From 251596213c1c46ca97c28fafcfc4e532f1404f57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com> Date: Tue, 5 Feb 2008 14:53:15 +0000 Subject: [PATCH] fix transition security on check payment, fix control when doing manual validation git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19057 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../transitions/order.xml | 23 +------------------ .../checkAccountIsOverdraftFacility.xml | 2 +- .../scripts/validateConsistency.xml | 12 +++++++--- .../scripts/validatePositionAccounting.xml | 2 +- .../transitions/order.xml | 23 +------------------ bt5/erp5_banking_check/bt/revision | 2 +- 6 files changed, 14 insertions(+), 50 deletions(-) diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/transitions/order.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/transitions/order.xml index 62a4d59de7..9f352b2009 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/transitions/order.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/transitions/order.xml @@ -44,7 +44,7 @@ <item> <key> <string>guard</string> </key> <value> - <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent> + <none/> </value> </item> <item> @@ -70,25 +70,4 @@ </dictionary> </pickle> </record> - <record id="2" aka="AAAAAAAAAAI="> - <pickle> - <tuple> - <global name="Guard" module="Products.DCWorkflow.Guard"/> - <tuple/> - </tuple> - </pickle> - <pickle> - <dictionary> - <item> - <key> <string>roles</string> </key> - <value> - <tuple> - <string>Manager</string> - <string>Assignee</string> - </tuple> - </value> - </item> - </dictionary> - </pickle> - </record> </ZopeData> diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/checkAccountIsOverdraftFacility.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/checkAccountIsOverdraftFacility.xml index da4a6bbd00..e88cfd7914 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/checkAccountIsOverdraftFacility.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/checkAccountIsOverdraftFacility.xml @@ -81,7 +81,7 @@ transaction.Baobab_checkCounterDateOpen(site=source, date=date)\n site = transaction.getSourceValue()\n \n # For safety, check the consistency again.\n -context.validateConsistency(state_change)\n +context.validateConsistency(state_change, no_balance_check=1)\n \n line = transaction.movement\n bank_account = transaction.getDestinationPaymentValue()\n diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validateConsistency.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validateConsistency.xml index 7198f0f0f4..a773b6e54c 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validateConsistency.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validateConsistency.xml @@ -140,6 +140,9 @@ transaction.edit(aggregate=check.getRelativeUrl())\n \n context.updateBankingOperation(state_change)\n \n +if no_balance_check == 1:\n + return\n +\n # Test if the account balance is sufficient.\n # We do not need to serialize here because we do not make\n # reservation yet\n @@ -171,7 +174,7 @@ elif error[\'error_code\'] != 0:\n </item> <item> <key> <string>_params</string> </key> - <value> <string>state_change, **kw</string> </value> + <value> <string>state_change, no_balance_check=0, **kw</string> </value> </item> <item> <key> <string>_proxy_roles</string> </key> @@ -199,13 +202,14 @@ elif error[\'error_code\'] != 0:\n <dictionary> <item> <key> <string>co_argcount</string> </key> - <value> <int>1</int> </value> + <value> <int>2</int> </value> </item> <item> <key> <string>co_varnames</string> </key> <value> <tuple> <string>state_change</string> + <string>no_balance_check</string> <string>kw</string> <string>Products.DCWorkflow.DCWorkflow</string> <string>ValidationFailed</string> @@ -242,7 +246,9 @@ elif error[\'error_code\'] != 0:\n <item> <key> <string>func_defaults</string> </key> <value> - <none/> + <tuple> + <int>0</int> + </tuple> </value> </item> <item> diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validatePositionAccounting.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validatePositionAccounting.xml index 47f9f2be82..bf481c9b6b 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validatePositionAccounting.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/scripts/validatePositionAccounting.xml @@ -83,7 +83,7 @@ site = transaction.getSourceValue()\n transaction.Baobab_checkCounterOpened(site)\n \n # For safety, check the consistency again.\n -context.validateConsistency(state_change)\n +context.validateConsistency(state_change, no_balance_check=1)\n \n line = transaction.movement\n bank_account = transaction.getDestinationPaymentValue()\n diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/transitions/order.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/transitions/order.xml index fb843fe124..ecd3bc59dc 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/transitions/order.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_payment_workflow/transitions/order.xml @@ -38,7 +38,7 @@ <item> <key> <string>guard</string> </key> <value> - <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent> + <none/> </value> </item> <item> @@ -64,25 +64,4 @@ </dictionary> </pickle> </record> - <record id="2" aka="AAAAAAAAAAI="> - <pickle> - <tuple> - <global name="Guard" module="Products.DCWorkflow.Guard"/> - <tuple/> - </tuple> - </pickle> - <pickle> - <dictionary> - <item> - <key> <string>roles</string> </key> - <value> - <tuple> - <string>Manager</string> - <string>Assignee</string> - </tuple> - </value> - </item> - </dictionary> - </pickle> - </record> </ZopeData> diff --git a/bt5/erp5_banking_check/bt/revision b/bt5/erp5_banking_check/bt/revision index 5f5d9b11ac..9361cf7165 100644 --- a/bt5/erp5_banking_check/bt/revision +++ b/bt5/erp5_banking_check/bt/revision @@ -1 +1 @@ -375 \ No newline at end of file +376 \ No newline at end of file -- 2.30.9