From 3ceaeec71c2e934a52e78f3fb8cdd810ed350fb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com> Date: Mon, 22 Nov 2010 09:54:30 +0000 Subject: [PATCH] add proxy role to this script, because some filtering are done inside the script and the current user may not have the permission to access some lines that will be filtered git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@40447 20353a03-c40f-0410-a6d1-a30d3c3de9de --- ...getNotGroupedAccountingTransactionList.xml | 110 +++++++++++++++++- bt5/erp5_accounting/bt/revision | 2 +- 2 files changed, 110 insertions(+), 2 deletions(-) diff --git a/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/Account_getNotGroupedAccountingTransactionList.xml b/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/Account_getNotGroupedAccountingTransactionList.xml index e10170b05c..b30d3ad13f 100644 --- a/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/Account_getNotGroupedAccountingTransactionList.xml +++ b/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/Account_getNotGroupedAccountingTransactionList.xml @@ -58,6 +58,9 @@ getObject = portal.portal_catalog.getObject\n params = portal.ERP5Accounting_getParams(selection_name)\n N_ = lambda msg: Message(\'erp5_ui\', msg)\n \n +# this also prevents to be called directly\n +assert \'node_uid\' in kw\n +\n mirror_section_relative_url = None\n if kw.get(\'mirror_section_uid\'):\n mirror_section_relative_url =\\\n @@ -97,7 +100,7 @@ for brain in portal.Base_zGetNotGroupedMovementList(\n transaction.getPortalType() not in portal_type_list:\n continue\n \n - is_source = transaction.AccountingTransaction_isSourceView()\n + is_source = (brain.mirror_section_relative_url == mvt.getDestinationSection())\n if is_source:\n if payment_uid and mvt.getSourcePaymentUid() != payment_uid:\n continue\n @@ -189,12 +192,117 @@ return line_list\n <key> <string>_params</string> </key> <value> <string>selection=None, sort_on=[], node_category=None, node_category_strict_membership=None, from_date=None, selection_name=None, function=None, project_uid=None, analytic_column_list=(), **kw</string> </value> </item> + <item> + <key> <string>_proxy_roles</string> </key> + <value> + <tuple> + <string>Manager</string> + </tuple> + </value> + </item> <item> <key> <string>errors</string> </key> <value> <tuple/> </value> </item> + <item> + <key> <string>func_code</string> </key> + <value> + <object> + <klass> + <global name="FuncCode" module="Shared.DC.Scripts.Signature"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>co_argcount</string> </key> + <value> <int>9</int> </value> + </item> + <item> + <key> <string>co_varnames</string> </key> + <value> + <tuple> + <string>selection</string> + <string>sort_on</string> + <string>node_category</string> + <string>node_category_strict_membership</string> + <string>from_date</string> + <string>selection_name</string> + <string>function</string> + <string>project_uid</string> + <string>analytic_column_list</string> + <string>kw</string> + <string>Products.PythonScripts.standard</string> + <string>Object</string> + <string>Products.ERP5Type.Document</string> + <string>newTempBase</string> + <string>Products.ERP5Type.Message</string> + <string>Message</string> + <string>_getattr_</string> + <string>context</string> + <string>portal</string> + <string>getObject</string> + <string>params</string> + <string>N_</string> + <string>AssertionError</string> + <string>None</string> + <string>mirror_section_relative_url</string> + <string>_getitem_</string> + <string>payment_uid</string> + <string>portal_type_filter</string> + <string>portal_type_list</string> + <string>total_debit</string> + <string>total_credit</string> + <string>total_debit_price</string> + <string>total_credit_price</string> + <string>line_list</string> + <string>_getiter_</string> + <string>brain</string> + <string>mvt</string> + <string>transaction</string> + <string>is_source</string> + <string>specific_reference</string> + <string>mirror_section_title</string> + <string>section_title</string> + <string>max</string> + <string>debit</string> + <string>_inplacevar_</string> + <string>credit</string> + <string>debit_price</string> + <string>credit_price</string> + <string>brain_date</string> + <string>line</string> + <string>dict</string> + <string>analytic_info</string> + <string>analytic_column</string> + <string>analytic_column_title</string> + <string>_write_</string> + </tuple> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>func_defaults</string> </key> + <value> + <tuple> + <none/> + <list/> + <none/> + <none/> + <none/> + <none/> + <none/> + <none/> + <tuple/> + </tuple> + </value> + </item> <item> <key> <string>id</string> </key> <value> <string>Account_getNotGroupedAccountingTransactionList</string> </value> diff --git a/bt5/erp5_accounting/bt/revision b/bt5/erp5_accounting/bt/revision index 347c6fecb0..5652ceb3db 100644 --- a/bt5/erp5_accounting/bt/revision +++ b/bt5/erp5_accounting/bt/revision @@ -1 +1 @@ -1405 \ No newline at end of file +1407 \ No newline at end of file -- 2.30.9