diff --git a/ZNotes.py b/ZNotes.py index ae180b3e42..b24f6e95da 100644 --- a/ZNotes.py +++ b/ZNotes.py @@ -217,7 +217,16 @@ class ZNotes(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Impl def gloups(self, REQUEST): "essai gloups" - return "" + H = [ + "
REQUEST.URL =%s
" % REQUEST.URL, + "REQUEST.URL0=%s
" % REQUEST.URL0, + "REQUEST.URL1=%s
" % REQUEST.URL1, + "REQUEST.BASE0=%s
" % REQUEST.BASE0, + "REQUEST.QUERY_STRING=%s
" % REQUEST.QUERY_STRING, + "REQUEST.REQUEST_METHOD=%s (%s)
" + % (REQUEST.REQUEST_METHOD, type(REQUEST.REQUEST_METHOD)), + ] + return "\n".join(H) # return pdfbulletins.essaipdf(REQUEST) # return sendPDFFile(REQUEST, pdfbulletins.pdftrombino(0,0), 'toto.pdf' ) diff --git a/misc/extract_code_strings.py b/misc/extract_code_strings.py new file mode 100755 index 0000000000..4812756dc8 --- /dev/null +++ b/misc/extract_code_strings.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +"""Extract all string litterals from our code base. + +Useful to check if an API function is used in a generated web page ! + +Usage: + extract_code_strings.py source.py ... + +(replace RT by an existing departement id) + +E. Viennet 2021-01-09 +""" +from __future__ import print_function + +import sys +import ast + +L = [] +for srcfilename in sys.argv[1:]: + print("processing %s" % srcfilename, file=sys.stderr) + with open(srcfilename) as f: + p = ast.parse(f.read()) + L.extend(x.s.strip() for x in ast.walk(p) if x.__class__ == ast.Str) + +L = sorted(set(L)) # uniq | sort +print("\n".join(L)) diff --git a/misc/zopelistmethods.py b/misc/zopelistmethods.py index 0e1c1e9ab8..565a7f5648 100644 --- a/misc/zopelistmethods.py +++ b/misc/zopelistmethods.py @@ -3,11 +3,10 @@ """List Zope published methods (helps redesign ScoDoc's API). -Launch ScoDoc as follows: (as root) +Usage: + scotests/scointeractive.sh RT misc/zopelistmethods.py - /opt/scodoc/bin/zopectl debug - -Then run this file +(replace RT by an existing departement id) E. Viennet 2020-01-26 """ @@ -23,6 +22,8 @@ from ZAbsences import ZAbsences from ZScoUsers import ZScoUsers from ZEntreprises import ZEntreprises +RESFILENAME = "publishedmethods.csv" + def get_methods_description(klass): D = klass.__dict__ @@ -63,4 +64,6 @@ for module_name in published_by_module: print("Total: \t ", N) -open("publishedmethods.csv", "w").write("\n".join(["\t".join(l) for l in lines])) +print("Writing %s" % RESFILENAME) +with open(RESFILENAME, "w") as f: + f.write("\n".join(["\t".join(l) for l in lines])) diff --git a/sco_zope.py b/sco_zope.py index b53a137434..a7bac89320 100644 --- a/sco_zope.py +++ b/sco_zope.py @@ -38,7 +38,7 @@ from OFS.ObjectManager import ObjectManager from AccessControl.Role import RoleManager # provide the 'Ownership' tab with # the 'manage_owner' method -from AccessControl import ClassSecurityInfo +from AccessControl import ClassSecurityInfo as ZopeClassSecurityInfo import Globals from Globals import DTMLFile # can use DTML files from Globals import Persistent @@ -47,3 +47,20 @@ from Acquisition import Implicit # where we exist on the file system file_path = Globals.package_home(globals()) + +# Collect all security declarations (Zope2Flask) + +import inspect + +LOG_SECURITY=False # use for dev + +class ClassSecurityInfo(ZopeClassSecurityInfo): + def declareProtected(self, perm, funcname): + if LOG_SECURITY: + frame = inspect.currentframe() + module = frame.f_back.f_locals["__module__"] + if str(module).strip() == "ZAbsences": + raise Exception() + with open("/tmp/protected_methods.txt", "a") as f: + f.write("%s\t%s\n" % (module, funcname)) + super(ClassSecurityInfo, self).declareProtected(perm, funcname)