[Erp5-report] r18863 - in /experimental/Experimental: ./ patches/
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Jan 25 18:03:12 CET 2008
Author: bartek
Date: Fri Jan 25 18:03:11 2008
New Revision: 18863
URL: http://svn.erp5.org?rev=18863&view=rev
Log:
relation string field displaying N/A when target object is not available (instead of raising exception)
Added:
experimental/Experimental/patches/ERP5Form_safeRelationField.py
Modified:
experimental/Experimental/ZopePatch.py
Modified: experimental/Experimental/ZopePatch.py
URL: http://svn.erp5.org/experimental/Experimental/ZopePatch.py?rev=18863&r1=18862&r2=18863&view=diff
==============================================================================
--- experimental/Experimental/ZopePatch.py (original)
+++ experimental/Experimental/ZopePatch.py Fri Jan 25 18:03:11 2008
@@ -32,3 +32,6 @@
LOG('EXPERIMENTAL monkey-patch', INFO, 'In disabled RadioField show translated title (not value)')
from Products.Experimental.patches import Formulator_RadioField_show_title
+
+LOG('EXPERIMENTAL monkey-patch', INFO, 'Safe RelationField')
+from Products.Experimental.patches import ERP5Form_safeRelationField
Added: experimental/Experimental/patches/ERP5Form_safeRelationField.py
URL: http://svn.erp5.org/experimental/Experimental/patches/ERP5Form_safeRelationField.py?rev=18863&view=auto
==============================================================================
--- experimental/Experimental/patches/ERP5Form_safeRelationField.py (added)
+++ experimental/Experimental/patches/ERP5Form_safeRelationField.py Fri Jan 25 18:03:11 2008
@@ -1,0 +1,96 @@
+##############################################################################
+#
+# Copyright (c) 2007 ERP5 Polska. All Rights Reserved.
+# Bartek Gorny <bartek at erp5.pl>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+##############################################################################
+
+"""
+ This patch handles Unauthorized exception while trying to get a value
+ for a field in a form, and returns a "marker" if such an exception
+ occured.
+ Also before rendering the "airplane" it checks if there was an
+ Unauthorized and doesn't render the airplane if there was.
+
+ RATIONALE: the RelationStringField causes many problems when more sophisticated
+ security regulations are applied, because if you try to view a form which
+ contains a relation to another object which you are not authorized to view
+ it raises an exception and the form can not be viewed. While, since we already have
+ the exception, this situation can be easily handled with almost no overhead.
+"""
+
+from Products.ERP5Form import Form
+from Products.Formulator.Field import Field
+from Products.ERP5Form.MultiRelationField import MultiRelationStringFieldWidget
+from Globals import get_request
+from AccessControl import Unauthorized
+from zLOG import LOG
+
+NOT_AVAILABLE_MARKER = '- (N/A) -'
+
+_field_value_cache = {}
+def Form_get_value(self, id, **kw):
+ REQUEST = get_request()
+ if REQUEST is not None:
+ field = REQUEST.get('field__proxyfield_%s_%s' % (self.id, id), self)
+ else:
+ field = self
+
+ # If field is not stored in zodb, then must use original get_value instead.
+ # Because field which is not stored in zodb must be used for editing field
+ # in ZMI and field value cache sometimes break these field settings at
+ # initialization. As the result, we will see broken field editing screen
+ # in ZMI.
+ if self._p_oid is None:
+ return self._original_get_value(id, **kw)
+
+ cache_id = ('Form.get_value',
+ self._p_oid,
+ field._p_oid,
+ id)
+
+ try:
+ value = _field_value_cache[cache_id]
+ except KeyError:
+ # either returns non callable value (ex. "Title")
+ # or a FieldValue instance of appropriate class
+ value, cacheable = Form.getFieldValue(self, field, id, **kw)
+ if cacheable:
+ _field_value_cache[cache_id] = value
+
+ if callable(value):
+ # here we handle Unauthorized
+ try:
+ return value(field, id, **kw)
+ except Unauthorized:
+ return NOT_AVAILABLE_MARKER
+ return value
+
+Form.get_value = Form_get_value
+Field.get_value = Form_get_value
+
+MultiRelationStringFieldWidget.render_optional_relation_link = MultiRelationStringFieldWidget.render_relation_link
+
+def MultiRelationStringFieldWidget_render_relation_link(self, field, value, REQUEST):
+ """
+ This checks if the value of the field is equal to the NOT_AVAILABLE_MARKER
+ and if it is the field does not render the relation link.
+ """
+ if value == NOT_AVAILABLE_MARKER:
+ return ''
+ return self.render_optional_relation_link(field, value, REQUEST)
+
+MultiRelationStringFieldWidget.render_relation_link = MultiRelationStringFieldWidget_render_relation_link
More information about the Erp5-report
mailing list