[Erp5-report] r16743 - /erp5/trunk/products/ERP5OOo/Document/OOoDocument.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Oct 1 13:14:12 CEST 2007
Author: jp
Date: Mon Oct 1 13:14:12 2007
New Revision: 16743
URL: http://svn.erp5.org?rev=16743&view=rev
Log:
Added format conversion control system to make sure a document can only be converted to a given list of formats based on the user profile. Required update of erp5_dms.
Modified:
erp5/trunk/products/ERP5OOo/Document/OOoDocument.py
Modified: erp5/trunk/products/ERP5OOo/Document/OOoDocument.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5OOo/Document/OOoDocument.py?rev=16743&r1=16742&r2=16743&view=diff
==============================================================================
--- erp5/trunk/products/ERP5OOo/Document/OOoDocument.py (original)
+++ erp5/trunk/products/ERP5OOo/Document/OOoDocument.py Mon Oct 1 13:14:12 2007
@@ -32,6 +32,7 @@
from xmlrpclib import Transport
from xmlrpclib import SafeTransport
from AccessControl import ClassSecurityInfo
+from AccessControl import Unauthorized
from OFS.Image import Pdata
from Products.CMFCore.utils import getToolByName, _setCacheHeaders
from Products.ERP5Type import Permissions, PropertySheet, Constraint, Interface
@@ -153,6 +154,14 @@
"""
# Accelerate rendering in Web mode
_setCacheHeaders(self, {'format' : format})
+
+ # Verify that the format is acceptable (from permission point of view)
+ method = self._getTypeBasedMethod('checkConversionFormatPermission',
+ fallback_script_id = 'Document_checkConversionFormatPermission')
+ if not method(format=format):
+ raise Unauthorized("OOoDocument: user does not have enough permission to access document"
+ " in %s format" % format)
+
# Return the original file by default
if format is None:
return File.index_html(self, REQUEST, RESPONSE)
More information about the Erp5-report
mailing list