more OFS liniting and replacement of security declarotors

src/OFS/DTMLMethod.py

@@ -52,12 +52,14 @@ class Code(object):
     pass
 
 
-class DTMLMethod(RestrictedDTML,
-                 HTML,
-                 Implicit,
-                 RoleManager,
-                 Item_w__name__,
-                 Cacheable):
+class DTMLMethod(
+    RestrictedDTML,
+    HTML,
+    Implicit,
+    RoleManager,
+    Item_w__name__,
+    Cacheable
+):
     """ DocumentTemplate.HTML objects that act as methods of their containers.
     """
     meta_type = 'DTML Method'
@@ -75,19 +77,28 @@ class DTMLMethod(RestrictedDTML,
     __defaults__ = None
 
     manage_options = ((
-        {'label': 'Edit', 'action': 'manage_main'},
-        {'label': 'View', 'action': ''},
-        {'label': 'Proxy', 'action': 'manage_proxyForm'},
+        {
+            'label': 'Edit',
+            'action': 'manage_main',
+        },
+        {
+            'label': 'View',
+            'action': '',
+        },
+        {
+            'label': 'Proxy',
+            'action': 'manage_proxyForm',
+        },
     ) +
-        RoleManager.manage_options +
-        Item_w__name__.manage_options +
-        Cacheable.manage_options
+        RoleManager.manage_options
+        + Item_w__name__.manage_options
+        + Cacheable.manage_options
     )
 
     # More reasonable default for content-type for http HEAD requests.
     default_content_type = 'text/html'
 
-    security.declareProtected(View, '__call__')
+    @security.protected(View)
     def __call__(self, client=None, REQUEST={}, RESPONSE=None, **kw):
         """Render using the given client object
 
@@ -177,7 +188,7 @@ def ZDocumentTemplate_beforeRender(self, md, default):
             for key in self._cache_namespace_keys:
                 try:
                     val = md[key]
-                except:
+                except Exception:
                     val = None
                 kw[key] = val
             return self.ZCacheable_get(keywords=kw, default=default)
@@ -190,20 +201,20 @@ def ZDocumentTemplate_afterRender(self, md, result):
             for key in self._cache_namespace_keys:
                 try:
                     val = md[key]
-                except:
+                except Exception:
                     val = None
                 kw[key] = val
             self.ZCacheable_set(result, keywords=kw)
 
-    security.declareProtected(change_dtml_methods, 'ZCacheable_configHTML')
+    security.declareProtected(change_dtml_methods, 'ZCacheable_configHTML')  # NOQA: D001,E501
     ZCacheable_configHTML = DTMLFile('dtml/cacheNamespaceKeys', globals())
 
-    security.declareProtected(change_dtml_methods, 'getCacheNamespaceKeys')
+    @security.protected(change_dtml_methods)
     def getCacheNamespaceKeys(self):
         # Return the cacheNamespaceKeys.
         return self._cache_namespace_keys
 
-    security.declareProtected(change_dtml_methods, 'setCacheNamespaceKeys')
+    @security.protected(change_dtml_methods)
     def setCacheNamespaceKeys(self, keys, REQUEST=None):
         # Set the list of names looked up to provide a cache key.
         ks = []
@@ -216,29 +227,29 @@ def setCacheNamespaceKeys(self, keys, REQUEST=None):
         if REQUEST is not None:
             return self.ZCacheable_manage(self, REQUEST)
 
-    security.declareProtected(View, 'get_size')
+    @security.protected(View)
     def get_size(self):
         return len(self.raw)
 
     # deprecated; use get_size!
     getSize = get_size
 
-    security.declareProtected(change_dtml_methods, 'manage')
+    security.declareProtected(change_dtml_methods, 'manage')  # NOQA: D001
 
-    security.declareProtected(change_dtml_methods, 'manage_editForm')
+    security.declareProtected(change_dtml_methods, 'manage_editForm')  # NOQA: D001,E501
     manage_editForm = DTMLFile('dtml/documentEdit', globals())
     manage_editForm._setName('manage_editForm')
 
     # deprecated!
     manage_uploadForm = manage_editForm
 
-    security.declareProtected(change_dtml_methods, 'manage_main')
+    security.declareProtected(change_dtml_methods, 'manage_main')  # NOQA: D001
     manage = manage_main = manage_editDocument = manage_editForm
 
-    security.declareProtected(change_proxy_roles, 'manage_proxyForm')
+    security.declareProtected(change_proxy_roles, 'manage_proxyForm')  # NOQA: D001,E501
     manage_proxyForm = DTMLFile('dtml/documentProxy', globals())
 
-    security.declareProtected(change_dtml_methods, 'manage_edit')
+    @security.protected(change_dtml_methods)
     def manage_edit(self, data, title, SUBMIT='Change', REQUEST=None):
         """ Replace contents with 'data', title with 'title'.
         """
@@ -258,7 +269,7 @@ def manage_edit(self, data, title, SUBMIT='Change', REQUEST=None):
             message = "Saved changes."
             return self.manage_main(self, REQUEST, manage_tabs_message=message)
 
-    security.declareProtected(change_dtml_methods, 'manage_upload')
+    @security.protected(change_dtml_methods)
     def manage_upload(self, file='', REQUEST=None):
         """ Replace the contents of the document with the text in 'file'.
 
@@ -307,7 +318,7 @@ def _validateProxy(self, request, roles=None):
             'do not have proxy roles.\n<!--%s, %s-->' % (
                 self.__name__, u, roles))
 
-    security.declareProtected(change_proxy_roles, 'manage_proxy')
+    @security.protected(change_proxy_roles)
     @requestmethod('POST')
     def manage_proxy(self, roles=(), REQUEST=None):
         "Change Proxy Roles"
@@ -319,20 +330,21 @@ def manage_proxy(self, roles=(), REQUEST=None):
             return self.manage_proxyForm(self, REQUEST,
                                          manage_tabs_message=message)
 
-    security.declareProtected(view_management_screens, 'PrincipiaSearchSource')
+    @security.protected(view_management_screens)
     def PrincipiaSearchSource(self):
         # Support for searching - the document's contents are searched.
         return self.read()
 
-    security.declareProtected(view_management_screens, 'document_src')
+    @security.protected(view_management_screens)
     def document_src(self, REQUEST=None, RESPONSE=None):
         # Return unprocessed document source.
         if RESPONSE is not None:
             RESPONSE.setHeader('Content-Type', 'text/plain')
         return self.read()
 
     if bbb.HAS_ZSERVER:
-        security.declareProtected(change_dtml_methods, 'PUT')
+
+        @security.protected(change_dtml_methods)
         def PUT(self, REQUEST, RESPONSE):
             """ Handle FTP / HTTP PUT requests.
             """
@@ -345,15 +357,16 @@ def PUT(self, REQUEST, RESPONSE):
             RESPONSE.setStatus(204)
             return RESPONSE
 
-        security.declareProtected(ftp_access, 'manage_FTPstat')
-        security.declareProtected(ftp_access, 'manage_FTPlist')
+        security.declareProtected(ftp_access, 'manage_FTPstat')  # NOQA: D001
+        security.declareProtected(ftp_access, 'manage_FTPlist')  # NOQA: D001
 
-        security.declareProtected(ftp_access, 'manage_FTPget')
+        @security.protected(ftp_access)
         def manage_FTPget(self):
             """ Get source for FTP download.
             """
             return self.read()
 
+
 InitializeClass(DTMLMethod)
 
 token = "[a-zA-Z0-9!#$%&'*+\-.\\\\^_`|~]+"

src/OFS/FindSupport.py

@@ -155,6 +155,7 @@ def ZopeFindAndApply(self, obj, obj_ids=None, obj_metatypes=None,
 
         return result
 
+
 InitializeClass(FindSupport)
 
 

src/OFS/Lockable.py

@@ -28,18 +28,13 @@ class LockableItem(EtagSupport):
 
     # Protect methods using declarative security
     security = ClassSecurityInfo()
-    security.declarePrivate('wl_lockmapping')
-    security.declarePublic('wl_isLocked', 'wl_getLock', 'wl_isLockedByUser',
-                           'wl_lockItems', 'wl_lockValues', 'wl_lockTokens',)
-    security.declareProtected('WebDAV Lock items', 'wl_setLock')
-    security.declareProtected('WebDAV Unlock items', 'wl_delLock')
-    security.declareProtected('Manage WebDAV Locks', 'wl_clearLocks')
 
     # Setting default roles for permissions - we want owners of conent
     # to be able to lock.
     security.setPermissionDefault('WebDAV Lock items', ('Manager', 'Owner',))
     security.setPermissionDefault('WebDAV Unlock items', ('Manager', 'Owner',))
 
+    @security.private
     def wl_lockmapping(self, killinvalids=0, create=0):
         """ if 'killinvalids' is 1, locks who are no longer valid
         will be deleted """
@@ -68,20 +63,25 @@ def wl_lockmapping(self, killinvalids=0, create=0):
         else:
             return locks
 
+    @security.public
     def wl_lockItems(self, killinvalids=0):
         return list(self.wl_lockmapping(killinvalids).items())
 
+    @security.public
     def wl_lockValues(self, killinvalids=0):
         return list(self.wl_lockmapping(killinvalids).values())
 
+    @security.public
     def wl_lockTokens(self, killinvalids=0):
         return list(self.wl_lockmapping(killinvalids).keys())
 
+    # TODO: Security Declaration
     def wl_hasLock(self, token, killinvalids=0):
         if not token:
             return 0
         return token in list(self.wl_lockmapping(killinvalids).keys())
 
+    @security.public
     def wl_isLocked(self):
         # returns true if 'self' is locked at all
         # We set 'killinvalids' to 1 to delete all locks who are no longer
@@ -93,6 +93,7 @@ def wl_isLocked(self):
         else:
             return 0
 
+    @security.protected('WebDAV Lock items')
     def wl_setLock(self, locktoken, lock):
         locks = self.wl_lockmapping(create=1)
         if ILockItem.providedBy(lock):
@@ -103,15 +104,18 @@ def wl_setLock(self, locktoken, lock):
         else:
             raise ValueError('Lock does not implement the LockItem Interface')
 
+    @security.public
     def wl_getLock(self, locktoken):
         locks = self.wl_lockmapping(killinvalids=1)
         return locks.get(locktoken, None)
 
+    @security.protected('WebDAV Unlock items')
     def wl_delLock(self, locktoken):
         locks = self.wl_lockmapping()
         if locktoken in locks:
             del locks[locktoken]
 
+    @security.protected('Manage WebDAV Locks')
     def wl_clearLocks(self):
         # Called by lock management machinery to quickly and effectively
         # destroy all locks.
@@ -132,6 +136,7 @@ def wl_clearLocks(self):
         if hasattr(aq_base(self), '__no_valid_write_locks__'):
             self.__no_valid_write_locks__()
 
+
 InitializeClass(LockableItem)