[Erp5-report] r18981 - in /experimental/FSPatch: ./ Products/ Products/ERP5Form/

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Feb 1 13:27:53 CET 2008 

Author: bartek
Date: Fri Feb  1 13:27:53 2008
New Revision: 18981

URL: http://svn.erp5.org?rev=18981&view=rev
Log:
added a filesystem patch to make relation string field 'security-safe'

Added:
    experimental/FSPatch/
    experimental/FSPatch/Products/
    experimental/FSPatch/Products/ERP5Form/
    experimental/FSPatch/Products/ERP5Form/ERP5Form_safeRelationField.diff

Added: experimental/FSPatch/Products/ERP5Form/ERP5Form_safeRelationField.diff
URL: http://svn.erp5.org/experimental/FSPatch/Products/ERP5Form/ERP5Form_safeRelationField.diff?rev=18981&view=auto
==============================================================================
--- experimental/FSPatch/Products/ERP5Form/ERP5Form_safeRelationField.diff (added)
+++ experimental/FSPatch/Products/ERP5Form/ERP5Form_safeRelationField.diff Fri Feb  1 13:27:53 2008
@@ -1,0 +1,108 @@
+Index: MultiRelationField.py
+===================================================================
+--- MultiRelationField.py	(wersja 17264)
++++ MultiRelationField.py	(kopia robocza)
+@@ -40,6 +40,8 @@
+ from Products.Formulator.DummyField import fields
+ from Globals import get_request
+ 
++from Products.ERP5Form import Form
++
+ # Max. number of catalog result
+ MAX_SELECT = 30
+ NEW_CONTENT_PREFIX = '_newContent_'
+@@ -324,6 +326,8 @@
+     """
+     Render link to the related object.
+     """
++    if value == Form.NOT_AVAILABLE_MARKER:
++      return ''
+     html_string = ''
+     here = REQUEST['here']
+     portal_url = getToolByName(here, 'portal_url')
+Index: Form.py
+===================================================================
+--- Form.py	(wersja 17264)
++++ Form.py	(kopia robocza)
+@@ -47,6 +47,8 @@
+ from Products.ERP5Type.PsycoWrapper import psyco
+ import sys
+ 
++NOT_AVAILABLE_MARKER = '- (N/A) -'
++
+ _field_value_cache = {}
+ def purgeFieldValueCache():
+   _field_value_cache.clear()
+@@ -197,7 +199,10 @@
+       else:
+         # else we should give a chance to the accessor to provide
+         # a default value (including None)
+-        value = ob.getProperty(self.key)
++        try:
++          value = ob.getProperty(self.key)
++        except Unauthorized:
++          value = NOT_AVAILABLE_MARKER
+     except (KeyError, AttributeError):
+       value = None
+     return self.returnValue(field, id, value)
+@@ -286,7 +291,10 @@
+       _field_value_cache[cache_id] = value
+ 
+   if callable(value):
+-    return value(field, id, **kw)
++    try:
++      return value(field, id, **kw)
++    except Unauthorized:
++      return NOT_AVAILABLE_MARKER
+   return value
+ 
+ psyco.bind(get_value)
+@@ -305,7 +313,10 @@
+         value = self._get_user_input_value(key, REQUEST)
+     except (KeyError, AttributeError):
+         # fall back on default
+-        return self.get_value('default', REQUEST=REQUEST) # It was missing on Formulator
++        try:
++          return self.get_value('default', REQUEST=REQUEST) # It was missing on Formulator
++        except Unauthorized:
++          return NOT_AVAILABLE_MARKER
+ 
+     # if we enter a string value while the field expects unicode,
+     # convert to unicode first
+Index: ListBox.py
+===================================================================
+--- ListBox.py	(wersja 17264)
++++ ListBox.py	(kopia robocza)
+@@ -54,6 +54,8 @@
+ import cgi
+ import types
+ 
++from Products.ERP5Form import Form
++
+ # For compatibility with Python 2.3.
+ try:
+   set
+@@ -1907,9 +1909,12 @@
+               except AttributeError:
+                 original_value = getattr(obj, property_id, None)
+                 processed_value = original_value
+-            except (AttributeError, KeyError, Unauthorized):
++            except (AttributeError, KeyError):
+               original_value = None
+               processed_value = 'Could not evaluate %s' % property_id
++            except Unauthorized:
++              original_value = None
++              processed_value = Form.NOT_AVAILABLE_MARKER
+           else:
+             original_value = None
+             processed_value = 'Object does not exist'
+@@ -1927,6 +1932,9 @@
+             processed_value = original_value
+         except (ConflictError, RuntimeError):
+           raise
++        except Unauthorized:
++          original_value = None
++          processed_value = Form.NOT_AVAILABLE_MARKER
+         except:
+           processed_value = 'Could not evaluate %s' % (original_value,)
+           LOG('ListBox', WARNING, 'could not evaluate %r' % (original_value,),

More information about the Erp5-report mailing list