From f029963c35a03088b8725793afbc87bff599fe72 Mon Sep 17 00:00:00 2001 From: Radoslaw Stachowiak Date: Mon, 17 Apr 2006 13:17:37 +0000 Subject: Corrected plone-2.0.5-r2 patch Package-Manager: portage-2.1_pre7-r5 --- net-zope/plone/ChangeLog | 6 +- net-zope/plone/Manifest | 12 +- .../files/plone-2.0.5-portrait_security.patch | 230 ++++++++++++--------- 3 files changed, 138 insertions(+), 110 deletions(-) (limited to 'net-zope/plone') diff --git a/net-zope/plone/ChangeLog b/net-zope/plone/ChangeLog index 46ca4134aa9d..55195173d136 100644 --- a/net-zope/plone/ChangeLog +++ b/net-zope/plone/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for net-zope/plone # Copyright 2003-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-zope/plone/ChangeLog,v 1.28 2006/04/16 11:31:08 radek Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-zope/plone/ChangeLog,v 1.29 2006/04/17 13:17:33 radek Exp $ + + 17 Apr 2006; Radoslaw Stachowiak + files/plone-2.0.5-portrait_security.patch: + Corrected plone-2.0.5-r2 patch *plone-2.0.5-r2 (16 Apr 2006) diff --git a/net-zope/plone/Manifest b/net-zope/plone/Manifest index 7647dad7989b..421a35db24f2 100644 --- a/net-zope/plone/Manifest +++ b/net-zope/plone/Manifest @@ -1,6 +1,6 @@ -MD5 24a3d07f7596343c27ed3484415389af ChangeLog 4592 -RMD160 2ce7e9d7d789976156bfff3042ce4029d45ea2a3 ChangeLog 4592 -SHA256 966b8f312d8af040671c2eb1e2a9219657fd0cb342ca7222cc945644429ff941 ChangeLog 4592 +MD5 e52a2b47d13776a8acde09f8e748053c ChangeLog 4725 +RMD160 ded299a4c998c78608d5531ca9a30c9c112973d7 ChangeLog 4725 +SHA256 b16490d72d5a2189379ba89912d6c52b1b666343fbcfdcc2aa9c4f32dbf535f8 ChangeLog 4725 MD5 9e35feee29aeb8a7ecb18106d3378df0 files/digest-plone-1.0.5 66 RMD160 54a7107a285fc9874ea5fda8d554b950cd1fcc79 files/digest-plone-1.0.5 66 SHA256 844b89eeea0b4ab6237b4eb63d46bb4089027e61a80379161c62c6552901f0da files/digest-plone-1.0.5 66 @@ -22,9 +22,9 @@ SHA256 763fbf741f0f75f24665e85b8aaae6854a56f01481fa55ee82b17f38c08de188 files/di MD5 e770cd92cfa7bee094443e872e5bc122 files/digest-plone-2.0.5-r2 247 RMD160 c886666d980890b47ab22430c208b3a3a3753108 files/digest-plone-2.0.5-r2 247 SHA256 ef74e3604c33228f2e14f6fb2dd1ec63b3bbb5897084c1c1fbd6170eeec19f8f files/digest-plone-2.0.5-r2 247 -MD5 49c12978ecb07eb8a9c1241249bf90c6 files/plone-2.0.5-portrait_security.patch 4081 -RMD160 b5275fc71cbe60ab7ea4aefac099a43e2f55c0c3 files/plone-2.0.5-portrait_security.patch 4081 -SHA256 28b558d460d4565ee1585770fc787fcc14d47605bff8d09b34daa958dd1f5cf0 files/plone-2.0.5-portrait_security.patch 4081 +MD5 b631c65ab52eb0649c34cc571758e595 files/plone-2.0.5-portrait_security.patch 5051 +RMD160 a3697cb8a9d806b13292388bac725f2688bc0adb files/plone-2.0.5-portrait_security.patch 5051 +SHA256 1165daf26d52650ccaee61a2bf486b903778b8bf57b6eab7f90cb9883e417a28 files/plone-2.0.5-portrait_security.patch 5051 MD5 7890d88c5c6d189fbe6b187a3ebb6532 metadata.xml 161 RMD160 5e136d45f811478292bd2ee1798a9b0229ffe468 metadata.xml 161 SHA256 e69ac7205cbc2e42a297e20d8f08922003390a345bbf50ccf00d1158a1c97cc5 metadata.xml 161 diff --git a/net-zope/plone/files/plone-2.0.5-portrait_security.patch b/net-zope/plone/files/plone-2.0.5-portrait_security.patch index e3e0d62614b5..83efe6cb6c68 100644 --- a/net-zope/plone/files/plone-2.0.5-portrait_security.patch +++ b/net-zope/plone/files/plone-2.0.5-portrait_security.patch @@ -1,103 +1,127 @@ ---- CMFPlone/MembershipTool.py (revision 5844) -+++ CMFPlone/MembershipTool.py (revision 9512) -@@ -1,4 +1,4 @@ --from Products.CMFCore.CMFCorePermissions import SetOwnPassword - from Products.CMFCore.utils import getToolByName -+from Products.CMFCore.utils import _checkPermission - from Products.CMFDefault.MembershipTool import MembershipTool as BaseTool - from Products.CMFPlone import ToolNames -@@ -9,4 +9,7 @@ - from Globals import InitializeClass - from Acquisition import aq_base, aq_parent, aq_inner -+from Products.CMFCore.CMFCorePermissions import ManagePortal -+from Products.CMFCore.CMFCorePermissions import SetOwnProperties -+from Products.CMFCore.CMFCorePermissions import SetOwnPassword - from Products.CMFCore.CMFCorePermissions import View - from Products.CMFPlone.PloneBaseTool import PloneBaseTool -@@ -40,4 +43,5 @@ - security.declareProtected(View, 'getPortalRoles') - -+ security.declarePublic('getAuthenticatedMember') - def getAuthenticatedMember(self): - """ """ -@@ -52,4 +56,5 @@ - return _user - -+ security.declarePublic('getPersonalPortrait') - def getPersonalPortrait(self, member_id = None, verifyPermission=0): - """ -@@ -58,7 +63,4 @@ - membertool = getToolByName(self, 'portal_memberdata') - -- # what are we doing with that -- #if verifyPermission and not _checkPermission('View', portrait): -- # return None - if not member_id: - member_id = self.getAuthenticatedMember().getUserName() -@@ -67,5 +69,8 @@ - if type(portrait) == type(''): - portrait = None -- #portrait = None -+ if portrait is not None: -+ if verifyPermission and not _checkPermission(View, portrait): -+ # Don't return the portrait if the user can't get to it -+ portrait = None - if portrait is None: - portal = getToolByName(self, 'portal_url').getPortalObject() -@@ -74,4 +79,5 @@ - return portrait - -+ security.declareProtected(SetOwnProperties, 'deletePersonalPortrait') - def deletePersonalPortrait(self, member_id = None): - """ -@@ -85,4 +91,5 @@ - membertool._deletePortrait(member_id) - -+ security.declarePublic('getPersonalFolder') - def getPersonalFolder(self, member_id=None): - """ -@@ -98,4 +105,5 @@ - return personal - -+ security.declareProtected(SetOwnProperties, 'changeMemberPortrait') - def changeMemberPortrait(self, portrait, member_id=None): - """ -@@ -112,4 +120,5 @@ - membertool._setPortrait(portrait, member_id) - -+ security.declarePublic('createMemberarea') - def createMemberarea(self, member_id=None, minimal=0): - """ -@@ -242,4 +251,5 @@ - createMemberArea = createMemberarea - -+ security.declareProtected(ManagePortal, 'listMembers') - def listMembers(self): - '''Gets the list of all members. -@@ -251,4 +261,5 @@ - return BaseTool.listMembers(self) - -+ security.declareProtected(ManagePortal, 'listMemberIds') - def listMemberIds(self): - '''Lists the ids of all members. This may eventually be -@@ -263,5 +274,5 @@ - - # this should probably be in MemberDataTool.py -- #security.declarePublic( 'searchForMembers' ) -+ security.declarePublic('searchForMembers') - def searchForMembers( self, REQUEST=None, **kw ): - """ """ -@@ -319,10 +330,10 @@ - return res - -- def testCurrentPassword(self, password, username=None): -+ security.declareProtected(SetOwnPassword, 'testCurrentPassword') -+ def testCurrentPassword(self, password): - """ test to see if password is current """ - portal=getToolByName(self, 'portal_url').getPortalObject() - REQUEST=getattr(self, 'REQUEST', {}) -- if username is None: -- username=self.getAuthenticatedMember().getUserName() -+ username=self.getAuthenticatedMember().getUserName() - acl_users = self._findUsersAclHome(username) - if not acl_users: +--- CMFPlone/MembershipTool.py 2004-12-01 15:54:09.000000000 +0100 ++++ CMFPlone/MembershipTool.py 2006-04-17 15:11:56.000000000 +0200 +@@ -1,5 +1,5 @@ +-from Products.CMFCore.CMFCorePermissions import SetOwnPassword + from Products.CMFCore.utils import getToolByName ++from Products.CMFCore.utils import _checkPermission + from Products.CMFDefault.MembershipTool import MembershipTool as BaseTool + from Products.CMFPlone import ToolNames + from Products.CMFPlone.PloneUtilities import translate +@@ -8,6 +8,9 @@ + from AccessControl import ClassSecurityInfo, getSecurityManager + from Globals import InitializeClass + from Acquisition import aq_base, aq_parent, aq_inner ++from Products.CMFCore.CMFCorePermissions import ManagePortal ++from Products.CMFCore.CMFCorePermissions import SetOwnProperties ++from Products.CMFCore.CMFCorePermissions import SetOwnPassword + from Products.CMFCore.CMFCorePermissions import View + from Products.CMFPlone.PloneBaseTool import PloneBaseTool + +@@ -39,6 +42,7 @@ + # in CMFCore.MembershipTool - but in Plone we are not so anal ;-) + security.declareProtected(View, 'getPortalRoles') + ++ security.declarePublic('getAuthenticatedMember') + def getAuthenticatedMember(self): + """ """ + _user=self.REQUEST.get('_portaluser', None) +@@ -51,28 +55,30 @@ + self.REQUEST.set('_portaluser', _user) + return _user + ++ security.declarePublic('getPersonalPortrait') + def getPersonalPortrait(self, member_id = None, verifyPermission=0): + """ + returns the Portait for a member_id + """ + membertool = getToolByName(self, 'portal_memberdata') + +- # what are we doing with that +- #if verifyPermission and not _checkPermission('View', portrait): +- # return None + if not member_id: + member_id = self.getAuthenticatedMember().getUserName() + + portrait = membertool._getPortrait(member_id) + if type(portrait) == type(''): + portrait = None +- #portrait = None ++ if portrait is not None: ++ if verifyPermission and not _checkPermission(View, portrait): ++ # Don't return the portrait if the user can't get to it ++ portrait = None + if portrait is None: + portal = getToolByName(self, 'portal_url').getPortalObject() + portrait = getattr(portal, default_portrait) + + return portrait + ++ security.declareProtected(SetOwnProperties, 'deletePersonalPortrait') + def deletePersonalPortrait(self, member_id = None): + """ + deletes the Portait of member_id +@@ -84,6 +90,7 @@ + + membertool._deletePortrait(member_id) + ++ security.declarePublic('getPersonalFolder') + def getPersonalFolder(self, member_id=None): + """ + returns the Personal Item folder for a member +@@ -97,6 +104,7 @@ + , None ) + return personal + ++ security.declareProtected(SetOwnProperties, 'changeMemberPortrait') + def changeMemberPortrait(self, portrait, member_id=None): + """ + given a portrait we will modify the users portrait +@@ -111,6 +119,7 @@ + membertool = getToolByName(self, 'portal_memberdata') + membertool._setPortrait(portrait, member_id) + ++ security.declarePublic('createMemberarea') + def createMemberarea(self, member_id=None, minimal=0): + """ + Create a member area for 'member_id' or the authenticated user. +@@ -241,6 +250,7 @@ + security.declarePublic('createMemberArea') + createMemberArea = createMemberarea + ++ security.declareProtected(ManagePortal, 'listMembers') + def listMembers(self): + '''Gets the list of all members. + ''' +@@ -250,6 +260,7 @@ + else: + return BaseTool.listMembers(self) + ++ security.declareProtected(ManagePortal, 'listMemberIds') + def listMemberIds(self): + '''Lists the ids of all members. This may eventually be + replaced with a set of methods for querying pieces of the +@@ -262,7 +273,7 @@ + return self.__getPUS().getUserNames() + + # this should probably be in MemberDataTool.py +- #security.declarePublic( 'searchForMembers' ) ++ security.declarePublic('searchForMembers') + def searchForMembers( self, REQUEST=None, **kw ): + """ """ + if REQUEST: +@@ -318,12 +329,12 @@ + res.append(member) + return res + +- def testCurrentPassword(self, password, username=None): ++ security.declareProtected(SetOwnPassword, 'testCurrentPassword') ++ def testCurrentPassword(self, password): + """ test to see if password is current """ + portal=getToolByName(self, 'portal_url').getPortalObject() + REQUEST=getattr(self, 'REQUEST', {}) +- if username is None: +- username=self.getAuthenticatedMember().getUserName() ++ username=self.getAuthenticatedMember().getUserName() + acl_users = self._findUsersAclHome(username) + if not acl_users: + return 0 -- cgit v1.2.3-65-gdbad