[Erp5-report] r18863 - in /experimental/Experimental: ./ patches/

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Jan 25 18:03:12 CET 2008 

Author: bartek
Date: Fri Jan 25 18:03:11 2008
New Revision: 18863

URL: http://svn.erp5.org?rev=18863&view=rev
Log:
relation string field displaying N/A when target object is not available (instead of raising exception)

Added:
    experimental/Experimental/patches/ERP5Form_safeRelationField.py
Modified:
    experimental/Experimental/ZopePatch.py

Modified: experimental/Experimental/ZopePatch.py
URL: http://svn.erp5.org/experimental/Experimental/ZopePatch.py?rev=18863&r1=18862&r2=18863&view=diff
==============================================================================
--- experimental/Experimental/ZopePatch.py (original)
+++ experimental/Experimental/ZopePatch.py Fri Jan 25 18:03:11 2008
@@ -32,3 +32,6 @@
 
 LOG('EXPERIMENTAL monkey-patch', INFO, 'In disabled RadioField show translated title (not value)')
 from Products.Experimental.patches import Formulator_RadioField_show_title
+
+LOG('EXPERIMENTAL monkey-patch', INFO, 'Safe RelationField')
+from Products.Experimental.patches import ERP5Form_safeRelationField

Added: experimental/Experimental/patches/ERP5Form_safeRelationField.py
URL: http://svn.erp5.org/experimental/Experimental/patches/ERP5Form_safeRelationField.py?rev=18863&view=auto
==============================================================================
--- experimental/Experimental/patches/ERP5Form_safeRelationField.py (added)
+++ experimental/Experimental/patches/ERP5Form_safeRelationField.py Fri Jan 25 18:03:11 2008
@@ -1,0 +1,96 @@
+##############################################################################
+#
+# Copyright (c) 2007 ERP5 Polska. All Rights Reserved.
+#          Bartek Gorny <bartek at erp5.pl>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+##############################################################################
+
+"""
+  This patch handles Unauthorized exception while trying to get a value
+  for a field in a form, and returns a "marker" if such an exception
+  occured.
+  Also before rendering the "airplane" it checks if there was an 
+  Unauthorized and doesn't render the airplane if there was.
+
+  RATIONALE: the RelationStringField causes many problems when more sophisticated
+  security regulations are applied, because if you try to view a form which
+  contains a relation to another object which you are not authorized to view
+  it raises an exception and the form can not be viewed. While, since we already have
+  the exception, this situation can be easily handled with almost no overhead.
+"""
+
+from Products.ERP5Form import Form
+from Products.Formulator.Field import Field
+from Products.ERP5Form.MultiRelationField import MultiRelationStringFieldWidget
+from Globals import get_request
+from AccessControl import Unauthorized
+from zLOG import LOG
+
+NOT_AVAILABLE_MARKER = '- (N/A) -'
+
+_field_value_cache = {}
+def Form_get_value(self, id, **kw):
+  REQUEST = get_request()
+  if REQUEST is not None:
+    field = REQUEST.get('field__proxyfield_%s_%s' % (self.id, id), self)
+  else:
+    field = self
+
+  # If field is not stored in zodb, then must use original get_value instead.
+  # Because field which is not stored in zodb must be used for editing field
+  # in ZMI and field value cache sometimes break these field settings at
+  # initialization. As the result, we will see broken field editing screen
+  # in ZMI.
+  if self._p_oid is None:
+    return self._original_get_value(id, **kw)
+
+  cache_id = ('Form.get_value',
+              self._p_oid,
+              field._p_oid,
+              id)
+
+  try:
+    value = _field_value_cache[cache_id]
+  except KeyError:
+    # either returns non callable value (ex. "Title")
+    # or a FieldValue instance of appropriate class
+    value, cacheable = Form.getFieldValue(self, field, id, **kw)
+    if cacheable:
+      _field_value_cache[cache_id] = value
+
+  if callable(value):
+    # here we handle Unauthorized
+    try:
+      return value(field, id, **kw)
+    except Unauthorized:
+      return NOT_AVAILABLE_MARKER
+  return value
+
+Form.get_value = Form_get_value
+Field.get_value = Form_get_value
+
+MultiRelationStringFieldWidget.render_optional_relation_link = MultiRelationStringFieldWidget.render_relation_link
+
+def MultiRelationStringFieldWidget_render_relation_link(self, field, value, REQUEST):
+  """
+    This checks if the value of the field is equal to the NOT_AVAILABLE_MARKER
+    and if it is the field does not render the relation link.
+  """
+  if value == NOT_AVAILABLE_MARKER:
+    return ''
+  return self.render_optional_relation_link(field, value, REQUEST)
+
+MultiRelationStringFieldWidget.render_relation_link = MultiRelationStringFieldWidget_render_relation_link

More information about the Erp5-report mailing list