Fix: declareProtected

This commit is contained in:
Emmanuel Viennet 2021-01-10 22:31:00 +01:00
parent 0dcb117df0
commit acdda802ab
5 changed files with 39 additions and 20 deletions

View File

@ -117,11 +117,11 @@ class ZAbsences(
self.title = title self.title = title
# The form used to edit this object # The form used to edit this object
def manage_editZAbsences(self, title, RESPONSE=None): # def manage_editZAbsences(self, title, RESPONSE=None):
"Changes the instance values" # "Changes the instance values"
self.title = title # self.title = title
self._p_changed = 1 # self._p_changed = 1
RESPONSE.redirect("manage_editForm") # RESPONSE.redirect("manage_editForm")
# -------------------------------------------------------------------- # --------------------------------------------------------------------
# #
@ -495,7 +495,7 @@ class ZAbsences(
a["description"] = self._GetAbsDescription(a, cursor=cursor) a["description"] = self._GetAbsDescription(a, cursor=cursor)
return A return A
security.declareProtected(ScoView, "ListeAbsJust") security.declareProtected(ScoView, "ListeJustifs")
def ListeJustifs(self, etudid, datedebut, datefin=None, only_no_abs=False): def ListeJustifs(self, etudid, datedebut, datefin=None, only_no_abs=False):
"""Liste des justificatifs (sans absence relevée) à partir d'une date, """Liste des justificatifs (sans absence relevée) à partir d'une date,
@ -696,6 +696,7 @@ class ZAbsences(
"Vrai si le samedi est travaillé" "Vrai si le samedi est travaillé"
return int(self.get_preference("work_saturday")) return int(self.get_preference("work_saturday"))
security.declareProtected(ScoView, "day_names")
def day_names(self): def day_names(self):
"""Returns week day names. """Returns week day names.
If work_saturday property is set, include saturday If work_saturday property is set, include saturday

View File

@ -233,11 +233,11 @@ class ZEntreprises(
self.title = title self.title = title
# The form used to edit this object # The form used to edit this object
def manage_editZEntreprises(self, title, RESPONSE=None): # def manage_editZEntreprises(self, title, RESPONSE=None):
"Changes the instance values" # "Changes the instance values"
self.title = title # self.title = title
self._p_changed = 1 # self._p_changed = 1
RESPONSE.redirect("manage_editForm") # RESPONSE.redirect("manage_editForm")
# Ajout (dans l'instance) d'un dtml modifiable par Zope # Ajout (dans l'instance) d'un dtml modifiable par Zope
def defaultDocFile(self, id, title, file): def defaultDocFile(self, id, title, file):
@ -448,6 +448,10 @@ class ZEntreprises(
cnx = self.GetDBConnexion() cnx = self.GetDBConnexion()
_entreprise_correspEditor.edit(cnx, *args, **kw) _entreprise_correspEditor.edit(cnx, *args, **kw)
security.declareProtected(
ScoEntrepriseView, "do_entreprise_correspondant_listnames"
)
def do_entreprise_correspondant_listnames(self, args={}): def do_entreprise_correspondant_listnames(self, args={}):
"-> liste des noms des correspondants (pour affichage menu)" "-> liste des noms des correspondants (pour affichage menu)"
C = self.do_entreprise_correspondant_list(args=args) C = self.do_entreprise_correspondant_list(args=args)

View File

@ -138,6 +138,8 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl
self.title = title self.title = title
# The form used to edit this object # The form used to edit this object
security.declareProtected(ScoView, "manage_editZNotes")
def manage_editZNotes(self, title, RESPONSE=None): def manage_editZNotes(self, title, RESPONSE=None):
"Changes the instance values" "Changes the instance values"
self.title = title self.title = title
@ -992,6 +994,8 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl
if redirect: if redirect:
return REQUEST.RESPONSE.redirect("ue_list?formation_id=" + formation_id) return REQUEST.RESPONSE.redirect("ue_list?formation_id=" + formation_id)
security.declareProtected(ScoChangeFormation, "ue_move")
def ue_move(self, ue_id, after=0, REQUEST=None, redirect=1): def ue_move(self, ue_id, after=0, REQUEST=None, redirect=1):
"""Move UE before/after previous one (decrement/increment numero)""" """Move UE before/after previous one (decrement/increment numero)"""
o = self.do_ue_list({"ue_id": ue_id})[0] o = self.do_ue_list({"ue_id": ue_id})[0]
@ -2083,6 +2087,8 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl
+ self.sco_footer(REQUEST) + self.sco_footer(REQUEST)
) )
security.declareProtected(ScoImplement, "do_formsemestre_desinscription")
def do_formsemestre_desinscription(self, etudid, formsemestre_id, REQUEST=None): def do_formsemestre_desinscription(self, etudid, formsemestre_id, REQUEST=None):
"""Désinscription d'un étudiant. """Désinscription d'un étudiant.
Si semestre extérieur et dernier inscrit, suppression de ce semestre. Si semestre extérieur et dernier inscrit, suppression de ce semestre.
@ -2960,7 +2966,7 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl
+ self.sco_footer(REQUEST) + self.sco_footer(REQUEST)
) )
security.declareProtected(ScoView, "formsemestre_bulletins_mailetuds") security.declareProtected(ScoView, "external_ue_create_form")
external_ue_create_form = sco_ue_external.external_ue_create_form external_ue_create_form = sco_ue_external.external_ue_create_form
security.declareProtected(ScoEnsView, "appreciation_add_form") security.declareProtected(ScoEnsView, "appreciation_add_form")
@ -3282,7 +3288,7 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl
self, formsemestre_id, REQUEST self, formsemestre_id, REQUEST
) )
security.declareProtected(ScoView, "formsemestre_validation_auto") security.declareProtected(ScoView, "do_formsemestre_validation_auto")
def do_formsemestre_validation_auto(self, formsemestre_id, REQUEST): def do_formsemestre_validation_auto(self, formsemestre_id, REQUEST):
"Formulaire saisie automatisee des decisions d'un semestre" "Formulaire saisie automatisee des decisions d'un semestre"

View File

@ -106,11 +106,11 @@ class ZScoUsers(
self.title = title self.title = title
# The form used to edit this object # The form used to edit this object
def manage_editZScousers(self, title, RESPONSE=None): # def manage_editZScousers(self, title, RESPONSE=None):
"Changes the instance values" # "Changes the instance values"
self.title = title # self.title = title
self._p_changed = 1 # self._p_changed = 1
RESPONSE.redirect("manage_editForm") # RESPONSE.redirect("manage_editForm")
# Ajout (dans l'instance) d'un dtml modifiable par Zope # Ajout (dans l'instance) d'un dtml modifiable par Zope
def defaultDocFile(self, id, title, file): def defaultDocFile(self, id, title, file):
@ -378,7 +378,7 @@ class ZScoUsers(
def do_change_password(self, user_name, password): def do_change_password(self, user_name, password):
user = self._user_list(args={"user_name": user_name}) user = self._user_list(args={"user_name": user_name})
assert len(user) == 1, "database inconsistency: len(r)=%d" % len(r) assert len(user) == 1, "database inconsistency: len(user)=%d" % len(user)
# should not occur, already tested in _can_handle_passwd # should not occur, already tested in _can_handle_passwd
cnx = self.GetUsersDBConnexion() # en mode autocommit cnx = self.GetUsersDBConnexion() # en mode autocommit
cursor = cnx.cursor(cursor_factory=ScoDocCursor) cursor = cnx.cursor(cursor_factory=ScoDocCursor)
@ -408,7 +408,7 @@ class ZScoUsers(
# access denied # access denied
log( log(
"change_password: access denied (authuser=%s, user_name=%s, ip=%s)" "change_password: access denied (authuser=%s, user_name=%s, ip=%s)"
% (authuser, user_name, REQUEST.REMOTE_ADDR) % (REQUEST.AUTHENTICATED_USER, user_name, REQUEST.REMOTE_ADDR)
) )
raise AccessDenied( raise AccessDenied(
"vous n'avez pas la permission de changer ce mot de passe" "vous n'avez pas la permission de changer ce mot de passe"
@ -1089,6 +1089,8 @@ class ZScoUsers(
self._user_delete(user_name) self._user_delete(user_name)
REQUEST.RESPONSE.redirect(REQUEST.URL1) REQUEST.RESPONSE.redirect(REQUEST.URL1)
security.declareProtected(ScoView, "list_users")
def list_users( def list_users(
self, self,
dept, dept,

View File

@ -184,6 +184,8 @@ class ZScolar(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
self.manage_addProperty("roles_initialized", "0", "string") self.manage_addProperty("roles_initialized", "0", "string")
# The for used to edit this object # The for used to edit this object
security.declareProtected(ScoView, "manage_editZScolar")
def manage_editZScolar(self, title, RESPONSE=None): def manage_editZScolar(self, title, RESPONSE=None):
"Changes the instance values" "Changes the instance values"
self.title = title self.title = title
@ -538,6 +540,8 @@ UE11 Découverte métiers <span class="ue_code">(code UCOD46, 16 ECTS, Apo <span
return tab.make_page(self, format=format, REQUEST=REQUEST) return tab.make_page(self, format=format, REQUEST=REQUEST)
security.declareProtected(ScoView, "listScoLog")
def listScoLog(self, etudid): def listScoLog(self, etudid):
"liste des operations effectuees sur cet etudiant" "liste des operations effectuees sur cet etudiant"
cnx = self.GetDBConnexion() cnx = self.GetDBConnexion()
@ -935,6 +939,8 @@ UE11 Découverte métiers <span class="ue_code">(code UCOD46, 16 ECTS, Apo <span
security.declareProtected(ScoView, "XMLgetEtudInfos") security.declareProtected(ScoView, "XMLgetEtudInfos")
XMLgetEtudInfos = etud_info # old name, deprecated XMLgetEtudInfos = etud_info # old name, deprecated
security.declareProtected(ScoView, "isPrimoEtud")
def isPrimoEtud(self, etud, sem): def isPrimoEtud(self, etud, sem):
"""Determine si un (filled) etud a ete inscrit avant ce semestre. """Determine si un (filled) etud a ete inscrit avant ce semestre.
Regarde la liste des semestres dans lesquels l'étudiant est inscrit Regarde la liste des semestres dans lesquels l'étudiant est inscrit