From 72d94702d267b1fa0b956516eb80a16016f59508 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com>
Date: Wed, 30 Jan 2008 09:01:41 +0000
Subject: [PATCH] fix security for manual validation

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@18912 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../CheckDepositLine_init.xml                             | 8 ++++++++
 .../Delivery_saveCheckbookFastInputLine.xml               | 4 +++-
 .../scripts/createCheckDepositLine.xml                    | 4 +++-
 .../scripts/updateBankingOperation.xml                    | 4 +++-
 .../check_deposit_workflow/states/planned.xml             | 2 ++
 .../check_deposit_workflow/states/waiting.xml             | 8 ++++++--
 bt5/erp5_banking_check/bt/revision                        | 2 +-
 7 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml
index f7e8baa09f..80356e0e18 100644
--- a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml
+++ b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml
@@ -93,6 +93,14 @@
             <key> <string>_params</string> </key>
             <value> <string>*args, **kw</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>errors</string> </key>
             <value>
diff --git a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml
index 1a8ae27afc..c07386343b 100644
--- a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml
+++ b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml
@@ -72,6 +72,8 @@ result = []\n
 resultContainer = {}\n
 result_line = []\n
 \n
+if listbox is None:\n
+  listbox = []\n
 \n
 # remove existing lines\n
 old_line = [x.getObject() for x in context.objectValues(portal_type=[\'Checkbook Delivery Line\'])]\n
@@ -166,6 +168,7 @@ request[ \'RESPONSE\' ].redirect( redirect_url )\n
                             <string>result</string>
                             <string>resultContainer</string>
                             <string>result_line</string>
+                            <string>None</string>
                             <string>append</string>
                             <string>$append0</string>
                             <string>_getiter_</string>
@@ -181,7 +184,6 @@ request[ \'RESPONSE\' ].redirect( redirect_url )\n
                             <string>item</string>
                             <string>delivery_line</string>
                             <string>item_dict</string>
-                            <string>None</string>
                             <string>reference_range_min</string>
                             <string>reference_range_max</string>
                             <string>_write_</string>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml
index 4aec084790..4d7b265858 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml
@@ -119,7 +119,9 @@ line.setDestinationPaymentValue(transaction.getDestinationPaymentValue())\n
         <item>
             <key> <string>_proxy_roles</string> </key>
             <value>
-              <tuple/>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
             </value>
         </item>
         <item>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml
index 937a8a7267..f2e551cb79 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml
@@ -107,7 +107,9 @@ for check_operation_line in transaction.contentValues(filter = {\'portal_type\'
         <item>
             <key> <string>_proxy_roles</string> </key>
             <value>
-              <tuple/>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
             </value>
         </item>
         <item>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml
index 3af96c8708..2878153245 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml
@@ -78,6 +78,7 @@
                       <tuple>
                         <string>Assignee</string>
                         <string>Assignor</string>
+                        <string>DestinationAssignee</string>
                         <string>Manager</string>
                         <string>Owner</string>
                         <string>Reviewer</string>
@@ -106,6 +107,7 @@
                       <tuple>
                         <string>Assignee</string>
                         <string>Assignor</string>
+                        <string>DestinationAssignee</string>
                         <string>Manager</string>
                         <string>Owner</string>
                         <string>Reviewer</string>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml
index ffba1b7501..6d663c04cb 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml
@@ -86,13 +86,17 @@
                 <item>
                     <key> <string>Add portal content</string> </key>
                     <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
                 <item>
                     <key> <string>Modify portal content</string> </key>
                     <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
                 <item>
diff --git a/bt5/erp5_banking_check/bt/revision b/bt5/erp5_banking_check/bt/revision
index e8930b6df9..55f04f2ae2 100644
--- a/bt5/erp5_banking_check/bt/revision
+++ b/bt5/erp5_banking_check/bt/revision
@@ -1 +1 @@
-364
\ No newline at end of file
+365
\ No newline at end of file
-- 
2.30.9