[Erp5-report] r21068 - in /erp5/trunk/bt5/erp5_base: SkinTemplateItem/portal_skins/erp5_bas...

nobody at svn.erp5.org nobody at svn.erp5.org
Wed May 21 18:35:59 CEST 2008 

Author: jerome
Date: Wed May 21 18:35:58 2008
New Revision: 21068

URL: http://svn.erp5.org?rev=21068&view=rev
Log:
Person_getPrimaryGroup: if multiple groups are defined on open assignments, this script should not try to guess. Also add a proxy role to make sure this code can be used by any users, and use a hack to prevent users from calling the script arbitrarily.

Modified:
    erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml
    erp5/trunk/bt5/erp5_base/bt/revision

Modified: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml?rev=21068&r1=21067&r2=21068&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml (original)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml Wed May 21 18:35:58 2008
@@ -81,17 +81,28 @@
   (to be implemented).\n
 """\n
 \n
+if REQUEST is not None:\n
+  # This script has proxy roles, so we don\'t allow users to call it directly\n
+  from AccessControl import getSecurityManager\n
+  from zExceptions import Unauthorized\n
+  if not \'Manager\' in getSecurityManager().getUser().getRoles():\n
+    raise Unauthorized(script)\n
+\n
 from DateTime import DateTime\n
 now = DateTime()\n
 \n
-for assignment in context.contentValues(portal_type=\'Assignment\',\n
-                     checked_permission=\'Access contents information\'):\n
-  \n
+existing_group_set = dict()\n
+for assignment in context.contentValues(portal_type=\'Assignment\'):\n
   if assignment.getGroup() \\\n
       and assignment.getValidationState() == \'open\' \\\n
       and ( assignment.getStartDate() is None or\n
             assignment.getStartDate() <= now <= assignment.getStopDate()):\n
-   return assignment.getGroup()\n
+   existing_group_set[assignment.getGroup()] = 1\n
+\n
+# If we have multiple groups defined on assignments, this scripts does not\n
+# try to guess, and fallback to the default career\'s group\n
+if len(existing_group_set.keys()) == 1:\n
+  return existing_group_set.keys()[0]\n
 \n
 # no group found on open assignments, returns the default group\n
 # (on a person document this is acquired on the default career\'s subordination)\n
@@ -120,7 +131,15 @@
         </item>
         <item>
             <key> <string>_params</string> </key>
-            <value> <string></string> </value>
+            <value> <string>REQUEST=None</string> </value>
+        </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
         </item>
         <item>
             <key> <string>errors</string> </key>
@@ -140,19 +159,30 @@
                   <dictionary>
                     <item>
                         <key> <string>co_argcount</string> </key>
-                        <value> <int>0</int> </value>
+                        <value> <int>1</int> </value>
                     </item>
                     <item>
                         <key> <string>co_varnames</string> </key>
                         <value>
                           <tuple>
+                            <string>REQUEST</string>
+                            <string>None</string>
+                            <string>AccessControl</string>
+                            <string>getSecurityManager</string>
+                            <string>zExceptions</string>
+                            <string>Unauthorized</string>
+                            <string>_getattr_</string>
+                            <string>script</string>
                             <string>DateTime</string>
                             <string>now</string>
+                            <string>dict</string>
+                            <string>existing_group_set</string>
                             <string>_getiter_</string>
-                            <string>_getattr_</string>
                             <string>context</string>
                             <string>assignment</string>
-                            <string>None</string>
+                            <string>_write_</string>
+                            <string>len</string>
+                            <string>_getitem_</string>
                           </tuple>
                         </value>
                     </item>
@@ -164,7 +194,9 @@
         <item>
             <key> <string>func_defaults</string> </key>
             <value>
-              <none/>
+              <tuple>
+                <none/>
+              </tuple>
             </value>
         </item>
         <item>

Modified: erp5/trunk/bt5/erp5_base/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/bt/revision?rev=21068&r1=21067&r2=21068&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/bt/revision (original)
+++ erp5/trunk/bt5/erp5_base/bt/revision Wed May 21 18:35:58 2008
@@ -1,1 +1,1 @@
-300
+303

More information about the Erp5-report mailing list