[Erp5-report] r34662 jerome - in /erp5/trunk/bt5/erp5_base: WorkflowTemplateItem/portal_wor...
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Apr 19 17:15:33 CEST 2010
Author: jerome
Date: Mon Apr 19 17:15:32 2010
New Revision: 34662
URL: http://svn.erp5.org?rev=34662&view=rev
Log:
fix strange security of career_workflow:
* Assignee can pass workflow transition, but cannot see the document in draft. Fix that by giving View to Assignee in draft.
* Assignee / Assignor cannot view a cancelled career, but only them use cancel transition. Fix that by giving View to Assignee / Assignor in cancelled state.
* Give view to Auditor in both cancelled and draft.
Modified:
erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/cancelled.xml
erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/draft.xml
erp5/trunk/bt5/erp5_base/bt/revision
Modified: erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/cancelled.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/cancelled.xml?rev=34662&r1=34661&r2=34662&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/cancelled.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/cancelled.xml [utf8] Mon Apr 19 17:15:32 2010
@@ -45,23 +45,22 @@
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<tuple>
- <tuple>
- <string>Persistence</string>
- <string>PersistentMapping</string>
- </tuple>
- <none/>
+ <global name="PersistentMapping" module="Persistence.mapping"/>
+ <tuple/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
- <key> <string>_container</string> </key>
+ <key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>Access contents information</string> </key>
<value>
<tuple>
+ <string>Assignee</string>
+ <string>Assignor</string>
<string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
@@ -80,6 +79,8 @@
<key> <string>View</string> </key>
<value>
<tuple>
+ <string>Assignee</string>
+ <string>Assignor</string>
<string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
Modified: erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/draft.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/draft.xml?rev=34662&r1=34661&r2=34662&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/draft.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/WorkflowTemplateItem/portal_workflow/career_workflow/states/draft.xml [utf8] Mon Apr 19 17:15:32 2010
@@ -50,24 +50,23 @@
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<tuple>
- <tuple>
- <string>Persistence</string>
- <string>PersistentMapping</string>
- </tuple>
- <none/>
+ <global name="PersistentMapping" module="Persistence.mapping"/>
+ <tuple/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
- <key> <string>_container</string> </key>
+ <key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>Access contents information</string> </key>
<value>
<tuple>
+ <string>Assignee</string>
<string>Assignor</string>
+ <string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
</tuple>
@@ -77,6 +76,7 @@
<key> <string>Modify portal content</string> </key>
<value>
<tuple>
+ <string>Assignee</string>
<string>Assignor</string>
<string>Manager</string>
<string>Owner</string>
@@ -87,7 +87,9 @@
<key> <string>View</string> </key>
<value>
<tuple>
+ <string>Assignee</string>
<string>Assignor</string>
+ <string>Auditor</string>
<string>Manager</string>
<string>Owner</string>
</tuple>
Modified: erp5/trunk/bt5/erp5_base/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/bt/revision?rev=34662&r1=34661&r2=34662&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/bt/revision [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/bt/revision [utf8] Mon Apr 19 17:15:32 2010
@@ -1,1 +1,1 @@
-715
+716
More information about the Erp5-report
mailing list