Changeset 2431 for WAeUP_SRP


Ignore:
Timestamp:
25 Oct 2007, 13:17:45 (17 years ago)
Author:
Henrik Bettermann
Message:

close security holes

Location:
WAeUP_SRP
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • WAeUP_SRP/base/skins/waeup_statistics/getNewStudentStatistics.py

    r2243 r2431  
    1818logger.info('%s invoked statistics' % context.portal_membership.getAuthenticatedMember())
    1919if not context.isStaff():
    20     return 'Not allowed'
     20    return
    2121
    2222entry_sessions = ('-1','06','6')
    2323
    24 # students with entry_session None (-1) are interprteted as new AND returning students if they are 
     24# students with entry_session None (-1) are interprteted as new AND returning students if they are
    2525# in either of the last three states
    2626
     
    6565    else:
    6666        dict[statepercent] = 0
    67        
     67
    6868    # part_time
    6969    res_pt = context.students_catalog(entry_session = entry_sessions, review_state = state,  mode = part_time)
     
    7474        dict[statepercent] = "%.0f" % round(dict[state_pt]*100.0/dict['total_pt'])
    7575    else:
    76         dict[statepercent] = 0       
    77        
     76        dict[statepercent] = 0
     77
    7878l.append(dict)
    7979
     
    8686    dict['total_ft'] = len(res_ft)
    8787    res_pt = context.students_catalog(entry_session = entry_sessions, faculty = f.getId, mode = part_time)
    88     dict['total_pt'] = len(res_pt)   
     88    dict['total_pt'] = len(res_pt)
    8989    for state in new_states:
    9090        # full_time
     
    9797        else:
    9898            dict[statepercent] = 0
    99            
     99
    100100        # part_time
    101101        res_pt = context.students_catalog(entry_session = entry_sessions, faculty = f.getId, review_state = state, mode = part_time)
     
    106106            dict[statepercent] = "%.0f" % round(dict[state_pt]*100.0/dict['total_pt'])
    107107        else:
    108             dict[statepercent] = 0           
    109            
     108            dict[statepercent] = 0
     109
    110110    l.append(dict)
    111111
  • WAeUP_SRP/base/skins/waeup_statistics/getRetStudentStatistics.py

    r2243 r2431  
    1818logger.info('%s invoked statistics' % context.portal_membership.getAuthenticatedMember())
    1919if not context.isStaff():
    20     return 'Not allowed'
     20    return
    2121
    2222entry_sessions = ('-1','94','95','96','97','98','99','00','01','02','03','04','05','0','1','2','3','4','5')
  • WAeUP_SRP/base/skins/waeup_statistics/getSimpleStudentStatistics.py

    r2243 r2431  
    1818logger.info('%s invoked statistics' % context.portal_membership.getAuthenticatedMember())
    1919if not context.isStaff():
    20     return 'Not allowed'
     20    return
    2121
    2222#entry_sessions = ('-1','94','95','96','97','98','99','00','01','02','03','04','05','0','1','2','3','4','5')
  • WAeUP_SRP/base/skins/waeup_student/search_students.py

    r2280 r2431  
    2929
    3030allowed = True
    31 if is_anon:
     31if is_anon or context.isStudent():
    3232    allowed = False
    3333from Products.AdvancedQuery import Eq, Between, Le,In
  • WAeUP_SRP/uniben/profiles/default/rolemap.xml

    r1512 r2431  
    1010  </roles>
    1111  <permissions>
    12     <permission name="List folder contents" acquire="True">
    13       <role name="SectionManager"/>
    14       <role name="SectionReader"/>
    15       <role name="SectionOfficer"/>
     12    <permission name="Access future portal content"
     13                acquire="True">
     14      <role name="Manager"/>
     15      <role name="Authenticated"/>
    1616    </permission>
    17     <permission name="View" acquire="True">
    18       <role name="SectionManager"/>
    19       <role name="SectionReader"/>
    20       <role name="SectionOfficer"/>
     17    <permission name="Access inactive portal content"
     18                acquire="True">
     19      <role name="Manager"/>
     20      <role name="Authenticated"/>
    2121    </permission>
    2222    <permission name="Add portal content" acquire="True">
     
    2828      <role name="SectionOfficer"/>
    2929    </permission>
     30    <permission name="Add portal member" acquire="True">
     31      <role name="SectionManager"/>
     32      <role name="SectionOfficer"/>
     33    </permission>
     34    <permission name="Change subobjects order"
     35                acquire="True">
     36      <role name="SectionManager"/>
     37      <role name="SectionOfficer"/>
     38    </permission>
    3039    <permission name="Delete objects" acquire="True">
    3140      <role name="SectionManager"/>
    3241      <role name="SectionOfficer"/>
    3342    </permission>
    34     <permission name="Change subobjects order" acquire="True">
     43    <permission name="FTP access" acquire="True">
     44      <role name="Manager"/>
     45    </permission>
     46    <permission name="List folder contents" acquire="True">
    3547      <role name="SectionManager"/>
    3648      <role name="SectionOfficer"/>
    37     </permission>
    38     <permission name="Manage properties" acquire="True">
    39       <role name="SectionManager"/>
    40       <role name="SectionOfficer"/>
     49      <role name="SectionReader"/>
    4150    </permission>
    4251    <permission name="List portal members" acquire="True">
     
    4453      <role name="SectionOfficer"/>
    4554    </permission>
    46     <permission name="Add portal member" acquire="True">
    47       <role name="SectionManager"/>
    48       <role name="SectionOfficer"/>
     55    <permission name="List undoable changes" acquire="False">
     56      <role name="Manager"/>
    4957    </permission>
    50     <permission name="Review portal content" acquire="True">
    51       <role name="Owner"/>
    52       <role name="Reviewer"/>
     58    <permission name="Manage Portlets" acquire="False">
     59      <role name="Manager"/>
     60    </permission>
     61    <permission name="Manage properties" acquire="True">
    5362      <role name="SectionManager"/>
    5463      <role name="SectionOfficer"/>
     
    5867      <role name="SectionOfficer"/>
    5968    </permission>
     69    <permission name="Reply to item" acquire="True">
     70      <role name="Manager"/>
     71      <role name="Member"/>
     72    </permission>
     73    <permission name="Review portal content" acquire="True">
     74      <role name="Reviewer"/>
     75      <role name="SectionManager"/>
     76      <role name="SectionOfficer"/>
     77    </permission>
    6078    <permission name="Set own password" acquire="True">
     79      <role name="Member"/>
     80    </permission>
     81    <permission name="Set own properties" acquire="True">
     82      <role name="Manager"/>
    6183      <role name="Member"/>
    6284    </permission>
     
    6486      <role name="SectionManager"/>
    6587    </permission>
     88    <permission name="Use external editor" acquire="False">
     89      <role name="Manager"/>
     90      <role name="Member"/>
     91    </permission>
    6692    <permission name="Use mailhost services" acquire="True">
     93      <role name="Anonymous"/>
    6794      <role name="Authenticated"/>
    68       <role name="Anonymous"/>
     95    </permission>
     96    <permission name="View" acquire="True">
     97      <role name="SectionManager"/>
     98      <role name="SectionOfficer"/>
     99      <role name="SectionReader"/>
     100    </permission>
     101    <permission name="View management screens"
     102                acquire="True">
     103      <role name="Manager"/>
    69104    </permission>
    70105  </permissions>
Note: See TracChangeset for help on using the changeset viewer.