replace AccessControl.requestmethod by zpublish if possible

`zpublish` mark `manage_` methods

Author: d-maurer

src/App/ApplicationManager.py

@@ -19,7 +19,6 @@
 from urllib import parse
 
 from AccessControl.class_init import InitializeClass
-from AccessControl.requestmethod import requestmethod
 from Acquisition import Implicit
 from App.CacheManager import CacheManager
 from App.config import getConfiguration
@@ -33,6 +32,7 @@
 from OFS.Traversable import Traversable
 from Persistence import Persistent
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from ZPublisher import zpublish
 
 
 class FakeConnection:
@@ -365,7 +365,7 @@ def db_size(self):
             return '%.1fM' % (s / 1048576.0)
         return '%.1fK' % (s / 1024.0)
 
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_minimize(self, value=1, REQUEST=None):
         "Perform a full sweep through the cache"
         # XXX Add a deprecation warning about value?
@@ -376,7 +376,7 @@ def manage_minimize(self, value=1, REQUEST=None):
             url = f'{REQUEST["URL1"]}/manage_main?manage_tabs_message={msg}'
             REQUEST.RESPONSE.redirect(url)
 
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_pack(self, days=0, REQUEST=None):
         """Pack the database"""
         if not isinstance(days, (int, float)):

src/App/DavLockManager.py

@@ -19,6 +19,7 @@
 from App.special_dtml import DTMLFile
 from OFS.Lockable import wl_isLocked
 from OFS.SimpleItem import Item
+from ZPublisher import zpublish
 
 
 class DavLockManager(Item, Implicit):
@@ -73,6 +74,7 @@ def unlockObjects(self, paths=[]):
             ob.wl_clearLocks()
 
     @security.protected(webdav_manage_locks)
+    @zpublish
     def manage_unlockObjects(self, paths=[], REQUEST=None):
         " Management screen action to unlock objects. "
         if paths:

src/App/FactoryDispatcher.py

@@ -161,6 +161,7 @@ def __getattr__(self, name):
     _owner = UnownableOwner
 
     # Provide a replacement for manage_main that does a redirection:
+    @zpublish
     def manage_main(trueself, self, REQUEST, update_menu=0):
         """Implement a contents view by redirecting to the true view
         """

src/App/Undo.py

@@ -23,6 +23,7 @@
 from App.Management import Tabs
 from App.special_dtml import DTMLFile
 from DateTime.DateTime import DateTime
+from ZPublisher import zpublish
 
 
 class UndoSupport(Tabs, Implicit):
@@ -98,6 +99,7 @@ def undoable_transactions(self, first_transaction=None,
         return r
 
     @security.protected(undo_changes)
+    @zpublish
     def manage_undo_transactions(self, transaction_info=(), REQUEST=None):
         """
         """

src/OFS/CopySupport.py

@@ -51,6 +51,7 @@
 from zope.interface import implementer
 from zope.lifecycleevent import ObjectCopiedEvent
 from zope.lifecycleevent import ObjectMovedEvent
+from ZPublisher import zpublish
 
 
 class CopyError(Exception):
@@ -91,6 +92,7 @@ def manage_CopyContainerAllItems(self, REQUEST):
         return [self._getOb(i) for i in REQUEST['ids']]
 
     @security.protected(delete_objects)
+    @zpublish
     def manage_cutObjects(self, ids=None, REQUEST=None):
         """Put a reference to the objects named in ids in the clip board"""
         if ids is None and REQUEST is not None:
@@ -121,6 +123,7 @@ def manage_cutObjects(self, ids=None, REQUEST=None):
         return cp
 
     @security.protected(view_management_screens)
+    @zpublish
     def manage_copyObjects(self, ids=None, REQUEST=None, RESPONSE=None):
         """Put a reference to the objects named in ids in the clip board"""
         if ids is None and REQUEST is not None:
@@ -298,6 +301,7 @@ def _pasteObjects(self, cp, cb_maxsize=0):
         return op, result
 
     @security.protected(view_management_screens)
+    @zpublish
     def manage_pasteObjects(self, cb_copy_data=None, REQUEST=None):
         """Paste previously copied objects into the current object.
 
@@ -334,6 +338,7 @@ def manage_pasteObjects(self, cb_copy_data=None, REQUEST=None):
     manage_renameForm = DTMLFile('dtml/renameForm', globals())
 
     @security.protected(view_management_screens)
+    @zpublish
     def manage_renameObjects(self, ids=[], new_ids=[], REQUEST=None):
         """Rename several sub-objects"""
         if len(ids) != len(new_ids):
@@ -345,6 +350,7 @@ def manage_renameObjects(self, ids=[], new_ids=[], REQUEST=None):
             return self.manage_main(self, REQUEST)
 
     @security.protected(view_management_screens)
+    @zpublish
     def manage_renameObject(self, id, new_id, REQUEST=None):
         """Rename a particular sub-object.
         """
@@ -400,6 +406,7 @@ def manage_renameObject(self, id, new_id, REQUEST=None):
             return self.manage_main(self, REQUEST)
 
     @security.public
+    @zpublish
     def manage_clone(self, ob, id, REQUEST=None):
         """Clone an object, creating a new object with the given id.
         """

src/OFS/DTMLMethod.py

@@ -20,7 +20,6 @@
 from AccessControl.Permissions import change_proxy_roles  # NOQA
 from AccessControl.Permissions import view as View
 from AccessControl.Permissions import view_management_screens
-from AccessControl.requestmethod import requestmethod
 from AccessControl.SecurityInfo import ClassSecurityInfo
 from AccessControl.tainted import TaintedString
 from Acquisition import Implicit
@@ -340,9 +339,8 @@ def _validateProxy(self, roles=None):
             'do not have proxy roles.\n<!--%s, %s-->' % (
                 self.__name__, user, roles))
 
-    @zpublish
+    @zpublish(methods="POST")
     @security.protected(change_proxy_roles)
-    @requestmethod('POST')
     def manage_proxy(self, roles=(), REQUEST=None):
         """Change Proxy Roles"""
         user = getSecurityManager().getUser()

src/OFS/History.py

@@ -94,6 +94,7 @@ def __getitem__(self, key):
 
         return rev.__of__(self.aq_parent)
 
+    @zpublish
     def manage_workspace(self, REQUEST):
         """ We aren't real, so we delegate to that that spawned us! """
         raise Redirect('/%s/manage_change_history_page' % REQUEST['URL2'])

src/OFS/OrderSupport.py

@@ -22,6 +22,7 @@
 from zope.container.contained import notifyContainerModified
 from zope.interface import implementer
 from zope.sequencesort.ssort import sort
+from ZPublisher import zpublish
 
 
 @implementer(IOrderedContainer)
@@ -48,6 +49,7 @@ class OrderSupport:
     )
 
     @security.protected(manage_properties)
+    @zpublish
     def manage_move_objects_up(self, REQUEST, ids=None, delta=1):
         """ Move specified sub-objects up by delta in container.
         """
@@ -67,6 +69,7 @@ def manage_move_objects_up(self, REQUEST, ids=None, delta=1):
         )
 
     @security.protected(manage_properties)
+    @zpublish
     def manage_move_objects_down(self, REQUEST, ids=None, delta=1):
         """ Move specified sub-objects down by delta in container.
         """
@@ -86,6 +89,7 @@ def manage_move_objects_down(self, REQUEST, ids=None, delta=1):
         )
 
     @security.protected(manage_properties)
+    @zpublish
     def manage_move_objects_to_top(self, REQUEST, ids=None):
         """ Move specified sub-objects to top of container.
         """
@@ -102,6 +106,7 @@ def manage_move_objects_to_top(self, REQUEST, ids=None):
                                 manage_tabs_message=message)
 
     @security.protected(manage_properties)
+    @zpublish
     def manage_move_objects_to_bottom(self, REQUEST, ids=None):
         """ Move specified sub-objects to bottom of container.
         """
@@ -118,6 +123,7 @@ def manage_move_objects_to_bottom(self, REQUEST, ids=None):
                                 manage_tabs_message=message)
 
     @security.protected(manage_properties)
+    @zpublish
     def manage_set_default_sorting(self, REQUEST, key, reverse):
         """ Set default sorting key and direction."""
         self.setDefaultSorting(key, reverse)
@@ -237,6 +243,7 @@ def setDefaultSorting(self, key, reverse):
         self._default_sort_key = key
         self._default_sort_reverse = reverse and 1 or 0
 
+    @zpublish
     def manage_renameObject(self, id, new_id, REQUEST=None):
         """ Rename a particular sub-object without changing its position.
         """

src/OFS/SimpleItem.py

@@ -200,7 +200,6 @@ def tpValues(self):
 
     _manage_editedDialog = DTMLFile('dtml/editedDialog', globals())
 
-    @zpublish
     def manage_editedDialog(self, REQUEST, **args):
         return self._manage_editedDialog(self, REQUEST, **args)
 

src/OFS/owner.py

@@ -21,13 +21,13 @@
 from AccessControl.owner import ownableFilter
 from AccessControl.Permissions import take_ownership
 from AccessControl.Permissions import view_management_screens
-from AccessControl.requestmethod import requestmethod
 from AccessControl.SecurityInfo import ClassSecurityInfo
 from AccessControl.SecurityManagement import getSecurityManager
 from AccessControl.unauthorized import Unauthorized
 from Acquisition import aq_get
 from Acquisition import aq_parent
 from App.special_dtml import DTMLFile
+from ZPublisher import zpublish
 
 
 class Owned(BaseOwned):
@@ -47,7 +47,7 @@ class Owned(BaseOwned):
     manage_owner = DTMLFile('dtml/owner', globals())
 
     @security.protected(take_ownership)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_takeOwnership(self, REQUEST, RESPONSE, recursive=0):
         """Take ownership (responsibility) for an object.
 
@@ -68,7 +68,7 @@ def manage_takeOwnership(self, REQUEST, RESPONSE, recursive=0):
             RESPONSE.redirect(REQUEST['HTTP_REFERER'])
 
     @security.protected(take_ownership)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_changeOwnershipType(
         self,
         explicit=1,

src/OFS/role.py

@@ -25,6 +25,7 @@
 from AccessControl.rolemanager import reqattr
 from App.special_dtml import DTMLFile
 from zExceptions import BadRequest
+from ZPublisher import zpublish
 
 
 class RoleManager(BaseRoleManager):
@@ -47,7 +48,7 @@ class RoleManager(BaseRoleManager):
     )
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
         """Change the permissions given to the given role.
         """
@@ -64,7 +65,7 @@ def manage_role(self, role_to_manage, permissions=[], REQUEST=None):
     )
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
         """Change the permissions that acquire.
         """
@@ -81,7 +82,7 @@ def manage_acquiredPermissions(self, permissions=[], REQUEST=None):
     )
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_permission(
         self,
         permission_to_manage,
@@ -107,12 +108,13 @@ def manage_permission(
     )
 
     @security.protected(change_permissions)
+    @zpublish
     def manage_access(self, REQUEST, **kw):
         """Return an interface for making permissions settings."""
         return self._normal_manage_access(**kw)
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_changePermissions(self, REQUEST):
         """Change all permissions settings, called by management screen."""
         valid_roles = self.valid_roles()
@@ -158,7 +160,7 @@ def manage_changePermissions(self, REQUEST):
     )
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_addLocalRoles(self, userid, roles, REQUEST=None):
         """Set local roles for a user."""
         BaseRoleManager.manage_addLocalRoles(self, userid, roles)
@@ -167,7 +169,7 @@ def manage_addLocalRoles(self, userid, roles, REQUEST=None):
             return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_setLocalRoles(self, userid, roles=[], REQUEST=None):
         """Set local roles for a user."""
         if roles:
@@ -179,7 +181,7 @@ def manage_setLocalRoles(self, userid, roles=[], REQUEST=None):
             return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
     @security.protected(change_permissions)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_delLocalRoles(self, userids, REQUEST=None):
         """Remove all local roles for a user."""
         BaseRoleManager.manage_delLocalRoles(self, userids)
@@ -188,6 +190,7 @@ def manage_delLocalRoles(self, userids, REQUEST=None):
             return self.manage_listLocalRoles(self, REQUEST, stat=stat)
 
     @security.protected(change_permissions)
+    @zpublish
     def manage_defined_roles(self, submit=None, REQUEST=None):
         """Called by management screen."""
         if submit == 'Add Role':

src/OFS/userfolder.py

@@ -32,6 +32,7 @@
 from OFS.role import RoleManager
 from OFS.SimpleItem import Item
 from zExceptions import BadRequest
+from ZPublisher import zpublish
 
 
 class BasicUserFolder(
@@ -54,7 +55,7 @@ class BasicUserFolder(
     ) + RoleManager.manage_options + Item.manage_options)
 
     @security.protected(ManageUsers)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def userFolderAddUser(self, name, password, roles, domains,
                           REQUEST=None, **kw):
         """API method for creating a new user object. Note that not all
@@ -65,7 +66,7 @@ def userFolderAddUser(self, name, password, roles, domains,
         raise NotImplementedError
 
     @security.protected(ManageUsers)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def userFolderEditUser(
         self,
         name,
@@ -83,7 +84,7 @@ def userFolderEditUser(
         raise NotImplementedError
 
     @security.protected(ManageUsers)
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def userFolderDelUsers(self, names, REQUEST=None):
         """API method for deleting one or more user objects. Note that not
            all user folder implementations support deletion of user objects."""
@@ -101,6 +102,7 @@ def userFolderDelUsers(self, names, REQUEST=None):
 
     _userFolderProperties = DTMLFile('dtml/userFolderProps', globals())
 
+    @zpublish
     def manage_userFolderProperties(
         self,
         REQUEST=None,
@@ -115,7 +117,7 @@ def manage_userFolderProperties(
             management_view='Properties',
         )
 
-    @requestmethod('POST')
+    @zpublish(methods='POST')
     def manage_setUserFolderProperties(
         self,
         encrypt_passwords=0,
@@ -214,6 +216,7 @@ def _delUsers(self, names, REQUEST=None):
             return self._mainUser(self, REQUEST)
 
     @security.protected(ManageUsers)
+    @zpublish
     def manage_users(self, submit=None, REQUEST=None, RESPONSE=None):
         """This method handles operations on users for the web based forms
            of the ZMI. Application code (code that is outside of the forms