From acdda802ab26f3bd2b7b3205e59a614b158b9c96 Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet Date: Sun, 10 Jan 2021 22:31:00 +0100 Subject: [PATCH] Fix: declareProtected --- ZAbsences.py | 13 +++++++------ ZEntreprises.py | 14 +++++++++----- ZNotes.py | 10 ++++++++-- ZScoUsers.py | 16 +++++++++------- ZScolar.py | 6 ++++++ 5 files changed, 39 insertions(+), 20 deletions(-) diff --git a/ZAbsences.py b/ZAbsences.py index 8e50e72a..afdcb396 100644 --- a/ZAbsences.py +++ b/ZAbsences.py @@ -117,11 +117,11 @@ class ZAbsences( self.title = title # The form used to edit this object - def manage_editZAbsences(self, title, RESPONSE=None): - "Changes the instance values" - self.title = title - self._p_changed = 1 - RESPONSE.redirect("manage_editForm") + # def manage_editZAbsences(self, title, RESPONSE=None): + # "Changes the instance values" + # self.title = title + # self._p_changed = 1 + # RESPONSE.redirect("manage_editForm") # -------------------------------------------------------------------- # @@ -495,7 +495,7 @@ class ZAbsences( a["description"] = self._GetAbsDescription(a, cursor=cursor) return A - security.declareProtected(ScoView, "ListeAbsJust") + security.declareProtected(ScoView, "ListeJustifs") def ListeJustifs(self, etudid, datedebut, datefin=None, only_no_abs=False): """Liste des justificatifs (sans absence relevée) à partir d'une date, @@ -696,6 +696,7 @@ class ZAbsences( "Vrai si le samedi est travaillé" return int(self.get_preference("work_saturday")) + security.declareProtected(ScoView, "day_names") def day_names(self): """Returns week day names. If work_saturday property is set, include saturday diff --git a/ZEntreprises.py b/ZEntreprises.py index 3e8a4468..3f138977 100644 --- a/ZEntreprises.py +++ b/ZEntreprises.py @@ -233,11 +233,11 @@ class ZEntreprises( self.title = title # The form used to edit this object - def manage_editZEntreprises(self, title, RESPONSE=None): - "Changes the instance values" - self.title = title - self._p_changed = 1 - RESPONSE.redirect("manage_editForm") + # def manage_editZEntreprises(self, title, RESPONSE=None): + # "Changes the instance values" + # self.title = title + # self._p_changed = 1 + # RESPONSE.redirect("manage_editForm") # Ajout (dans l'instance) d'un dtml modifiable par Zope def defaultDocFile(self, id, title, file): @@ -448,6 +448,10 @@ class ZEntreprises( cnx = self.GetDBConnexion() _entreprise_correspEditor.edit(cnx, *args, **kw) + security.declareProtected( + ScoEntrepriseView, "do_entreprise_correspondant_listnames" + ) + def do_entreprise_correspondant_listnames(self, args={}): "-> liste des noms des correspondants (pour affichage menu)" C = self.do_entreprise_correspondant_list(args=args) diff --git a/ZNotes.py b/ZNotes.py index ae180b3e..b1e4fe92 100644 --- a/ZNotes.py +++ b/ZNotes.py @@ -138,6 +138,8 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl self.title = title # The form used to edit this object + security.declareProtected(ScoView, "manage_editZNotes") + def manage_editZNotes(self, title, RESPONSE=None): "Changes the instance values" self.title = title @@ -992,6 +994,8 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl if redirect: return REQUEST.RESPONSE.redirect("ue_list?formation_id=" + formation_id) + security.declareProtected(ScoChangeFormation, "ue_move") + def ue_move(self, ue_id, after=0, REQUEST=None, redirect=1): """Move UE before/after previous one (decrement/increment numero)""" o = self.do_ue_list({"ue_id": ue_id})[0] @@ -2083,6 +2087,8 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl + self.sco_footer(REQUEST) ) + security.declareProtected(ScoImplement, "do_formsemestre_desinscription") + def do_formsemestre_desinscription(self, etudid, formsemestre_id, REQUEST=None): """Désinscription d'un étudiant. Si semestre extérieur et dernier inscrit, suppression de ce semestre. @@ -2960,7 +2966,7 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl + self.sco_footer(REQUEST) ) - security.declareProtected(ScoView, "formsemestre_bulletins_mailetuds") + security.declareProtected(ScoView, "external_ue_create_form") external_ue_create_form = sco_ue_external.external_ue_create_form security.declareProtected(ScoEnsView, "appreciation_add_form") @@ -3282,7 +3288,7 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl self, formsemestre_id, REQUEST ) - security.declareProtected(ScoView, "formsemestre_validation_auto") + security.declareProtected(ScoView, "do_formsemestre_validation_auto") def do_formsemestre_validation_auto(self, formsemestre_id, REQUEST): "Formulaire saisie automatisee des decisions d'un semestre" diff --git a/ZScoUsers.py b/ZScoUsers.py index 3d435335..c62d74f2 100644 --- a/ZScoUsers.py +++ b/ZScoUsers.py @@ -106,11 +106,11 @@ class ZScoUsers( self.title = title # The form used to edit this object - def manage_editZScousers(self, title, RESPONSE=None): - "Changes the instance values" - self.title = title - self._p_changed = 1 - RESPONSE.redirect("manage_editForm") + # def manage_editZScousers(self, title, RESPONSE=None): + # "Changes the instance values" + # self.title = title + # self._p_changed = 1 + # RESPONSE.redirect("manage_editForm") # Ajout (dans l'instance) d'un dtml modifiable par Zope def defaultDocFile(self, id, title, file): @@ -378,7 +378,7 @@ class ZScoUsers( def do_change_password(self, user_name, password): user = self._user_list(args={"user_name": user_name}) - assert len(user) == 1, "database inconsistency: len(r)=%d" % len(r) + assert len(user) == 1, "database inconsistency: len(user)=%d" % len(user) # should not occur, already tested in _can_handle_passwd cnx = self.GetUsersDBConnexion() # en mode autocommit cursor = cnx.cursor(cursor_factory=ScoDocCursor) @@ -408,7 +408,7 @@ class ZScoUsers( # access denied log( "change_password: access denied (authuser=%s, user_name=%s, ip=%s)" - % (authuser, user_name, REQUEST.REMOTE_ADDR) + % (REQUEST.AUTHENTICATED_USER, user_name, REQUEST.REMOTE_ADDR) ) raise AccessDenied( "vous n'avez pas la permission de changer ce mot de passe" @@ -1089,6 +1089,8 @@ class ZScoUsers( self._user_delete(user_name) REQUEST.RESPONSE.redirect(REQUEST.URL1) + security.declareProtected(ScoView, "list_users") + def list_users( self, dept, diff --git a/ZScolar.py b/ZScolar.py index d09e2ac5..e42397c8 100644 --- a/ZScolar.py +++ b/ZScolar.py @@ -184,6 +184,8 @@ class ZScolar(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp self.manage_addProperty("roles_initialized", "0", "string") # The for used to edit this object + security.declareProtected(ScoView, "manage_editZScolar") + def manage_editZScolar(self, title, RESPONSE=None): "Changes the instance values" self.title = title @@ -538,6 +540,8 @@ UE11 Découverte métiers (code UCOD46, 16 ECTS, Apo (code UCOD46, 16 ECTS, Apo