[Erp5-report] r23484 - in /erp5/trunk/products/ERP5/bootstrap/erp5_core: SkinTemplateItem/p...

nobody at svn.erp5.org nobody at svn.erp5.org
Mon Sep 8 15:20:19 CEST 2008 

Author: jerome
Date: Mon Sep  8 15:20:06 2008
New Revision: 23484

URL: http://svn.erp5.org?rev=23484&view=rev
Log:
Base_getPreferredSectionItemList : don't return deleted or invalidated sections, and prevent some security problems with deleted organisations.

Modified:
    erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getPreferredSectionItemList.xml
    erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getPreferredSectionItemList.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getPreferredSectionItemList.xml?rev=23484&r1=23483&r2=23484&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getPreferredSectionItemList.xml (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getPreferredSectionItemList.xml Mon Sep  8 15:20:06 2008
@@ -69,7 +69,10 @@
                        context.portal_preferences.getPreferredAccountingTransactionSectionCategory() \n
 \n
 section_value = context.portal_categories.resolveCategory(section)\n
-value_list = section_value.getGroupRelatedValueList(portal_type=portal_type)\n
+value_list = section_value.getGroupRelatedValueList(portal_type=portal_type,\n
+                                                    checked_permission=\'View\')\n
+value_list = [r for r in value_list\n
+              if r.getProperty(\'validation_state\') not in (\'invalidated\', \'deleted\')]\n
 \n
 # convert to ListField format\n
 return [(\'\', \'\')] + [(obj.getTitle(), obj.getRelativeUrl()) for obj in value_list]\n
@@ -130,6 +133,7 @@
                             <string>append</string>
                             <string>$append0</string>
                             <string>_getiter_</string>
+                            <string>r</string>
                             <string>obj</string>
                           </tuple>
                         </value>
@@ -154,6 +158,12 @@
             <value> <string>Base_getPreferredSectionItemList</string> </value>
         </item>
         <item>
+            <key> <string>uid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
             <key> <string>warnings</string> </key>
             <value>
               <tuple/>

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision?rev=23484&r1=23483&r2=23484&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision Mon Sep  8 15:20:06 2008
@@ -1,1 +1,1 @@
-954
+955

More information about the Erp5-report mailing list