Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alecs_myu
erp5
Commits
4b8dd744
Commit
4b8dd744
authored
Mar 24, 2017
by
Romain Courteaud
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[erp5_hal_json_style] Base_edit: return an 403 code if user can't edit the document
parent
bc823dd5
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
7 additions
and
8 deletions
+7
-8
bt5/erp5_hal_json_style/SkinTemplateItem/portal_skins/erp5_hal_json_style/Base_edit.py
...emplateItem/portal_skins/erp5_hal_json_style/Base_edit.py
+7
-8
No files found.
bt5/erp5_hal_json_style/SkinTemplateItem/portal_skins/erp5_hal_json_style/Base_edit.py
View file @
4b8dd744
...
@@ -22,18 +22,17 @@ if request.get('field_prefix', None):
...
@@ -22,18 +22,17 @@ if request.get('field_prefix', None):
if
dialog_id
not
in
(
''
,
None
):
if
dialog_id
not
in
(
''
,
None
):
form_id
=
dialog_id
form_id
=
dialog_id
# Prevent users who don't have rights to edit the object from
# editing it by calling the Base_edit script with correct
# parameters directly.
if
not
silent_mode
and
not
request
.
AUTHENTICATED_USER
.
has_permission
(
'Modify portal content'
,
context
)
:
msg
=
Base_translateString
(
"You do not have the permissions to edit the object."
)
redirect_url
=
'%s/%s?selection_index=%s&selection_name=%s&%s'
%
(
context
.
absolute_url
(),
form_id
,
selection_index
,
selection_name
,
'portal_status_message=%s'
%
msg
)
return
context
.
Base_redirect
(
redirect_url
)
# Get the form
# Get the form
form
=
getattr
(
context
,
form_id
)
form
=
getattr
(
context
,
form_id
)
edit_order
=
form
.
edit_order
edit_order
=
form
.
edit_order
# Prevent users who don't have rights to edit the object from
# editing it by calling the Base_edit script with correct
# parameters directly.
if
not
silent_mode
and
not
request
.
AUTHENTICATED_USER
.
has_permission
(
'Modify portal content'
,
context
):
request
.
RESPONSE
.
setStatus
(
403
)
return
context
.
ERP5Document_getHateoas
(
form
=
form
,
REQUEST
=
request
,
mode
=
'form'
)
try
:
try
:
# Validate
# Validate
form
.
validate_all_to_request
(
request
,
key_prefix
=
key_prefix
)
form
.
validate_all_to_request
(
request
,
key_prefix
=
key_prefix
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment