[Erp5-report] r17687 - in /erp5/trunk/bt5/erp5_accounting: SkinTemplateItem/portal_skins/er...
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Nov 19 16:41:03 CET 2007
Author: jerome
Date: Mon Nov 19 16:41:02 2007
New Revision: 17687
URL: http://svn.erp5.org?rev=17687&view=rev
Log:
Add proxy role to SaleInvoiceTransaction_getVAT, because it might access simulation movements for which the user doesn't have permission. Prevent the script to be called directly from URL
Modified:
erp5/trunk/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml
erp5/trunk/bt5/erp5_accounting/bt/revision
Modified: erp5/trunk/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml?rev=17687&r1=17686&r2=17687&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml (original)
+++ erp5/trunk/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml Mon Nov 19 16:41:02 2007
@@ -3,11 +3,8 @@
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
- <tuple>
- <string>Products.PythonScripts.PythonScript</string>
- <string>PythonScript</string>
- </tuple>
- <none/>
+ <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+ <tuple/>
</tuple>
</pickle>
<pickle>
@@ -88,6 +85,9 @@
\n
This API will probably change.\n
"""\n
+if REQUEST is not None:\n
+ from zExceptions import Unauthorized\n
+ raise Unauthorized, script.getId()\n
\n
vat_infos = {\n
\'total\' : 0,\n
@@ -161,7 +161,7 @@
</item>
<item>
<key> <string>_params</string> </key>
- <value> <string></string> </value>
+ <value> <string>REQUEST=None</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
@@ -181,23 +181,27 @@
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
- <value> <int>0</int> </value>
+ <value> <int>1</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
+ <string>REQUEST</string>
+ <string>None</string>
+ <string>zExceptions</string>
+ <string>Unauthorized</string>
+ <string>_getattr_</string>
+ <string>script</string>
<string>vat_infos</string>
<string>context</string>
<string>invoice</string>
- <string>_getattr_</string>
<string>portal</string>
<string>accounting_movement_list</string>
<string>len</string>
<string>_getiter_</string>
<string>movement</string>
<string>account</string>
- <string>None</string>
<string>_getitem_</string>
<string>float</string>
<string>_write_</string>
@@ -216,7 +220,9 @@
<item>
<key> <string>func_defaults</string> </key>
<value>
- <none/>
+ <tuple>
+ <none/>
+ </tuple>
</value>
</item>
<item>
Modified: erp5/trunk/bt5/erp5_accounting/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_accounting/bt/revision?rev=17687&r1=17686&r2=17687&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_accounting/bt/revision (original)
+++ erp5/trunk/bt5/erp5_accounting/bt/revision Mon Nov 19 16:41:02 2007
@@ -1,1 +1,1 @@
-498
+500
More information about the Erp5-report
mailing list