diff options
author | Radoslaw Stachowiak <radek@gentoo.org> | 2006-04-17 13:17:37 +0000 |
---|---|---|
committer | Radoslaw Stachowiak <radek@gentoo.org> | 2006-04-17 13:17:37 +0000 |
commit | d8dd321f203dc7b099e12f6c3a66685e5184f286 (patch) | |
tree | cff87bab6117cf97788ae359b83871b81b4bb652 /net-zope/plone | |
parent | Moved games_pkg_setup to beginning of pkg_setup. (diff) | |
download | gentoo-2-d8dd321f203dc7b099e12f6c3a66685e5184f286.tar.gz gentoo-2-d8dd321f203dc7b099e12f6c3a66685e5184f286.tar.bz2 gentoo-2-d8dd321f203dc7b099e12f6c3a66685e5184f286.zip |
Corrected plone-2.0.5-r2 patch
(Portage version: 2.1_pre7-r5)
Diffstat (limited to 'net-zope/plone')
-rw-r--r-- | net-zope/plone/ChangeLog | 6 | ||||
-rw-r--r-- | net-zope/plone/files/plone-2.0.5-portrait_security.patch | 230 |
2 files changed, 132 insertions, 104 deletions
diff --git a/net-zope/plone/ChangeLog b/net-zope/plone/ChangeLog index 46ca4134aa9d..55195173d136 100644 --- a/net-zope/plone/ChangeLog +++ b/net-zope/plone/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for net-zope/plone # Copyright 2003-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-zope/plone/ChangeLog,v 1.28 2006/04/16 11:31:08 radek Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-zope/plone/ChangeLog,v 1.29 2006/04/17 13:17:33 radek Exp $ + + 17 Apr 2006; Radoslaw Stachowiak <radek@gentoo.org> + files/plone-2.0.5-portrait_security.patch: + Corrected plone-2.0.5-r2 patch *plone-2.0.5-r2 (16 Apr 2006) diff --git a/net-zope/plone/files/plone-2.0.5-portrait_security.patch b/net-zope/plone/files/plone-2.0.5-portrait_security.patch index e3e0d62614b5..83efe6cb6c68 100644 --- a/net-zope/plone/files/plone-2.0.5-portrait_security.patch +++ b/net-zope/plone/files/plone-2.0.5-portrait_security.patch @@ -1,103 +1,127 @@ ---- CMFPlone/MembershipTool.py (revision 5844)
-+++ CMFPlone/MembershipTool.py (revision 9512)
-@@ -1,4 +1,4 @@
--from Products.CMFCore.CMFCorePermissions import SetOwnPassword
- from Products.CMFCore.utils import getToolByName
-+from Products.CMFCore.utils import _checkPermission
- from Products.CMFDefault.MembershipTool import MembershipTool as BaseTool
- from Products.CMFPlone import ToolNames
-@@ -9,4 +9,7 @@
- from Globals import InitializeClass
- from Acquisition import aq_base, aq_parent, aq_inner
-+from Products.CMFCore.CMFCorePermissions import ManagePortal
-+from Products.CMFCore.CMFCorePermissions import SetOwnProperties
-+from Products.CMFCore.CMFCorePermissions import SetOwnPassword
- from Products.CMFCore.CMFCorePermissions import View
- from Products.CMFPlone.PloneBaseTool import PloneBaseTool
-@@ -40,4 +43,5 @@
- security.declareProtected(View, 'getPortalRoles')
-
-+ security.declarePublic('getAuthenticatedMember')
- def getAuthenticatedMember(self):
- """ """
-@@ -52,4 +56,5 @@
- return _user
-
-+ security.declarePublic('getPersonalPortrait')
- def getPersonalPortrait(self, member_id = None, verifyPermission=0):
- """
-@@ -58,7 +63,4 @@
- membertool = getToolByName(self, 'portal_memberdata')
-
-- # what are we doing with that
-- #if verifyPermission and not _checkPermission('View', portrait):
-- # return None
- if not member_id:
- member_id = self.getAuthenticatedMember().getUserName()
-@@ -67,5 +69,8 @@
- if type(portrait) == type(''):
- portrait = None
-- #portrait = None
-+ if portrait is not None:
-+ if verifyPermission and not _checkPermission(View, portrait):
-+ # Don't return the portrait if the user can't get to it
-+ portrait = None
- if portrait is None:
- portal = getToolByName(self, 'portal_url').getPortalObject()
-@@ -74,4 +79,5 @@
- return portrait
-
-+ security.declareProtected(SetOwnProperties, 'deletePersonalPortrait')
- def deletePersonalPortrait(self, member_id = None):
- """
-@@ -85,4 +91,5 @@
- membertool._deletePortrait(member_id)
-
-+ security.declarePublic('getPersonalFolder')
- def getPersonalFolder(self, member_id=None):
- """
-@@ -98,4 +105,5 @@
- return personal
-
-+ security.declareProtected(SetOwnProperties, 'changeMemberPortrait')
- def changeMemberPortrait(self, portrait, member_id=None):
- """
-@@ -112,4 +120,5 @@
- membertool._setPortrait(portrait, member_id)
-
-+ security.declarePublic('createMemberarea')
- def createMemberarea(self, member_id=None, minimal=0):
- """
-@@ -242,4 +251,5 @@
- createMemberArea = createMemberarea
-
-+ security.declareProtected(ManagePortal, 'listMembers')
- def listMembers(self):
- '''Gets the list of all members.
-@@ -251,4 +261,5 @@
- return BaseTool.listMembers(self)
-
-+ security.declareProtected(ManagePortal, 'listMemberIds')
- def listMemberIds(self):
- '''Lists the ids of all members. This may eventually be
-@@ -263,5 +274,5 @@
-
- # this should probably be in MemberDataTool.py
-- #security.declarePublic( 'searchForMembers' )
-+ security.declarePublic('searchForMembers')
- def searchForMembers( self, REQUEST=None, **kw ):
- """ """
-@@ -319,10 +330,10 @@
- return res
-
-- def testCurrentPassword(self, password, username=None):
-+ security.declareProtected(SetOwnPassword, 'testCurrentPassword')
-+ def testCurrentPassword(self, password):
- """ test to see if password is current """
- portal=getToolByName(self, 'portal_url').getPortalObject()
- REQUEST=getattr(self, 'REQUEST', {})
-- if username is None:
-- username=self.getAuthenticatedMember().getUserName()
-+ username=self.getAuthenticatedMember().getUserName()
- acl_users = self._findUsersAclHome(username)
- if not acl_users:
+--- CMFPlone/MembershipTool.py 2004-12-01 15:54:09.000000000 +0100 ++++ CMFPlone/MembershipTool.py 2006-04-17 15:11:56.000000000 +0200 +@@ -1,5 +1,5 @@ +-from Products.CMFCore.CMFCorePermissions import SetOwnPassword + from Products.CMFCore.utils import getToolByName ++from Products.CMFCore.utils import _checkPermission + from Products.CMFDefault.MembershipTool import MembershipTool as BaseTool + from Products.CMFPlone import ToolNames + from Products.CMFPlone.PloneUtilities import translate +@@ -8,6 +8,9 @@ + from AccessControl import ClassSecurityInfo, getSecurityManager + from Globals import InitializeClass + from Acquisition import aq_base, aq_parent, aq_inner ++from Products.CMFCore.CMFCorePermissions import ManagePortal ++from Products.CMFCore.CMFCorePermissions import SetOwnProperties ++from Products.CMFCore.CMFCorePermissions import SetOwnPassword + from Products.CMFCore.CMFCorePermissions import View + from Products.CMFPlone.PloneBaseTool import PloneBaseTool + +@@ -39,6 +42,7 @@ + # in CMFCore.MembershipTool - but in Plone we are not so anal ;-) + security.declareProtected(View, 'getPortalRoles') + ++ security.declarePublic('getAuthenticatedMember') + def getAuthenticatedMember(self): + """ """ + _user=self.REQUEST.get('_portaluser', None) +@@ -51,28 +55,30 @@ + self.REQUEST.set('_portaluser', _user) + return _user + ++ security.declarePublic('getPersonalPortrait') + def getPersonalPortrait(self, member_id = None, verifyPermission=0): + """ + returns the Portait for a member_id + """ + membertool = getToolByName(self, 'portal_memberdata') + +- # what are we doing with that +- #if verifyPermission and not _checkPermission('View', portrait): +- # return None + if not member_id: + member_id = self.getAuthenticatedMember().getUserName() + + portrait = membertool._getPortrait(member_id) + if type(portrait) == type(''): + portrait = None +- #portrait = None ++ if portrait is not None: ++ if verifyPermission and not _checkPermission(View, portrait): ++ # Don't return the portrait if the user can't get to it ++ portrait = None + if portrait is None: + portal = getToolByName(self, 'portal_url').getPortalObject() + portrait = getattr(portal, default_portrait) + + return portrait + ++ security.declareProtected(SetOwnProperties, 'deletePersonalPortrait') + def deletePersonalPortrait(self, member_id = None): + """ + deletes the Portait of member_id +@@ -84,6 +90,7 @@ + + membertool._deletePortrait(member_id) + ++ security.declarePublic('getPersonalFolder') + def getPersonalFolder(self, member_id=None): + """ + returns the Personal Item folder for a member +@@ -97,6 +104,7 @@ + , None ) + return personal + ++ security.declareProtected(SetOwnProperties, 'changeMemberPortrait') + def changeMemberPortrait(self, portrait, member_id=None): + """ + given a portrait we will modify the users portrait +@@ -111,6 +119,7 @@ + membertool = getToolByName(self, 'portal_memberdata') + membertool._setPortrait(portrait, member_id) + ++ security.declarePublic('createMemberarea') + def createMemberarea(self, member_id=None, minimal=0): + """ + Create a member area for 'member_id' or the authenticated user. +@@ -241,6 +250,7 @@ + security.declarePublic('createMemberArea') + createMemberArea = createMemberarea + ++ security.declareProtected(ManagePortal, 'listMembers') + def listMembers(self): + '''Gets the list of all members. + ''' +@@ -250,6 +260,7 @@ + else: + return BaseTool.listMembers(self) + ++ security.declareProtected(ManagePortal, 'listMemberIds') + def listMemberIds(self): + '''Lists the ids of all members. This may eventually be + replaced with a set of methods for querying pieces of the +@@ -262,7 +273,7 @@ + return self.__getPUS().getUserNames() + + # this should probably be in MemberDataTool.py +- #security.declarePublic( 'searchForMembers' ) ++ security.declarePublic('searchForMembers') + def searchForMembers( self, REQUEST=None, **kw ): + """ """ + if REQUEST: +@@ -318,12 +329,12 @@ + res.append(member) + return res + +- def testCurrentPassword(self, password, username=None): ++ security.declareProtected(SetOwnPassword, 'testCurrentPassword') ++ def testCurrentPassword(self, password): + """ test to see if password is current """ + portal=getToolByName(self, 'portal_url').getPortalObject() + REQUEST=getattr(self, 'REQUEST', {}) +- if username is None: +- username=self.getAuthenticatedMember().getUserName() ++ username=self.getAuthenticatedMember().getUserName() + acl_users = self._findUsersAclHome(username) + if not acl_users: + return 0 |