1. 15 Sep, 2017 3 commits
    • Jérome Perrin's avatar
      dms: do not grant permissions based on Owner role · 1664e541
      Jérome Perrin authored
       .. except from Draft and Submitted state.
      
      Document security should be based on group, site, function defined on
      document, sometimes publication section and or follow up, but the owner
      should only be considered in draft state.
      
      For conveniance (and compatibility), Owner is also allowed to view in
      Submitted state. The use case is for when a user submit a document he
      will not be allowed to see, for example because he made a mistake when
      choosing properties, user is still allowed to view the document and
      there's no unauthorized error.
      
      We want to allow a user to set properties before publishing a document
      and later, once the document is no longer draft, the security of the
      document will be depending on these properties.
      
      We want to prevent users to get permissions on a PDF document that would
      be created by interactions and they are not supposed to see. For exemple
      when we generate a PDF invoice and store it in document module. In this
      case, as the interaction runs as the user, this user will have Owner
      role implicitely.
      1664e541
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
      CatalogTool: make getCategory{,ValueDict}ParameterDict return a query tree · 22e91eea
      Vincent Pelletier authored
      This way it is easier to further extend it without risking key conflicts
      in catalog parameters, which in turn would either lead to simple TypeErrors
      ("multiple values for parameter ...") or to criterion being accidentally
      ignored.
      Update callers.
      These methods are young enough that no other callers should exist yet.
      22e91eea
  2. 14 Sep, 2017 8 commits
  3. 13 Sep, 2017 2 commits
  4. 12 Sep, 2017 3 commits
  5. 11 Sep, 2017 10 commits
  6. 08 Sep, 2017 14 commits