns', 'manage_deleteIndex'
- ],
- ['Manager']),
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogFind')
+ manage_catalogFind = DTMLFile('dtml/catalogFind',globals())
- (search_zcatalog,
- ['searchResults', '__call__', 'uniqueValuesFor',
- 'getpath', 'schema', 'indexes', 'index_objects',
- 'all_meta_types', 'valid_roles', 'resolve_url',
- 'getobject', 'search'],
- ['Anonymous', 'Manager']),
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogSchema')
+ manage_catalogSchema = DTMLFile('dtml/catalogSchema', globals())
- (manage_zcatalog_indexes,
- ['getIndexObjects'],
- ['Manager']),
- )
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogIndexes')
+ manage_catalogIndexes = DTMLFile('dtml/catalogIndexes', globals())
+ security.declareProtected(manage_zcatalog_entries,
+ 'manage_catalogAdvanced')
+ manage_catalogAdvanced = DTMLFile('dtml/catalogAdvanced', globals())
- manage_catalogAddRowForm = DTMLFile('dtml/catalogAddRowForm', globals())
- manage_catalogView = DTMLFile('dtml/catalogView',globals())
- manage_catalogFind = DTMLFile('dtml/catalogFind',globals())
- manage_catalogSchema = DTMLFile('dtml/catalogSchema', globals())
- manage_catalogIndexes = DTMLFile('dtml/catalogIndexes', globals())
- manage_catalogAdvanced = DTMLFile('dtml/catalogAdvanced', globals())
+ security.declareProtected(manage_zcatalog_entries,
+ 'manage_objectInformation')
manage_objectInformation = DTMLFile('dtml/catalogObjectInformation',
globals())
@@ -224,6 +214,7 @@
URL1 +
'/manage_catalogAdvanced?manage_tabs_message=Catalog%20Changed')
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogObject')
def manage_catalogObject(self, REQUEST, RESPONSE, URL1, urls=None):
""" index Zope object(s) that 'urls' point to """
if urls:
@@ -242,6 +233,8 @@
'/manage_catalogView?manage_tabs_message=Object%20Cataloged')
+ security.declareProtected(manage_zcatalog_entries,
+ 'manage_uncatalogObject')
def manage_uncatalogObject(self, REQUEST, RESPONSE, URL1, urls=None):
""" removes Zope object(s) 'urls' from catalog """
@@ -257,6 +250,7 @@
'/manage_catalogView?manage_tabs_message=Object%20Uncataloged')
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogReindex')
def manage_catalogReindex(self, REQUEST, RESPONSE, URL1):
""" clear the catalog, then re-index everything """
@@ -278,6 +272,7 @@
'Total CPU time: %s' % (`elapse`, `c_elapse`)))
+ security.declareProtected(manage_zcatalog_entries, 'refreshCatalog')
def refreshCatalog(self, clear=0, pghandler=None):
""" re-index everything we can find """
@@ -309,6 +304,7 @@
if pghandler: pghandler.finish()
+ security.declareProtected(manage_zcatalog_entries, 'manage_catalogClear')
def manage_catalogClear(self, REQUEST=None, RESPONSE=None, URL1=None):
""" clears the whole enchilada """
self._catalog.clear()
@@ -319,6 +315,8 @@
'/manage_catalogAdvanced?manage_tabs_message=Catalog%20Cleared')
+ security.declareProtected(manage_zcatalog_entries,
+ 'manage_catalogFoundItems')
def manage_catalogFoundItems(self, REQUEST, RESPONSE, URL2, URL1,
obj_metatypes=None,
obj_ids=None, obj_searchterm=None,
@@ -364,6 +362,7 @@
)
+ security.declareProtected(manage_zcatalog_entries, 'manage_addColumn')
def manage_addColumn(self, name, REQUEST=None, RESPONSE=None, URL1=None):
""" add a column """
self.addColumn(name)
@@ -374,6 +373,7 @@
'/manage_catalogSchema?manage_tabs_message=Column%20Added')
+ security.declareProtected(manage_zcatalog_entries, 'manage_delColumns')
def manage_delColumns(self, names, REQUEST=None, RESPONSE=None, URL1=None):
""" Deprecated method. Use manage_delColumn instead. """
# log a deprecation warning
@@ -392,6 +392,7 @@
URL1=URL1)
+ security.declareProtected(manage_zcatalog_entries, 'manage_delColumn')
def manage_delColumn(self, names, REQUEST=None, RESPONSE=None, URL1=None):
""" delete a column or some columns """
if isinstance(names, str):
@@ -406,6 +407,7 @@
'/manage_catalogSchema?manage_tabs_message=Column%20Deleted')
+ security.declareProtected(manage_zcatalog_entries, 'manage_addIndex')
def manage_addIndex(self, name, type, extra=None,
REQUEST=None, RESPONSE=None, URL1=None):
"""add an index """
@@ -417,6 +419,7 @@
'/manage_catalogIndexes?manage_tabs_message=Index%20Added')
+ security.declareProtected(manage_zcatalog_entries, 'manage_deleteIndex')
def manage_deleteIndex(self, ids=None, REQUEST=None, RESPONSE=None,
URL1=None):
""" Deprecated method. Use manage_delIndex instead. """
@@ -436,6 +439,7 @@
URL1=URL1)
+ security.declareProtected(manage_zcatalog_entries, 'manage_delIndex')
def manage_delIndex(self, ids=None, REQUEST=None, RESPONSE=None,
URL1=None):
""" delete an index or some indexes """
@@ -456,6 +460,7 @@
'/manage_catalogIndexes?manage_tabs_message=Index%20Deleted')
+ security.declareProtected(manage_zcatalog_entries, 'manage_clearIndex')
def manage_clearIndex(self, ids=None, REQUEST=None, RESPONSE=None,
URL1=None):
""" clear an index or some indexes """
@@ -524,6 +529,7 @@
if pghandler:
pghandler.finish()
+ security.declareProtected(manage_zcatalog_entries, 'manage_reindexIndex')
def manage_reindexIndex(self, ids=None, REQUEST=None, RESPONSE=None,
URL1=None):
"""Reindex indexe(s) from a ZCatalog"""
@@ -543,11 +549,13 @@
'?manage_tabs_message=Reindexing%20Performed')
+ security.declareProtected(manage_zcatalog_entries, 'availableSplitters')
def availableSplitters(self):
""" splitter we can add """
return Splitter.availableSplitters
+ security.declareProtected(manage_zcatalog_entries, 'catalog_object')
def catalog_object(self, obj, uid=None, idxs=None, update_metadata=1, pghandler=None):
""" wrapper around catalog """
@@ -593,14 +601,17 @@
if pghandler:
pghandler.info('commiting subtransaction')
+ security.declareProtected(manage_zcatalog_entries, 'uncatalog_object')
def uncatalog_object(self, uid):
"""Wrapper around catalog """
self._catalog.uncatalogObject(uid)
+ security.declareProtected(search_zcatalog, 'uniqueValuesFor')
def uniqueValuesFor(self, name):
"""Return the unique values for a given FieldIndex """
return self._catalog.uniqueValuesFor(name)
+ security.declareProtected(search_zcatalog, 'getpath')
def getpath(self, rid):
"""Return the path to a cataloged object given a 'data_record_id_'
"""
@@ -611,6 +622,7 @@
"""
return self._catalog.uids.get(path, default)
+ security.declareProtected(search_zcatalog, 'getobject')
def getobject(self, rid, REQUEST=None):
"""Return a cataloged object given a 'data_record_id_'
"""
@@ -639,17 +651,21 @@
"""return the current index contents for the specific rid"""
return self._catalog.getIndexDataForRID(rid)
+ security.declareProtected(search_zcatalog, 'schema')
def schema(self):
return self._catalog.schema.keys()
+ security.declareProtected(search_zcatalog, 'indexes')
def indexes(self):
return self._catalog.indexes.keys()
+ security.declareProtected(search_zcatalog, 'index_objects')
def index_objects(self):
# This method returns unwrapped indexes!
# You should probably use getIndexObjects instead
return self._catalog.indexes.values()
+ security.declareProtected(manage_zcatalog_indexes, 'getIndexObjects')
def getIndexObjects(self):
# Return a list of wrapped(!) indexes
getIndex = self._catalog.getIndex
@@ -677,6 +693,7 @@
'width': 8})
return r
+ security.declareProtected(search_zcatalog, 'searchResults')
def searchResults(self, REQUEST=None, used=None, **kw):
"""Search the catalog
@@ -688,8 +705,10 @@
return self._catalog.searchResults(REQUEST, used, **kw)
+ security.declareProtected(search_zcatalog, '__call__')
__call__=searchResults
+ security.declareProtected(search_zcatalog, 'search')
def search(
self, query_request, sort_index=None, reverse=0, limit=None, merge=1):
"""Programmatic search interface, use for searching the catalog from
@@ -720,6 +739,7 @@
# except AttributeError: pass
# return self.meta_types+Products.meta_types+pmt
+ security.declareProtected(search_zcatalog, 'valid_roles')
def valid_roles(self):
"Return list of valid roles"
obj=self
@@ -838,6 +858,7 @@
return result
+ security.declareProtected(search_zcatalog, 'resolve_url')
def resolve_url(self, path, REQUEST):
"""
Attempt to resolve a url into an object in the Zope
@@ -902,6 +923,7 @@
'%s unchanged.' % (len(fixed), len(removed), unchanged),
action='./manage_main')
+ security.declareProtected(manage_zcatalog_entries, 'manage_setProgress')
def manage_setProgress(self, pgthreshold=0, RESPONSE=None, URL1=None):
"""Set parameter to perform logging of reindexing operations very
'pgthreshold' objects
@@ -1026,7 +1048,7 @@
return self._catalog.delColumn(name)
-Globals.default__class_init__(ZCatalog)
+InitializeClass(ZCatalog)
def p_name(name):
Modified: Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py
===================================================================
--- Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Products/ZSQLMethods/SQL.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,6 +18,9 @@
import Shared.DC.ZRDB.DA
from Globals import DTMLFile
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import change_database_methods
from webdav.WriteLockInterface import WriteLockInterface
def SQLConnectionIDs(self):
@@ -120,12 +123,11 @@
__implements__ = (WriteLockInterface,)
meta_type='Z SQL Method'
+ security = ClassSecurityInfo()
+
+ security.declareProtected(change_database_methods, 'manage')
+ security.declareProtected(change_database_methods, 'manage_main')
manage=manage_main=DTMLFile('dtml/edit', globals())
manage_main._setName('manage_main')
- __ac_permissions__=(
- ('Change Database Methods', ('manage', 'manage_main')),
- )
-
-import Globals
-Globals.InitializeClass(SQL)
+InitializeClass(SQL)
Modified: Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/Scripts/Bindings.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -13,8 +13,10 @@
__version__='$Revision$'[11:-2]
-import Globals
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager
+from AccessControl.Permissions import view_management_screens
from AccessControl.PermissionRole import _what_not_even_god_should_do
from AccessControl.ZopeGuards import guarded_getattr
from Persistence import Persistent
@@ -190,18 +192,17 @@
class Bindings:
- __ac_permissions__ = (
- ('View management screens', ('getBindingAssignments',)),
- ('Change bindings', ('ZBindings_edit', 'ZBindings_setClient')),
- )
+ security = ClassSecurityInfo()
_Bindings_client = None
+ security.declareProtected('Change bindings', 'ZBindings_edit')
def ZBindings_edit(self, mapping):
names = self._setupBindings(mapping)
self._prepareBindCode()
self._editedBindings()
+ security.declareProtected('Change bindings', 'ZBindings_setClient')
def ZBindings_setClient(self, clientname):
'''Name the binding to be used as the "client".
@@ -217,6 +218,7 @@
self._bind_names = names = NameAssignments(names)
return names
+ security.declareProtected(view_management_screens, 'getBindingAssignments')
def getBindingAssignments(self):
if not hasattr(self, '_bind_names'):
self._setupBindings()
@@ -348,3 +350,5 @@
return self._exec(bound_data, args, kw)
finally:
security.removeContext(self)
+
+InitializeClass(Bindings)
Modified: Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/Scripts/BindingsUI.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -14,23 +14,26 @@
__version__='$Revision$'[11:-2]
import Globals
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
from Bindings import Bindings
class BindingsUI(Bindings):
+ security = ClassSecurityInfo()
+
manage_options = (
{'label':'Bindings',
'action':'ZBindingsHTML_editForm',
'help':('PythonScripts', 'Bindings.stx')},
)
- __ac_permissions__ = (
- ('View management screens', ('ZBindingsHTML_editForm',)),
- ('Change bindings', ('ZBindingsHTML_editAction',)),
- )
-
+ security.declareProtected(view_management_screens,
+ 'ZBindingsHTML_editForm')
ZBindingsHTML_editForm = Globals.DTMLFile('dtml/scriptBindings', globals())
+ security.declareProtected('Change bindings', 'ZBindingsHTML_editAction')
def ZBindingsHTML_editAction(self, REQUEST):
'''Changes binding names.
'''
@@ -38,4 +41,4 @@
message = "Bindings changed."
return self.manage_main(self, REQUEST, manage_tabs_message=message)
-Globals.default__class_init__(BindingsUI)
+InitializeClass(BindingsUI)
Modified: Zope/trunk/lib/python/Shared/DC/Scripts/Script.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/Scripts/Script.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/Scripts/Script.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,7 +18,10 @@
__version__='$Revision$'[11:-2]
+from Globals import InitializeClass
from Globals import DTMLFile
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
from OFS.SimpleItem import SimpleItem
from string import join
from urllib import quote
@@ -34,17 +37,17 @@
"""Web-callable script mixin
"""
+ security = ClassSecurityInfo()
+
index_html = None
func_defaults=()
func_code=None
_Bindings_ns_class = TemplateDict
- __ac_permissions__ = (
- ('View management screens', ('ZScriptHTML_tryForm',)),
- )
+ security.declareProtected(view_management_screens, 'ZScriptHTML_tryForm')
+ ZScriptHTML_tryForm = DTMLFile('dtml/scriptTry', globals())
- ZScriptHTML_tryForm = DTMLFile('dtml/scriptTry', globals())
def ZScriptHTML_tryAction(self, REQUEST, argvars):
"""Apply the test parameters.
"""
@@ -55,3 +58,5 @@
raise Redirect, "%s?%s" % (REQUEST['URL1'], join(vv, '&'))
from Signature import _setFuncSignature
+
+InitializeClass(Script)
Modified: Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/ZRDB/Connection.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -19,6 +19,12 @@
from DateTime import DateTime
from App.Dialogs import MessageDialog
from Globals import DTMLFile
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view_management_screens
+from AccessControl.Permissions import change_database_connections
+from AccessControl.Permissions import test_database_connections
+from AccessControl.Permissions import open_close_database_connection
from string import find, join, split
from Aqueduct import custom_default_report
from cStringIO import StringIO
@@ -36,6 +42,8 @@
Acquisition.Implicit,
):
+ security = ClassSecurityInfo()
+
# Specify definitions for tabs:
manage_options=(
(
@@ -47,15 +55,6 @@
+OFS.SimpleItem.Item.manage_options
)
- # Specify how individual operations add up to "permissions":
- __ac_permissions__=(
- ('View management screens', ('manage_main',)),
- ('Change Database Connections', ('manage_edit',)),
- ('Test Database Connections', ('manage_testForm','manage_test')),
- ('Open/Close Database Connection',
- ('manage_open_connection', 'manage_close_connection')),
- )
-
_v_connected=''
connection_string=''
@@ -97,6 +96,8 @@
if check: self.connect(connection_string)
manage_properties=DTMLFile('dtml/connectionEdit', globals())
+
+ security.declareProtected(change_database_connections, 'manage_edit')
def manage_edit(self, title, connection_string, check=None, REQUEST=None):
"""Change connection
"""
@@ -108,7 +109,10 @@
action ='./manage_main',
)
+ security.declareProtected(test_database_connections, 'manage_testForm')
manage_testForm=DTMLFile('dtml/connectionTestForm', globals())
+
+ security.declareProtected(test_database_connections, 'manage_test')
def manage_test(self, query, REQUEST=None):
"Executes the SQL in parameter 'query' and returns results"
dbc=self() #get our connection
@@ -142,8 +146,11 @@
return report
+ security.declareProtected(view_management_screens, 'manage_main')
manage_main=DTMLFile('dtml/connectionStatus', globals())
+ security.declareProtected(open_close_database_connection,
+ 'manage_close_connection')
def manage_close_connection(self, REQUEST=None):
" "
try:
@@ -158,6 +165,8 @@
if REQUEST is not None:
return self.manage_main(self, REQUEST)
+ security.declareProtected(open_close_database_connection,
+ 'manage_open_connection')
def manage_open_connection(self, REQUEST=None):
" "
self.connect(self.connection_string)
@@ -193,3 +202,5 @@
def sql_quote__(self, v):
if find(v,"\'") >= 0: v=join(split(v,"\'"),"''")
return "'%s'" % v
+
+InitializeClass(Connection)
Modified: Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py
===================================================================
--- Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Shared/DC/ZRDB/DA.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -34,7 +34,12 @@
from cPickle import dumps, loads
from Results import Results
from App.Extensions import getBrain
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl import getSecurityManager
+from AccessControl.Permissions import change_database_methods
+from AccessControl.Permissions import use_database_methods
+from AccessControl.Permissions import view_management_screens
from AccessControl.DTML import RestrictedDTML
from webdav.Resource import Resource
from webdav.Lockable import ResourceLockedError
@@ -73,6 +78,11 @@
):
'Database Adapter'
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(use_database_methods)
+ security.setPermissionDefault(use_database_methods,
+ ('Anonymous', 'Manager'))
+
_col=None
max_rows_=1000
cache_time_=0
@@ -96,27 +106,14 @@
+OFS.SimpleItem.Item.manage_options
)
- # Specify how individual operations add up to "permissions":
- __ac_permissions__=(
- ('View management screens',
- (
- 'index_html',
- 'manage_advancedForm', 'PrincipiaSearchSource', 'document_src'
- )),
- ('Change Database Methods',
- ('manage_edit','manage_advanced', 'manage_testForm','manage_test',
- 'manage_product_zclass_info', 'PUT')),
- ('Use Database Methods', ('__call__',''), ('Anonymous','Manager')),
- )
-
-
def __init__(self, id, title, connection_id, arguments, template):
self.id=str(id)
self.manage_edit(title, connection_id, arguments, template)
+ security.declareProtected(view_management_screens, 'manage_advancedForm')
manage_advancedForm=DTMLFile('dtml/advanced', globals())
- test_url___roles__=None
+ security.declarePublic('test_url')
def test_url_(self):
'Method for testing server connection information'
return 'PING'
@@ -148,6 +145,7 @@
arguments_src=arguments,
connection_id=connection_id, src=template)
+ security.declareProtected(change_database_methods, 'manage_edit')
def manage_edit(self,title,connection_id,arguments,template,
SUBMIT='Change', dtpref_cols='100%', dtpref_rows='20',
REQUEST=None):
@@ -189,6 +187,7 @@
return ''
+ security.declareProtected(change_database_methods, 'manage_advanced')
def manage_advanced(self, max_rows, max_cache, cache_time,
class_name, class_file, direct=None,
REQUEST=None, zclass='', connection_hook=None):
@@ -256,6 +255,7 @@
# """Return content for use by the Find machinery."""
# return '%s\n%s' % (self.arguments_src, self.src)
+ security.declareProtected(view_management_screens, 'PrincipiaSearchSource')
def PrincipiaSearchSource(self):
"""Return content for use by the Find machinery."""
return '%s\n%s' % (self.arguments_src, self.src)
@@ -265,6 +265,7 @@
default_content_type = 'text/plain'
+ security.declareProtected(view_management_screens, 'document_src')
def document_src(self, REQUEST=None, RESPONSE=None):
"""Return unprocessed document source."""
if RESPONSE is not None:
@@ -278,6 +279,7 @@
def get_size(self): return len(self.document_src())
+ security.declareProtected(change_database_methods, 'PUT')
def PUT(self, REQUEST, RESPONSE):
"""Handle put requests"""
self.dav__init(REQUEST, RESPONSE)
@@ -297,6 +299,7 @@
return RESPONSE
+ security.declareProtected(change_database_methods, 'manage_testForm')
def manage_testForm(self, REQUEST):
" "
input_src=default_input_form(self.title_or_id(),
@@ -304,6 +307,7 @@
'<dtml-var manage_tabs>')
return DocumentTemplate.HTML(input_src)(self, REQUEST, HTTP_REFERER='')
+ security.declareProtected(change_database_methods, 'manage_test')
def manage_test(self, REQUEST):
"""Test an SQL method."""
# Try to render the query template first so that the rendered
@@ -344,6 +348,7 @@
finally: tb=None
+ security.declareProtected(view_management_screens, 'index_html')
def index_html(self, REQUEST):
""" """
REQUEST.RESPONSE.redirect("%s/manage_testForm" % REQUEST['URL1'])
@@ -388,6 +393,7 @@
return result
+ security.declareProtected(use_database_methods, '__call__')
def __call__(self, REQUEST=None, __ick__=None, src__=0, test__=0, **kw):
"""Call the database method
@@ -500,6 +506,8 @@
return getattr(getattr(self, self.connection_id), 'connected')()
+ security.declareProtected(change_database_methods,
+ 'manage_product_zclass_info')
def manage_product_zclass_info(self):
r=[]
Z=self._zclass
@@ -517,12 +525,10 @@
return r
+InitializeClass(DA)
-Globals.default__class_init__(DA)
-
-
ListType=type([])
class Traverse(ExtensionClass.Base):
"""Helper class for 'traversing' searches during URL traversal
@@ -586,4 +592,3 @@
#__implements__ = ITracebackSupplement
def __init__(self, sql):
self.object = sql
-
Modified: Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py
===================================================================
--- Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/Testing/ZopeTestCase/ZopeLite.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -153,7 +153,7 @@
get_folder_permissions(), raise_exc=1)
_installedProducts[product_name] = 1
Products.meta_types = Products.meta_types + tuple(meta_types)
- Globals.default__class_init__(Folder)
+ Globals.InitializeClass(Folder)
if not quiet: _print('done (%.3fs)\n' % (time.time() - start))
break
else:
Modified: Zope/trunk/lib/python/ZClasses/Property.py
===================================================================
--- Zope/trunk/lib/python/ZClasses/Property.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/ZClasses/Property.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,7 +17,12 @@
import OFS.PropertySheets, Globals, OFS.SimpleItem, OFS.PropertyManager
import Acquisition
+from Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
from AccessControl.Permission import pname
+from AccessControl.Permissions import manage_zclasses
+from AccessControl.Permissions import manage_properties
+from AccessControl.Permissions import access_contents_information
class ClassCaretaker:
def __init__(self, klass): self.__dict__['_k']=klass
@@ -48,10 +53,11 @@
'help':('OFSP','Security_Define-Permissions.stx')},
)
- __ac_permissions__=(
- ('Manage Z Classes', ('', 'manage')),
- )
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(manage_zclasses)
+ security.declareProtected(manage_zclasses, 'manage')
+
def __init__(self, id, title):
self.id=id
self.title=title
@@ -238,8 +244,9 @@
self, REQUEST,
manage_tabs_message='The permission mapping has been updated')
-Globals.default__class_init__(ZCommonSheet)
+InitializeClass(ZCommonSheet)
+
property_sheet_permissions=(
# 'Access contents information',
'Manage properties',
@@ -250,27 +257,29 @@
):
"Waaa this is too hard"
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(access_contents_information)
+
+ security.declareProtected(access_contents_information, 'hasProperty')
+ security.declareProtected(access_contents_information, 'propertyIds')
+ security.declareProtected(access_contents_information, 'propertyValues')
+ security.declareProtected(access_contents_information, 'propertyItems')
+ security.declareProtected(access_contents_information, 'propertyMap')
+ security.declareProtected(manage_properties, 'manage')
+ security.declareProtected(manage_properties, 'manage_addProperty')
+ security.declareProtected(manage_properties, 'manage_editProperties')
+ security.declareProtected(manage_properties, 'manage_delProperties')
+ security.declareProtected(manage_properties, 'manage_changeProperties')
+
_Manage_properties_Permission='_Manage_properties_Permission'
_Access_contents_information_Permission='_View_Permission'
- __ac_permissions__=(
- ('Manage properties', ('manage_addProperty',
- 'manage_editProperties',
- 'manage_delProperties',
- 'manage_changeProperties',
- 'manage',
- )),
- ('Access contents information', ('hasProperty', 'propertyIds',
- 'propertyValues','propertyItems',
- 'propertyMap', ''),
- ),
- )
-
def v_self(self):
return self.aq_inner.aq_parent.aq_parent
-Globals.default__class_init__(ZInstanceSheet)
+InitializeClass(ZInstanceSheet)
+
def rclass(klass):
if not getattr(klass, '_p_changed', 0) and klass._p_jar is not None:
transaction.get().register(klass)
@@ -348,5 +357,4 @@
r.append(getattr(self, id))
return propsets+tuple(r)
-
-Globals.default__class_init__(ZInstanceSheets)
+InitializeClass(ZInstanceSheets)
Modified: Zope/trunk/lib/python/ZClasses/ZClass.py
===================================================================
--- Zope/trunk/lib/python/ZClasses/ZClass.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/ZClasses/ZClass.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -13,7 +13,10 @@
"""Zope Classes
"""
import Globals, OFS.SimpleItem, OFS.PropertySheets, Products
+from Globals import InitializeClass
import Method, Basic, Property, AccessControl.Role, re
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import create_class_instances
from ZPublisher.mapply import mapply
from ExtensionClass import Base
@@ -220,10 +223,8 @@
__propsets__=()
isPrincipiaFolderish=1
- __ac_permissions__=(
- ('Create class instances',
- ('', '__call__', 'index_html', 'createInObjectManager')),
- )
+ security = ClassSecurityInfo()
+ security.declareObjectProtected(create_class_instances)
def __init__(self, id, title, bases, zope_object=1):
"""Build a Zope class
@@ -343,7 +344,7 @@
return '*'+id
- changeClassId__roles__ = () # Private
+ security.declarePrivate('changeClassId')
def changeClassId(self, newid=None):
if newid is None: newid=self._new_class_id()
self._unregister()
@@ -442,6 +443,7 @@
manage_options=ComputedAttribute(manage_options)
+ security.declareProtected(create_class_instances, 'createInObjectManager')
def createInObjectManager(self, id, REQUEST, RESPONSE=None):
"""
Create Z instance. If called with a RESPONSE,
@@ -470,6 +472,7 @@
else:
return folder._getOb(id)
+ security.declareProtected(create_class_instances, 'index_html')
index_html=createInObjectManager
def fromRequest(self, id=None, REQUEST={}):
@@ -487,6 +490,7 @@
i.id = id
return i
+ security.declareProtected(create_class_instances, '__call__')
def __call__(self, *args, **kw):
return apply(self._zclass_, args, kw)
@@ -511,7 +515,7 @@
r.sort()
return r
- getClassAttr__roles__ = () # Private
+ security.declarePrivate('getClassAttr')
def getClassAttr(self, name, default=_marker, inherit=0):
if default is _marker:
if inherit: return getattr(self._zclass_, name)
@@ -521,7 +525,7 @@
else: return self._zclass_.__dict__[name]
except: return default
- setClassAttr__roles__ = () # Private
+ security.declarePrivate('setClassAttr')
def setClassAttr(self, name, value):
c=self._zclass_
setattr(c, name, value)
@@ -529,7 +533,7 @@
transaction.get().register(c)
c._p_changed=1
- delClassAttr__roles__ = () # Private
+ security.declarePrivate('delClassAttr')
def delClassAttr(self, name):
c=self._zclass_
delattr(c, name)
@@ -559,12 +563,11 @@
return (self.classDefinedPermissions()+
self.classInheritedPermissions())
+ security.declarePublic('ziconImage')
def ziconImage(self, REQUEST, RESPONSE):
"Display a class icon"
return self._zclass_.ziconImage.index_html(REQUEST, RESPONSE)
- ziconImage__roles__=None
-
def tpValues(self):
return self.propertysheets.common, self.propertysheets.methods
@@ -619,6 +622,9 @@
values.remove( value )
return values
+InitializeClass(ZClass)
+
+
class ZClassSheets(OFS.PropertySheets.PropertySheets):
"Manage a collection of property sheets that provide ZClass management"
Modified: Zope/trunk/lib/python/ZClasses/ZClassOwner.py
===================================================================
--- Zope/trunk/lib/python/ZClasses/ZClassOwner.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/ZClasses/ZClassOwner.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -13,6 +13,7 @@
"""Zope Classes
"""
import ExtensionClass, Globals, ZClass, Products
+from Globals import InitializeClass
def manage_subclassableClassNames(self):
r={}
@@ -43,5 +44,4 @@
manage_subclassableClassNames=manage_subclassableClassNames
-
-Globals.default__class_init__(ZClassOwner)
+InitializeClass(ZClassOwner)
Modified: Zope/trunk/lib/python/webdav/Collection.py
===================================================================
--- Zope/trunk/lib/python/webdav/Collection.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/webdav/Collection.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -17,7 +17,7 @@
from urllib import unquote
-import Globals
+from Globals import InitializeClass
from AccessControl import getSecurityManager
from zExceptions import MethodNotAllowed, NotFound
from zope.interface import implements
@@ -142,4 +142,4 @@
return objectValues()
return []
-Globals.default__class_init__(Collection)
+InitializeClass(Collection)
Modified: Zope/trunk/lib/python/webdav/NullResource.py
===================================================================
--- Zope/trunk/lib/python/webdav/NullResource.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/webdav/NullResource.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -18,9 +18,14 @@
import sys
import Acquisition, OFS.content_types
-import Globals
+from Globals import InitializeClass
import OFS.SimpleItem
from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import add_folders
+from AccessControl.Permissions import webdav_lock_items
+from AccessControl.Permissions import webdav_unlock_items
from Globals import Persistent, DTMLFile
from OFS.CopySupport import CopyError
from zExceptions import MethodNotAllowed
@@ -43,11 +48,7 @@
__implements__ = (WriteLockInterface,)
__null_resource__=1
- __ac_permissions__=(
- ('View', ('HEAD',)),
- ('Add Folders', ('MKCOL',)),
- ('WebDAV Lock items', ('LOCK',)),
- )
+ security = ClassSecurityInfo()
def __init__(self, parent, name, request=None):
self.__name__=name
@@ -64,6 +65,7 @@
raise Conflict, 'Collection ancestors must already exist.'
raise NotFound, 'The requested resource was not found.'
+ security.declareProtected(View, 'HEAD')
def HEAD(self, REQUEST, RESPONSE):
"""Retrieve resource information without a response message body."""
self.dav__init(REQUEST, RESPONSE)
@@ -89,7 +91,7 @@
ob=File(name, '', body, content_type=typ)
return ob
- PUT__roles__ = ('Anonymous',)
+ security.declarePublic('PUT')
def PUT(self, REQUEST, RESPONSE):
"""Create a new non-collection resource.
"""
@@ -166,6 +168,7 @@
RESPONSE.setBody('')
return RESPONSE
+ security.declareProtected(add_folders, 'MKCOL')
def MKCOL(self, REQUEST, RESPONSE):
"""Create a new collection resource."""
self.dav__init(REQUEST, RESPONSE)
@@ -201,6 +204,7 @@
RESPONSE.setBody('')
return RESPONSE
+ security.declareProtected(webdav_lock_items, 'LOCK')
def LOCK(self, REQUEST, RESPONSE):
""" LOCK on a Null Resource makes a LockNullResource instance """
self.dav__init(REQUEST, RESPONSE)
@@ -252,10 +256,9 @@
RESPONSE.setHeader('Lock-Token', 'opaquelocktoken:' + token)
RESPONSE.setBody(lock.asXML())
+InitializeClass(NullResource)
-Globals.default__class_init__(NullResource)
-
class LockNullResource(NullResource, OFS.SimpleItem.Item_w__name__):
""" A Lock-Null Resource is created when a LOCK command is succesfully
executed on a NullResource, essentially locking the Name. A PUT or
@@ -266,17 +269,14 @@
__locknull_resource__ = 1
meta_type = 'WebDAV LockNull Resource'
- __ac_permissions__ = (
- ('WebDAV Unlock items', ('UNLOCK',)),
- ('View', ('manage_main',
- 'manage_workspace', 'manage')),
- ('Add Folders', ('MKCOL',)),
- ('WebDAV Lock items', ('LOCK',)),
- )
+ security = ClassSecurityInfo()
manage_options = ({'label': 'Info', 'action': 'manage_main'},)
+ security.declareProtected(View, 'manage')
+ security.declareProtected(View, 'manage_main')
manage = manage_main = DTMLFile('dtml/locknullmain', globals())
+ security.declareProtected(View, 'manage_workspace')
manage_workspace = manage
manage_main._setName('manage_main') # explicit
@@ -291,7 +291,7 @@
self.id = self.__name__ = name
self.title = "LockNull Resource '%s'" % name
- title_or_id__roles__=None
+ security.declarePublic('title_or_id')
def title_or_id(self):
return 'Foo'
@@ -299,6 +299,7 @@
"""Retrieve properties defined on the resource."""
return Resource.PROPFIND(self, REQUEST, RESPONSE)
+ security.declareProtected(webdav_lock_items, 'LOCK')
def LOCK(self, REQUEST, RESPONSE):
""" A Lock command on a LockNull resource should only be a
refresh request (one without a body) """
@@ -336,6 +337,7 @@
return RESPONSE
+ security.declareProtected(webdav_unlock_items, 'UNLOCK')
def UNLOCK(self, REQUEST, RESPONSE):
""" Unlocking a Null Resource removes it from its parent """
self.dav__init(REQUEST, RESPONSE)
@@ -362,7 +364,7 @@
RESPONSE.setStatus(204)
return RESPONSE
- PUT__roles__ = ('Anonymous',)
+ security.declarePublic('PUT')
def PUT(self, REQUEST, RESPONSE):
""" Create a new non-collection resource, deleting the LockNull
object from the container before putting the new object in. """
@@ -437,6 +439,7 @@
RESPONSE.setBody('')
return RESPONSE
+ security.declareProtected(add_folders, 'MKCOL')
def MKCOL(self, REQUEST, RESPONSE):
""" Create a new Collection (folder) resource. Since this is being
done on a LockNull resource, this also involves removing the LockNull
@@ -484,4 +487,4 @@
RESPONSE.setBody('')
return RESPONSE
-Globals.default__class_init__(LockNullResource)
+InitializeClass(LockNullResource)
Modified: Zope/trunk/lib/python/webdav/Resource.py
===================================================================
--- Zope/trunk/lib/python/webdav/Resource.py 2005-11-21 16:49:38 UTC (rev 40299)
+++ Zope/trunk/lib/python/webdav/Resource.py 2005-11-21 16:54:03 UTC (rev 40300)
@@ -20,8 +20,15 @@
from urllib import unquote
import ExtensionClass
-import Globals
+from Globals import InitializeClass
from AccessControl import getSecurityManager
+from AccessControl import ClassSecurityInfo
+from AccessControl.Permissions import delete_objects
+from AccessControl.Permissions import manage_properties
+from AccessControl.Permissions import view as View
+from AccessControl.Permissions import webdav_lock_items
+from AccessControl.Permissions import webdav_unlock_items
+from AccessControl.Permissions import webdav_access
from Acquisition import aq_base
from zExceptions import BadRequest, MethodNotAllowed
from zExceptions import Unauthorized, Forbidden
@@ -56,16 +63,8 @@
'MOVE', 'LOCK', 'UNLOCK',
)
- __ac_permissions__=(
- ('View', ('HEAD',)),
- ('WebDAV access', ('PROPFIND', 'manage_DAVget',
- 'listDAVObjects'),
- ('Authenticated', 'Manager')),
- ('Manage properties', ('PROPPATCH',)),
- ('Delete objects', ('DELETE',)),
- ('WebDAV Lock items', ('LOCK',)),
- ('WebDAV Unlock items', ('UNLOCK',)),
- )
+ security = ClassSecurityInfo()
+ security.setPermissionDefault(webdav_access, ('Authenticated', 'Manager'))
def dav__init(self, request, response):
# Init expected HTTP 1.1 / WebDAV headers which are not
@@ -158,6 +157,7 @@
# WebDAV class 1 support
+ security.declareProtected(View, 'HEAD')
def HEAD(self, REQUEST, RESPONSE):
"""Retrieve resource information without a response body."""
self.dav__init(REQUEST, RESPONSE)
@@ -197,7 +197,7 @@
self.dav__init(REQUEST, RESPONSE)
raise MethodNotAllowed, 'Method not supported for this resource.'
- OPTIONS__roles__=None
+ security.declarePublic('OPTIONS')
def OPTIONS(self, REQUEST, RESPONSE):
"""Retrieve communication options."""
self.dav__init(REQUEST, RESPONSE)
@@ -207,7 +207,7 @@
RESPONSE.setStatus(200)
return RESPONSE
- TRACE__roles__=None
+ security.declarePublic('TRACE')
def TRACE(self, REQUEST, RESPONSE):
"""Return the HTTP message received back to the client as the
entity-body of a 200 (OK) response. This will often usually
@@ -218,6 +218,7 @@
self.dav__init(REQUEST, RESPONSE)
raise MethodNotAllowed, 'Method not supported for this resource.'
+ security.declareProtected(delete_objects, 'DELETE')
def DELETE(self, REQUEST, RESPONSE):
"""Delete a resource. For non-collection resources, DELETE may
return either 200 or 204 (No Content) to indicate success."""
@@ -256,6 +257,7 @@
return RESPONSE
+ security.declareProtected(webdav_access, 'PROPFIND')
def PROPFIND(self, REQUEST, RESPONSE):
"""Retrieve properties defined on the resource."""
self.dav__init(REQUEST, RESPONSE)
@@ -273,6 +275,7 @@
RESPONSE.setBody(result)
return RESPONSE
+ security.declareProtected(manage_properties, 'PROPPATCH')
def PROPPATCH(self, REQUEST, RESPONSE):
"""Set and/or remove properties defined on the resource."""
self.dav__init(REQUEST, RESPONSE)
@@ -300,7 +303,7 @@
self.dav__init(REQUEST, RESPONSE)
raise MethodNotAllowed, 'The resource already exists.'
- COPY__roles__=('Anonymous',)
+ security.declarePublic('COPY')
def COPY(self, REQUEST, RESPONSE):
"""Create a duplicate of the source resource whose state
and behavior match that of the source resource as closely
@@ -406,7 +409,7 @@
RESPONSE.setBody('')
return RESPONSE
- MOVE__roles__=('Anonymous',)
+ security.declarePublic('MOVE')
def MOVE(self, REQUEST, RESPONSE):
"""Move a resource to a new location. Though we may later try to
make a move appear seamless across namespaces (e.g. from Zope
@@ -522,6 +525,7 @@
# WebDAV Class 2, Lock and Unlock
+ security.declareProtected(webdav_lock_items, 'LOCK')
def LOCK(self, REQUEST, RESPONSE):
"""Lock a resource"""
self.dav__init(REQUEST, RESPONSE)
@@ -581,6 +585,7 @@
return RESPONSE
+ security.declareProtected(webdav_unlock_items, 'UNLOCK')
def UNLOCK(self, REQUEST, RESPONSE):
"""Remove an existing lock on a resource."""
self.dav__init(REQUEST, RESPONSE)
@@ -601,12 +606,14 @@
return RESPONSE
+ security.declareProtected(webdav_access, 'manage_DAVget')
def manage_DAVget(self):
"""Gets the document source"""
# The default implementation calls manage_FTPget
return self.manage_FTPget()
+ security.declareProtected(webdav_access, 'listDAVObjects')
def listDAVObjects(self):
return []
-Globals.default__class_init__(Resource)
+InitializeClass(Resource)
More information about the Zope-Checkins
mailing list