- Permissions and decorator overhaul

- Import permissions directly from CMFCore and deprecate the permissions module in Products.DCWorkflow - Use decorators for ZCA and to declare security
zopefoundation · May 4, 2017 · a27f27e · a27f27e
1 parent 82b3b8e
commit a27f27e
Show file tree

Hide file tree

Showing 13 changed files with 93 additions and 80 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -4,6 +4,12 @@ Products.DCWorkflow Changelog
 2.4.0 (unreleased)
 ------------------
 
+- Import permissions directly from CMFCore and deprecate the 
+  permissions module in Products.DCWorkflow
+
+- Use decorators for ZCA and to declare security.
+
+
 2.4.0b1 (2017-05-04)
 --------------------
 

diff --git a/Products/DCWorkflow/DCWorkflow.py b/Products/DCWorkflow/DCWorkflow.py
@@ -29,19 +29,20 @@
 from Products.CMFCore.WorkflowCore import ObjectDeleted
 from Products.CMFCore.WorkflowCore import ObjectMoved
 from Products.CMFCore.WorkflowCore import WorkflowException
+from Products.CMFCore.permissions import ManagePortal
 from Products.DCWorkflow.events import AfterTransitionEvent
 from Products.DCWorkflow.events import BeforeTransitionEvent
 from Products.DCWorkflow.Expression import createExprContext
 from Products.DCWorkflow.Expression import StateChangeInfo
 from Products.DCWorkflow.interfaces import IDCWorkflowDefinition
-from Products.DCWorkflow.permissions import ManagePortal
 from Products.DCWorkflow.Transitions import TRIGGER_AUTOMATIC
 from Products.DCWorkflow.Transitions import TRIGGER_USER_ACTION
 from Products.DCWorkflow.utils import Message as _
 from Products.DCWorkflow.utils import modifyRolesForGroup
 from Products.DCWorkflow.utils import modifyRolesForPermission
 from Products.DCWorkflow.WorkflowUIMixin import WorkflowUIMixin
 
+
 def checkId(id):
     res = bad_id(id)
     if res != -1 and res is not None:
@@ -141,7 +142,7 @@ def _getWorkflowStateOf(self, ob, id_only=0):
     def _getPortalRoot(self):
         return aq_parent(aq_inner(aq_parent(aq_inner(self))))
 
-    security.declarePrivate('getCatalogVariablesFor')
+    @security.private
     def getCatalogVariablesFor(self, ob):
         '''
         Allows this workflow to make workflow-specific variables
@@ -170,7 +171,7 @@ def getCatalogVariablesFor(self, ob):
         res[state_var] = status.get(state_var, self.initial_state)
         return res
 
-    security.declarePrivate('listObjectActions')
+    @security.private
     def listObjectActions(self, info):
         '''
         Allows this workflow to
@@ -200,7 +201,7 @@ def listObjectActions(self, info):
         res.sort()
         return [ result[1] for result in res ]
 
-    security.declarePrivate('listGlobalActions')
+    @security.private
     def listGlobalActions(self, info):
         '''
         Allows this workflow to
@@ -239,7 +240,7 @@ def listGlobalActions(self, info):
         res.sort()
         return [ result[1] for result in res ]
 
-    security.declarePrivate('isActionSupported')
+    @security.private
     def isActionSupported(self, ob, action, **kw):
         '''
         Returns a true value if the given action name
@@ -256,7 +257,7 @@ def isActionSupported(self, ob, action, **kw):
                 return 1
         return 0
 
-    security.declarePrivate('doActionFor')
+    @security.private
     def doActionFor(self, ob, action, comment='', **kw):
         '''
         Allows the user to request a workflow action.  This method
@@ -277,7 +278,7 @@ def doActionFor(self, ob, action, comment='', **kw):
             raise Unauthorized(action)
         self._changeStateOf(ob, tdef, kw)
 
-    security.declarePrivate('isInfoSupported')
+    @security.private
     def isInfoSupported(self, ob, name):
         '''
         Returns a true value if the given info name is supported.
@@ -289,7 +290,7 @@ def isInfoSupported(self, ob, name):
             return 0
         return 1
 
-    security.declarePrivate('getInfoFor')
+    @security.private
     def getInfoFor(self, ob, name, default):
         '''
         Allows the user to request information provided by the
@@ -314,7 +315,7 @@ def getInfoFor(self, ob, name, default):
 
         return value
 
-    security.declarePrivate('allowCreate')
+    @security.private
     def allowCreate(self, container, type_name):
         """Returns true if the user is allowed to create a workflow instance.
 
@@ -325,7 +326,7 @@ def allowCreate(self, container, type_name):
                 getSecurityManager(), self, container)
         return 1
 
-    security.declarePrivate('notifyCreated')
+    @security.private
     def notifyCreated(self, ob):
         """Notifies this workflow after an object has been created and added.
         """
@@ -335,7 +336,7 @@ def notifyCreated(self, ob):
             # Swallow.
             pass
 
-    security.declarePrivate('notifyBefore')
+    @security.private
     def notifyBefore(self, ob, action):
         '''
         Notifies this workflow of an action before it happens,
@@ -345,21 +346,21 @@ def notifyBefore(self, ob, action):
         '''
         pass
 
-    security.declarePrivate('notifySuccess')
+    @security.private
     def notifySuccess(self, ob, action, result):
         '''
         Notifies this workflow that an action has taken place.
         '''
         pass
 
-    security.declarePrivate('notifyException')
+    @security.private
     def notifyException(self, ob, action, exc):
         '''
         Notifies this workflow that an action failed.
         '''
         pass
 
-    security.declarePrivate('updateRoleMappingsFor')
+    @security.private
     def updateRoleMappingsFor(self, ob):
         """Changes the object permissions according to the current state.
         """
@@ -538,4 +539,5 @@ def _executeTransition(self, ob, tdef=None, kwargs=None):
         else:
             return new_sdef
 
+
 InitializeClass(DCWorkflowDefinition)
diff --git a/Products/DCWorkflow/Expression.py b/Products/DCWorkflow/Expression.py
@@ -109,6 +109,7 @@ def getDateTime(self):
             date = self._date = DateTime()
         return date
 
+
 InitializeClass(StateChangeInfo)
 
 

diff --git a/Products/DCWorkflow/Guard.py b/Products/DCWorkflow/Guard.py
@@ -24,9 +24,9 @@
 
 from Products.CMFCore.Expression import Expression
 from Products.CMFCore.utils import _checkPermission
+from Products.CMFCore.permissions import ManagePortal
 from Products.DCWorkflow.Expression import StateChangeInfo
 from Products.DCWorkflow.Expression import createExprContext
-from Products.DCWorkflow.permissions import ManagePortal
 from Products.DCWorkflow.utils import _dtmldir
 
 
@@ -90,7 +90,7 @@ def check(self, sm, wf_def, ob, **kw):
                 return 0
         return 1
 
-    security.declareProtected(ManagePortal, 'getSummary')
+    @security.protected(ManagePortal)
     def getSummary(self):
         # Perhaps ought to be in DTML.
         res = []
@@ -142,30 +142,31 @@ def changeFromProperties(self, props):
             self.expr = Expression(s)
         return res
 
-    security.declareProtected(ManagePortal, 'getPermissionsText')
+    @security.protected(ManagePortal)
     def getPermissionsText(self):
         if not self.permissions:
             return ''
         return '; '.join(self.permissions)
 
-    security.declareProtected(ManagePortal, 'getRolesText')
+    @security.protected(ManagePortal)
     def getRolesText(self):
         if not self.roles:
             return ''
         return '; '.join(self.roles)
 
-    security.declareProtected(ManagePortal, 'getGroupsText')
+    @security.protected(ManagePortal)
     def getGroupsText(self):
         if not self.groups:
             return ''
         return '; '.join(self.groups)
 
-    security.declareProtected(ManagePortal, 'getExprText')
+    @security.protected(ManagePortal)
     def getExprText(self):
         if not self.expr:
             return ''
         return str(self.expr.text)
 
+
 InitializeClass(Guard)
 
 

diff --git a/Products/DCWorkflow/Scripts.py b/Products/DCWorkflow/Scripts.py
@@ -17,8 +17,8 @@
 from App.class_init import InitializeClass
 from OFS.Folder import Folder
 
+from Products.CMFCore.permissions import ManagePortal
 from Products.DCWorkflow.ContainerTab import ContainerTab
-from Products.DCWorkflow.permissions import ManagePortal
 
 
 class Scripts(ContainerTab):
@@ -36,4 +36,5 @@ def manage_main(self, client=None, REQUEST=None, **kw):
         m = Folder.manage_main.__of__(self)
         return m(self, client, REQUEST, **kw)
 
+
 InitializeClass(Scripts)
diff --git a/Products/DCWorkflow/States.py b/Products/DCWorkflow/States.py
@@ -23,8 +23,8 @@
 from OFS.SimpleItem import SimpleItem
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 
+from Products.CMFCore.permissions import ManagePortal
 from Products.DCWorkflow.ContainerTab import ContainerTab
-from Products.DCWorkflow.permissions import ManagePortal
 from Products.DCWorkflow.utils import _dtmldir
 
 
@@ -248,6 +248,7 @@ def setGroups(self, REQUEST, RESPONSE=None):
                 "%s/manage_groups?manage_tabs_message=Groups+changed."
                 % self.absolute_url())
 
+
 InitializeClass(StateDefinition)
 
 
@@ -302,4 +303,5 @@ def setInitialState(self, id=None, ids=None, REQUEST=None):
         if REQUEST is not None:
             return self.manage_main(REQUEST, 'Initial state selected.')
 
+
 InitializeClass(States)
diff --git a/Products/DCWorkflow/Transitions.py b/Products/DCWorkflow/Transitions.py
@@ -22,9 +22,9 @@
 from Persistence import PersistentMapping
 
 from Products.CMFCore.Expression import Expression
+from Products.CMFCore.permissions import ManagePortal
 from Products.DCWorkflow.ContainerTab import ContainerTab
 from Products.DCWorkflow.Guard import Guard
-from Products.DCWorkflow.permissions import ManagePortal
 from Products.DCWorkflow.utils import _dtmldir
 
 TRIGGER_AUTOMATIC = 0
@@ -214,6 +214,7 @@ def setVariables(self, ids=[], REQUEST=None):
 
             return self.manage_variables(REQUEST, 'Variables changed.')
 
+
 InitializeClass(TransitionDefinition)
 
 
@@ -257,4 +258,5 @@ def deleteTransitions(self, ids, REQUEST=None):
         if REQUEST is not None:
             return self.manage_main(REQUEST, 'Transition(s) removed.')
 
+
 InitializeClass(Transitions)
diff --git a/Products/DCWorkflow/Variables.py b/Products/DCWorkflow/Variables.py
@@ -22,9 +22,9 @@
 from zExceptions import BadRequest
 
 from Products.CMFCore.Expression import Expression
+from Products.CMFCore.permissions import ManagePortal
 from Products.DCWorkflow.ContainerTab import ContainerTab
 from Products.DCWorkflow.Guard import Guard
-from Products.DCWorkflow.permissions import ManagePortal
 from Products.DCWorkflow.utils import _dtmldir
 
 
@@ -104,6 +104,7 @@ def setProperties(self, description,
         if REQUEST is not None:
             return self.manage_properties(REQUEST, 'Properties changed.')
 
+
 InitializeClass(VariableDefinition)