[Erp5-report] r21068 - in /erp5/trunk/bt5/erp5_base: SkinTemplateItem/portal_skins/erp5_bas...
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed May 21 18:35:59 CEST 2008
Author: jerome
Date: Wed May 21 18:35:58 2008
New Revision: 21068
URL: http://svn.erp5.org?rev=21068&view=rev
Log:
Person_getPrimaryGroup: if multiple groups are defined on open assignments, this script should not try to guess. Also add a proxy role to make sure this code can be used by any users, and use a hack to prevent users from calling the script arbitrarily.
Modified:
erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml
erp5/trunk/bt5/erp5_base/bt/revision
Modified: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml?rev=21068&r1=21067&r2=21068&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml (original)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Person_getPrimaryGroup.xml Wed May 21 18:35:58 2008
@@ -81,17 +81,28 @@
(to be implemented).\n
"""\n
\n
+if REQUEST is not None:\n
+ # This script has proxy roles, so we don\'t allow users to call it directly\n
+ from AccessControl import getSecurityManager\n
+ from zExceptions import Unauthorized\n
+ if not \'Manager\' in getSecurityManager().getUser().getRoles():\n
+ raise Unauthorized(script)\n
+\n
from DateTime import DateTime\n
now = DateTime()\n
\n
-for assignment in context.contentValues(portal_type=\'Assignment\',\n
- checked_permission=\'Access contents information\'):\n
- \n
+existing_group_set = dict()\n
+for assignment in context.contentValues(portal_type=\'Assignment\'):\n
if assignment.getGroup() \\\n
and assignment.getValidationState() == \'open\' \\\n
and ( assignment.getStartDate() is None or\n
assignment.getStartDate() <= now <= assignment.getStopDate()):\n
- return assignment.getGroup()\n
+ existing_group_set[assignment.getGroup()] = 1\n
+\n
+# If we have multiple groups defined on assignments, this scripts does not\n
+# try to guess, and fallback to the default career\'s group\n
+if len(existing_group_set.keys()) == 1:\n
+ return existing_group_set.keys()[0]\n
\n
# no group found on open assignments, returns the default group\n
# (on a person document this is acquired on the default career\'s subordination)\n
@@ -120,7 +131,15 @@
</item>
<item>
<key> <string>_params</string> </key>
- <value> <string></string> </value>
+ <value> <string>REQUEST=None</string> </value>
+ </item>
+ <item>
+ <key> <string>_proxy_roles</string> </key>
+ <value>
+ <tuple>
+ <string>Manager</string>
+ </tuple>
+ </value>
</item>
<item>
<key> <string>errors</string> </key>
@@ -140,19 +159,30 @@
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
- <value> <int>0</int> </value>
+ <value> <int>1</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
+ <string>REQUEST</string>
+ <string>None</string>
+ <string>AccessControl</string>
+ <string>getSecurityManager</string>
+ <string>zExceptions</string>
+ <string>Unauthorized</string>
+ <string>_getattr_</string>
+ <string>script</string>
<string>DateTime</string>
<string>now</string>
+ <string>dict</string>
+ <string>existing_group_set</string>
<string>_getiter_</string>
- <string>_getattr_</string>
<string>context</string>
<string>assignment</string>
- <string>None</string>
+ <string>_write_</string>
+ <string>len</string>
+ <string>_getitem_</string>
</tuple>
</value>
</item>
@@ -164,7 +194,9 @@
<item>
<key> <string>func_defaults</string> </key>
<value>
- <none/>
+ <tuple>
+ <none/>
+ </tuple>
</value>
</item>
<item>
Modified: erp5/trunk/bt5/erp5_base/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/bt/revision?rev=21068&r1=21067&r2=21068&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/bt/revision (original)
+++ erp5/trunk/bt5/erp5_base/bt/revision Wed May 21 18:35:58 2008
@@ -1,1 +1,1 @@
-300
+303
More information about the Erp5-report
mailing list