[Erp5-report] r36755 mohamadou - in /erp5/trunk/bt5/erp5_egov: ExtensionTemplateItem/ SkinT...
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed Jun 30 19:14:05 CEST 2010
Author: mohamadou
Date: Wed Jun 30 19:14:05 2010
New Revision: 36755
URL: http://svn.erp5.org?rev=36755&view=rev
Log:
* test if user has access to a module before displaying it.
Modified:
erp5/trunk/bt5/erp5_egov/ExtensionTemplateItem/EGovSecurity.py
erp5/trunk/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/ERP5Site_getQuickSearchableTypeList.xml
erp5/trunk/bt5/erp5_egov/bt/change_log
erp5/trunk/bt5/erp5_egov/bt/revision
Modified: erp5/trunk/bt5/erp5_egov/ExtensionTemplateItem/EGovSecurity.py
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_egov/ExtensionTemplateItem/EGovSecurity.py?rev=36755&r1=36754&r2=36755&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_egov/ExtensionTemplateItem/EGovSecurity.py [utf8] (original)
+++ erp5/trunk/bt5/erp5_egov/ExtensionTemplateItem/EGovSecurity.py [utf8] Wed Jun 30 19:14:05 2010
@@ -162,7 +162,7 @@ def setPermissionsOnEGovModule(self, por
portal_type_object.manage_role(role_to_manage='Agent', permissions=view_permission_list)
# if the procedure needs no authentification anonymous should access and add
- if portal_type_object is not None:
+ if portal_type_object is not None:
step_authentication = portal_type_object.getStepAuthentication()
step_subscription = portal_type_object.getStepSubscription()
if not step_authentication: # and not step_subscription
Modified: erp5/trunk/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/ERP5Site_getQuickSearchableTypeList.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/ERP5Site_getQuickSearchableTypeList.xml?rev=36755&r1=36754&r2=36755&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/ERP5Site_getQuickSearchableTypeList.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/ERP5Site_getQuickSearchableTypeList.xml [utf8] Wed Jun 30 19:14:05 2010
@@ -53,17 +53,26 @@
</item>
<item>
<key> <string>_body</string> </key>
- <value> <string>portal_types = context.getPortalObject().portal_types\n
+ <value> <string>from AccessControl import getSecurityManager\n
+user=getSecurityManager().getUser()\n
+\n
+portal_types = context.getPortalObject().portal_types\n
validated_type_list = portal_types.searchFolder(portal_type=\'EGov Type\', validation_state = \'validated\')\n
+access_permission= \'Access contents information\'\n
+view_permission = \'View\'\n
\n
portal_type_list = ()\n
+for ptype_title in [\'Person\', \'Organisation\']:\n
+ default_module = context.getDefaultModule(ptype_title)\n
+ if user.has_permission(access_permission,default_module) or user.has_permission(view_permission,default_module):\n
+ portal_type_list += (ptype_title,)\n
+ \n
+for ptype in validated_type_list:\n
+ default_module = context.getDefaultModule(ptype.getTitle())\n
+ if user.has_permission(access_permission,default_module) or user.has_permission(view_permission,default_module):\n
+ portal_type_list += (ptype.getTitle(),)\n
\n
-for portal_type in validated_type_list:\n
- portal_type_list += (portal_type.getTitle(),)\n
-\n
-\n
-type_list = portal_type_list + (\'Person\', \'Organisation\')\n
-return type_list\n
+return portal_type_list\n
</string> </value>
</item>
<item>
@@ -100,15 +109,21 @@ return type_list\n
<key> <string>co_varnames</string> </key>
<value>
<tuple>
+ <string>AccessControl</string>
+ <string>getSecurityManager</string>
<string>_getattr_</string>
+ <string>user</string>
<string>context</string>
<string>portal_types</string>
<string>validated_type_list</string>
+ <string>access_permission</string>
+ <string>view_permission</string>
<string>portal_type_list</string>
<string>_getiter_</string>
- <string>portal_type</string>
+ <string>ptype_title</string>
+ <string>default_module</string>
<string>_inplacevar_</string>
- <string>type_list</string>
+ <string>ptype</string>
</tuple>
</value>
</item>
Modified: erp5/trunk/bt5/erp5_egov/bt/change_log
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_egov/bt/change_log?rev=36755&r1=36754&r2=36755&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_egov/bt/change_log [utf8] (original)
+++ erp5/trunk/bt5/erp5_egov/bt/change_log [utf8] Wed Jun 30 19:14:05 2010
@@ -1,4 +1,7 @@
2010-06-30 mohamadou
+* test if user has access to a module before displaying it.
+
+2010-06-30 mohamadou
* Add role information in EGov Type
2010-06-30 mohamadou
Modified: erp5/trunk/bt5/erp5_egov/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_egov/bt/revision?rev=36755&r1=36754&r2=36755&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_egov/bt/revision [utf8] (original)
+++ erp5/trunk/bt5/erp5_egov/bt/revision [utf8] Wed Jun 30 19:14:05 2010
@@ -1 +1 @@
-664
\ No newline at end of file
+667
\ No newline at end of file
More information about the Erp5-report
mailing list