From 72d94702d267b1fa0b956516eb80a16016f59508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com> Date: Wed, 30 Jan 2008 09:01:41 +0000 Subject: [PATCH] fix security for manual validation git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@18912 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../CheckDepositLine_init.xml | 8 ++++++++ .../Delivery_saveCheckbookFastInputLine.xml | 4 +++- .../scripts/createCheckDepositLine.xml | 4 +++- .../scripts/updateBankingOperation.xml | 4 +++- .../check_deposit_workflow/states/planned.xml | 2 ++ .../check_deposit_workflow/states/waiting.xml | 8 ++++++-- bt5/erp5_banking_check/bt/revision | 2 +- 7 files changed, 26 insertions(+), 6 deletions(-) diff --git a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml index f7e8baa09f..80356e0e18 100644 --- a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml +++ b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDepositLine_init.xml @@ -93,6 +93,14 @@ <key> <string>_params</string> </key> <value> <string>*args, **kw</string> </value> </item> + <item> + <key> <string>_proxy_roles</string> </key> + <value> + <tuple> + <string>Manager</string> + </tuple> + </value> + </item> <item> <key> <string>errors</string> </key> <value> diff --git a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml index 1a8ae27afc..c07386343b 100644 --- a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml +++ b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/Delivery_saveCheckbookFastInputLine.xml @@ -72,6 +72,8 @@ result = []\n resultContainer = {}\n result_line = []\n \n +if listbox is None:\n + listbox = []\n \n # remove existing lines\n old_line = [x.getObject() for x in context.objectValues(portal_type=[\'Checkbook Delivery Line\'])]\n @@ -166,6 +168,7 @@ request[ \'RESPONSE\' ].redirect( redirect_url )\n <string>result</string> <string>resultContainer</string> <string>result_line</string> + <string>None</string> <string>append</string> <string>$append0</string> <string>_getiter_</string> @@ -181,7 +184,6 @@ request[ \'RESPONSE\' ].redirect( redirect_url )\n <string>item</string> <string>delivery_line</string> <string>item_dict</string> - <string>None</string> <string>reference_range_min</string> <string>reference_range_max</string> <string>_write_</string> diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml index 4aec084790..4d7b265858 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/createCheckDepositLine.xml @@ -119,7 +119,9 @@ line.setDestinationPaymentValue(transaction.getDestinationPaymentValue())\n <item> <key> <string>_proxy_roles</string> </key> <value> - <tuple/> + <tuple> + <string>Manager</string> + </tuple> </value> </item> <item> diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml index 937a8a7267..f2e551cb79 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/scripts/updateBankingOperation.xml @@ -107,7 +107,9 @@ for check_operation_line in transaction.contentValues(filter = {\'portal_type\' <item> <key> <string>_proxy_roles</string> </key> <value> - <tuple/> + <tuple> + <string>Manager</string> + </tuple> </value> </item> <item> diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml index 3af96c8708..2878153245 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/planned.xml @@ -78,6 +78,7 @@ <tuple> <string>Assignee</string> <string>Assignor</string> + <string>DestinationAssignee</string> <string>Manager</string> <string>Owner</string> <string>Reviewer</string> @@ -106,6 +107,7 @@ <tuple> <string>Assignee</string> <string>Assignor</string> + <string>DestinationAssignee</string> <string>Manager</string> <string>Owner</string> <string>Reviewer</string> diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml index ffba1b7501..6d663c04cb 100644 --- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml +++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/check_deposit_workflow/states/waiting.xml @@ -86,13 +86,17 @@ <item> <key> <string>Add portal content</string> </key> <value> - <tuple/> + <tuple> + <string>Manager</string> + </tuple> </value> </item> <item> <key> <string>Modify portal content</string> </key> <value> - <tuple/> + <tuple> + <string>Manager</string> + </tuple> </value> </item> <item> diff --git a/bt5/erp5_banking_check/bt/revision b/bt5/erp5_banking_check/bt/revision index e8930b6df9..55f04f2ae2 100644 --- a/bt5/erp5_banking_check/bt/revision +++ b/bt5/erp5_banking_check/bt/revision @@ -1 +1 @@ -364 \ No newline at end of file +365 \ No newline at end of file -- 2.30.9