From 82cf32055499b602295b0efcda53907fa921a355 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Sun, 22 Oct 2006 20:05:45 +0000
Subject: [PATCH] Checks that a same object has the context can be added in the
 container using visible content types in Base_createNewDocument. If the
 content is an hidden allowed content type, refuse to create a new document of
 this type.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10869 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../Base_createNewDocument.xml                | 69 ++++++++++++++-----
 .../bootstrap/erp5_xhtml_style/bt/revision    |  2 +-
 2 files changed, 54 insertions(+), 17 deletions(-)

diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createNewDocument.xml b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createNewDocument.xml
index 6da598672b..494102eb40 100644
--- a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createNewDocument.xml
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createNewDocument.xml
@@ -68,26 +68,34 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string>N_ = context.getPortalObject().Base_translateString\n
+            <value> <string>"""Add an object of the same type as self in the container, unless\n
+this type cannot be added in the container.\n
+"""\n
+N_ = context.getPortalObject().Base_translateString\n
 REQUEST=context.REQUEST\n
-\n
-# Add an object of the same type as self in the container.\n
 parent = context.aq_parent\n
+allowed_type_list = parent.getVisibleAllowedContentTypeList()\n
+\n
+if not allowed_type_list:\n
+  return context.ERP5Site_redirect(\'%s/%s/view\' % (\n
+        parent.getUrl(), context.getId()),\n
+        keep_items={\'portal_status_message\':\n
+           N_("You are not allowed to add new content in this context.")})\n
 \n
-# XXX May be this need to be changed in order to get something else than\n
-# the permission "Add portal content"\n
-if not parent.allowedContentTypes():\n
-  return context.ERP5Site_redirect(\'%s/%s/view\' % (parent.getUrl(), context.getId()), \n
-                                         keep_items={\'portal_status_message\': N_("You are not allowed to add new content in this context.")})\n
+if context.getPortalType() not in allowed_type_list:\n
+  return context.ERP5Site_redirect(\'%s/%s/view\' % (\n
+        parent.getUrl(), context.getId()),\n
+        keep_items={\'portal_status_message\':\n
+           N_("You are not allowed to add ${portal_type} in this context.",\n
+              mapping=dict(portal_type=context.getTranslatedPortalType()))})\n
   \n
-else:\n
-  new_id = parent.generateNewId()\n
-  context.portal_types.constructContent(type_name=context.portal_type,\n
-                        container=parent,\n
-                        id=str(new_id),\n
-                        RESPONSE=REQUEST.RESPONSE)\n
-  return context.ERP5Site_redirect(\'%s/%s/view\' % (parent.getUrl(), new_id), \n
-                                         keep_items={\'portal_status_message\': N_("Object Created.")})\n
+new_id = parent.generateNewId()\n
+context.portal_types.constructContent(type_name=context.portal_type,\n
+                      container=parent,\n
+                      id=str(new_id),\n
+                      RESPONSE=REQUEST.RESPONSE)\n
+return context.ERP5Site_redirect(\'%s/%s/view\' % (parent.getUrl(), new_id),\n
+              keep_items={\'portal_status_message\': N_("Object Created.")})\n
 </string> </value>
         </item>
         <item>
@@ -96,6 +104,12 @@ else:\n
               <none/>
             </value>
         </item>
+        <item>
+            <key> <string>_dav_writelocks</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>_filepath</string> </key>
             <value>
@@ -135,6 +149,8 @@ else:\n
                             <string>N_</string>
                             <string>REQUEST</string>
                             <string>parent</string>
+                            <string>allowed_type_list</string>
+                            <string>dict</string>
                             <string>new_id</string>
                             <string>str</string>
                           </tuple>
@@ -164,4 +180,25 @@ else:\n
       </dictionary>
     </pickle>
   </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <tuple>
+        <tuple>
+          <string>Persistence</string>
+          <string>PersistentMapping</string>
+        </tuple>
+        <none/>
+      </tuple>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_container</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
index 8bc94cb760..6610e117a3 100644
--- a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
@@ -1 +1 @@
-276
\ No newline at end of file
+277
\ No newline at end of file
-- 
2.30.9