- 15 Sep, 2017 3 commits
-
-
Jérome Perrin authored
.. except from Draft and Submitted state. Document security should be based on group, site, function defined on document, sometimes publication section and or follow up, but the owner should only be considered in draft state. For conveniance (and compatibility), Owner is also allowed to view in Submitted state. The use case is for when a user submit a document he will not be allowed to see, for example because he made a mistake when choosing properties, user is still allowed to view the document and there's no unauthorized error. We want to allow a user to set properties before publishing a document and later, once the document is no longer draft, the security of the document will be depending on these properties. We want to prevent users to get permissions on a PDF document that would be created by interactions and they are not supposed to see. For exemple when we generate a PDF invoice and store it in document module. In this case, as the interaction runs as the user, this user will have Owner role implicitely.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
This way it is easier to further extend it without risking key conflicts in catalog parameters, which in turn would either lead to simple TypeErrors ("multiple values for parameter ...") or to criterion being accidentally ignored. Update callers. These methods are young enough that no other callers should exist yet.
-
- 14 Sep, 2017 8 commits
-
-
Cédric Le Ninivin authored
* This kind of query: 'foo:("bar", "couscous")' is currently not supported by query storage
-
Tristan Cavelier authored
follow_up | Related Object creation_date | Creation Date translated_validation_state_title | State
-
Jérome Perrin authored
This action should only be possible if user have View History permission. erp5_data_protection relies on removing the "View History" permission to make sure users cannot see the properties before protection in the history tab. This was supported by Base_viewHistory, but not by ZODB History
-
Jérome Perrin authored
If we call Base_translateString before storing the message in the history, the message will be translated when this action is used and stored as translated using the language of the user executing this action. The proper way is to store a message in history, so that it is rendered when displayed.
-
Tomáš Peterka authored
-
Tomáš Peterka authored
-
Iliya Manolov authored
Clone of nexedi/erp5!339 /reviewed-on nexedi/erp5!391
-
Xiaowu Zhang authored
-
- 13 Sep, 2017 2 commits
-
-
Cédric Le Ninivin authored
-
Vincent Pelletier authored
Also, document that value order in base_category_dict is meaningless.
-
- 12 Sep, 2017 3 commits
-
-
Tomáš Peterka authored
@Nicolas uses worklist as one of many gadgets in one page thus stackable empty worklist is necessary (before it was positioned as an fixed element). /reviewed-on nexedi/erp5!387
-
Jérome Perrin authored
fixes #20170911-1AD62FB
-
Jérome Perrin authored
Reports is easier to read if lines are sorted by third party name then by date. We also sort by transaction title to keep stable ordering of lines.
-
- 11 Sep, 2017 10 commits
-
-
Boxiang Sun authored
-
Boxiang Sun authored
Use portal_membership.getAuthenticatedMember().getUserValue() instead.
-
Boxiang Sun authored
This issue was reported by Nicolas. When embedding the support request application in other App. The `options` parameter in the `render` function is undefined, so the `field_listbox_begin_from` can not be found. Use `getUrlParameter` to retrieve it from URL.
-
Boxiang Sun authored
The commit 1fbf9ba9 put the title in wrong order. Correct it. This commit is not a revert, it is a fixing.
-
Boxiang Sun authored
- "Restore Filter" button. Allow to remove the filters applied on the homepage listbox. Disabled when no filter applied. - Generate RSS button. Generate the RSS link. Click this button will generate a RSS link for an anchor tag and hide the button itself. - Create Support Request button. Make the appearance same in desktop and iphone browser.
-
Vincent Bechu authored
/reviewed-on nexedi/erp5!386
-
Ivan Tyagov authored
-
Ivan Tyagov authored
-
Jérome Perrin authored
Currently, the domain selection is implictly on node_category
-
Jérome Perrin authored
`portal_catalog/erp5_mysql_innodb/SQLCatalog_makeFullTextQuery` is provided by full text implementation business template. The scriptable key definition is intentionnaly left in this business template because we don't have a mechanism like template_keep_path_list to prevent uninstalling the scriptable key when business template is updated. /fixes #20170620-8BDEBE /reviewed-on nexedi/erp5!300
-
- 08 Sep, 2017 14 commits
-
-
Nicolas Wavrant authored
state_dict.items doesn't exist and trying to access it raises an error
-
Vincent Bechu authored
And update appcache
-
Vincent Bechu authored
-
Tomáš Peterka authored
/reviewed-on nexedi/erp5!381
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Alain Takoudjou authored
[officejs_monitoring] Some performances improvement, speed up hosting subscription list page rendering Speed up display of hosting subscription list by reducing the amount of queries. If a document is not synced (due to an error) change the status of that document to WARNING so that monitor will tell when instances/servers are offline.
-
Alain Takoudjou authored
-
Łukasz Nowak authored
Since by default insecure and unrestricted code execution is disabled and manual intervention by the user is required reflect this in description.
-
Łukasz Nowak authored
Before executing any code check if server side is configured to execute unrestricted code.
-
Łukasz Nowak authored
-
Ivan Tyagov authored
-