Commit b7f49893 authored by Romain Courteaud's avatar Romain Courteaud

Make relation string field manage permission correctly.

Only display objects for which user has the right permission.
Never remove the relation to not viewable objects.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20988 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent e07b66ac
...@@ -193,6 +193,7 @@ class DefaultValue(StaticValue): ...@@ -193,6 +193,7 @@ class DefaultValue(StaticValue):
form = field.aq_parent form = field.aq_parent
ob = getattr(form, 'aq_parent', None) ob = getattr(form, 'aq_parent', None)
value = self.value value = self.value
try:
if value not in (None, ''): if value not in (None, ''):
# If a default value is defined on the field, it has precedence # If a default value is defined on the field, it has precedence
value = ob.getProperty(self.key, d=value) value = ob.getProperty(self.key, d=value)
...@@ -200,6 +201,11 @@ class DefaultValue(StaticValue): ...@@ -200,6 +201,11 @@ class DefaultValue(StaticValue):
# else we should give a chance to the accessor to provide # else we should give a chance to the accessor to provide
# a default value (including None) # a default value (including None)
value = ob.getProperty(self.key) value = ob.getProperty(self.key)
except Unauthorized:
value = ob.getProperty(self.key, d=value, checked_permission='View')
REQUEST = get_request()
if REQUEST is not None:
REQUEST.set('read_only_%s' % self.key, 1)
except (KeyError, AttributeError): except (KeyError, AttributeError):
value = None value = None
return self.returnValue(field, id, value) return self.returnValue(field, id, value)
......
...@@ -431,12 +431,14 @@ class MultiRelationEditor: ...@@ -431,12 +431,14 @@ class MultiRelationEditor:
set_method_name = '_set%sValue' % \ set_method_name = '_set%sValue' % \
convertToUpperCase(self.base_category) convertToUpperCase(self.base_category)
getattr(o, set_method_name)(relation_object_list[0], getattr(o, set_method_name)(relation_object_list[0],
portal_type=self.portal_type_list) portal_type=self.portal_type_list,
checked_permission='View')
else: else:
set_method_name = '_set%sValueList' % \ set_method_name = '_set%sValueList' % \
convertToUpperCase(self.base_category) convertToUpperCase(self.base_category)
getattr(o, set_method_name)(relation_object_list, getattr(o, set_method_name)(relation_object_list,
portal_type=self.portal_type_list) portal_type=self.portal_type_list,
checked_permission='View')
allow_class(MultiRelationEditor) allow_class(MultiRelationEditor)
......
...@@ -59,6 +59,13 @@ class RelationStringFieldWidget( ...@@ -59,6 +59,13 @@ class RelationStringFieldWidget(
def _generateRenderValueList(self, field, key, value, REQUEST): def _generateRenderValueList(self, field, key, value, REQUEST):
# value = value or NO_VALUE # value = value or NO_VALUE
if REQUEST.get(
'read_only_%s' % REQUEST.get(
'field__proxyfield_%s_%s_default' % (field.id, field._p_oid),
field).getId()[3:], 0):
return []
else:
relation_field_id = field.generate_subfield_key(SUB_FIELD_ID, key=key) relation_field_id = field.generate_subfield_key(SUB_FIELD_ID, key=key)
relation_item_key = field.generate_subfield_key(ITEM_ID, key=key) relation_item_key = field.generate_subfield_key(ITEM_ID, key=key)
relation_item_list = REQUEST.get(relation_item_key, []) relation_item_list = REQUEST.get(relation_item_key, [])
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment