initial version of docx template support

collective/trustedimports/configure.zcml

@@ -20,6 +20,7 @@
     <include zcml:condition="installed pystache" package=".pystache"  />
     <include zcml:condition="installed phonenumbers" package=".phonenumbers"  />
     <include zcml:condition="installed zeep" package=".soap"  />
+    <include zcml:condition="installed docxtpl" package=".docx"  />
     <include package=".url"  />
 
 </configure>

collective/trustedimports/docx.py

@@ -0,0 +1,34 @@
+from AccessControl import allow_class, ModuleSecurityInfo, ClassSecurityInfo, Unauthorized
+from collective.trustedimports.util import wrap_protected, whitelist_module
+
+
+import docxtpl
+
+file_like = lambda f: hasattr(f, 'read')
+
+wrap_protected(docxtpl.DocxTemplate.__init__, lambda docx: file_like(docx))
+wrap_protected(docxtpl.DocxTemplate.save, lambda filename: file_like(filename))
+wrap_protected(docxtpl.DocxTemplate.write_xml, lambda filename: file_like(filename))
+#ModuleSecurityInfo('docxtpl').declarePublic('DocxTemplate')
+#allow_class(docxtpl.DocxTemplate)
+whitelist_module('docxtpl', ['DocxTemplate'], ['DocxTemplate'])
+
+
+# import docx
+# wrap_protected(docx.document.Document.__init__, lambda element: file_like(element))
+# wrap_protected(docx.document.Document, lambda path_or_stream: file_like(path_or_stream))
+
+#TODO: docx has a lot of methods to whitelist. 
+
+#TODO: need to look if there is a way to embed content that might allow reading filesystem files
+
+
+
+# allow_class(_ZipFile)
+# ModuleSecurityInfo('zipfile').declarePublic('ZIP64_LIMIT',
+#                                              'ZIP_FILECOUNT_LIMIT',
+#                                              'ZIP_MAX_COMMENT',
+#                                              'ZIP_STORED',
+#                                              'ZIP_DEFLATED',
+#                                              'ZipInfo')
+# allow_class(ZipInfo)

collective/trustedimports/docx.rst

@@ -0,0 +1,40 @@
+Docxtpl
+=======
+
+When used in RestrictedPython we can still use Docxtmp
+
+>>> teval("from docxtpl import DocxTemplate; from StringIO import StringIO; return DocxTemplate(StringIO())")
+Traceback (most recent call last):
+...
+BadZipfile: File is not a zip file
+
+but we can't use it to open files on the disk
+
+>>> teval("import docxtpl; docxtpl.DocxTemplate('my.docx')")
+Traceback (most recent call last):
+...
+ValueError: Argument(s) 'docx' have values not supported in a restricted python call
+
+
+We can still use it when not in a PythonScript
+
+>>> import docxtpl; docxtpl.DocxTemplate('myfile.docx')
+Traceback (most recent call last):
+...
+PackageNotFoundError: Package not found at 'myfile.docx'
+
+
+We don't allow access to internal methods
+
+#>>> teval("from docxtpl import DocxTemplate; from StringIO import StringIO; DocxTemplate(StringIO()).extractall()")
+#Traceback (most recent call last):
+#...
+#ValueError: Method 'extractall' not supported in a restricted python call
+
+#>>> teval("from docxtpl import DocxTemplate; from StringIO import StringIO; DocxTemplate(StringIO()).extract()")
+#Traceback (most recent call last):
+#...
+#ValueError: Method 'extract' not supported in a restricted python call
+
+
+

requirements.txt

@@ -1,2 +1,2 @@
-zc.buildout == 2.11.4
-setuptools == 39.1.0
+setuptools==41.0.1
+zc.buildout==2.13.2

setup.py

@@ -65,6 +65,7 @@
             'Plone',
             'plone.api',
             'collective.taskqueue',
+            'docxtpl',
         ],
     },
     entry_points="""