From 2b33f6beb820c23d10e901fe374fc44f6ca18414 Mon Sep 17 00:00:00 2001 From: Romain Courteaud <romain@nexedi.com> Date: Fri, 21 Nov 2008 14:20:16 +0000 Subject: [PATCH] Use restrictedTraverse instead of getattr to prevent Unauthorized error git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@24659 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../CurrencyModule_getCurrencyItemList.xml | 18 ++++++++++-------- bt5/erp5_base/bt/revision | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml index 8cda55d999..ac6fa1a521 100644 --- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml +++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/CurrencyModule_getCurrencyItemList.xml @@ -60,15 +60,17 @@ def getCurrencyItemList(include_empty=1, portal_path=""):\n result = []\n if include_empty :\n result = [[\'\', \'\'],]\n - currency_module = getattr(portal, \'currency_module\',\n - getattr(portal, \'currency\', None))\n + currency_module = portal.restrictedTraverse(\n + \'currency_module\', \n + portal.restrictedTraverse(\'currency\', None))\n \n - for currency in LazyFilter(currency_module.contentValues(), skip=\'View\'):\n - if not skip_invalidated or \\\n - currency.getProperty(\'validation_state\', \'default\') != \'invalidated\':\n - # for currency, we intentionaly use reference (EUR) not title (Euros).\n - result.append((currency.getReference() or currency.getTitleOrId(),\n - currency.getRelativeUrl()))\n + if currency_module is not None:\n + for currency in LazyFilter(currency_module.contentValues(), skip=\'View\'):\n + if not skip_invalidated or \\\n + currency.getProperty(\'validation_state\', \'default\') != \'invalidated\':\n + # for currency, we intentionaly use reference (EUR) not title (Euros).\n + result.append((currency.getReference() or currency.getTitleOrId(),\n + currency.getRelativeUrl()))\n \n result.sort(key=lambda x: x[0])\n return result\n diff --git a/bt5/erp5_base/bt/revision b/bt5/erp5_base/bt/revision index 281cd66131..4af7c92223 100644 --- a/bt5/erp5_base/bt/revision +++ b/bt5/erp5_base/bt/revision @@ -1 +1 @@ -469 \ No newline at end of file +470 \ No newline at end of file -- 2.30.9