[Erp5-report] r24659 - in /erp5/trunk/bt5/erp5_base: SkinTemplateItem/portal_skins/erp5_bas...

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Nov 21 15:20:19 CET 2008 

Author: romain
Date: Fri Nov 21 15:20:16 2008
New Revision: 24659

URL: http://svn.erp5.org?rev=24659&view=rev
Log:
Use restrictedTraverse instead of getattr to prevent Unauthorized error

Modified:
    erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml
    erp5/trunk/bt5/erp5_base/bt/revision

Modified: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml?rev=24659&r1=24658&r2=24659&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml [utf8] Fri Nov 21 15:20:16 2008
@@ -60,15 +60,17 @@
   result = []\n
   if include_empty :\n
     result = [[\'\', \'\'],]\n
-  currency_module = getattr(portal, \'currency_module\',\n
-                        getattr(portal, \'currency\', None))\n
+  currency_module = portal.restrictedTraverse(\n
+                             \'currency_module\', \n
+                             portal.restrictedTraverse(\'currency\', None))\n
 \n
-  for currency in LazyFilter(currency_module.contentValues(), skip=\'View\'):\n
-    if not skip_invalidated or \\\n
-          currency.getProperty(\'validation_state\', \'default\') != \'invalidated\':\n
-      # for currency, we intentionaly use reference (EUR) not title (Euros).\n
-      result.append((currency.getReference() or currency.getTitleOrId(),\n
-                     currency.getRelativeUrl()))\n
+  if currency_module is not None:\n
+    for currency in LazyFilter(currency_module.contentValues(), skip=\'View\'):\n
+      if not skip_invalidated or \\\n
+            currency.getProperty(\'validation_state\', \'default\') != \'invalidated\':\n
+        # for currency, we intentionaly use reference (EUR) not title (Euros).\n
+        result.append((currency.getReference() or currency.getTitleOrId(),\n
+                       currency.getRelativeUrl()))\n
   \n
   result.sort(key=lambda x: x[0])\n
   return result\n

Modified: erp5/trunk/bt5/erp5_base/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/bt/revision?rev=24659&r1=24658&r2=24659&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/bt/revision [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/bt/revision [utf8] Fri Nov 21 15:20:16 2008
@@ -1,1 +1,1 @@
-469
+470

More information about the Erp5-report mailing list