Commit 9fc036e9 authored by Jérome Perrin's avatar Jérome Perrin

bug fix: check view permission even if only one document is related

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6060 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 12e6958e
No related merge requests found
...@@ -68,6 +68,7 @@ ...@@ -68,6 +68,7 @@
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>from ZTUtils import make_query\n <value> <string>from ZTUtils import make_query\n
N_ = context.Base_translateString\n N_ = context.Base_translateString\n
checkPerm = context.portal_membership.checkPermission\n
\n \n
search_method = getattr(context, \'get%sRelatedList\' %\n search_method = getattr(context, \'get%sRelatedList\' %\n
string.join([string.capitalize(x) for x in base_category.split(\'_\')], \'\'))\n string.join([string.capitalize(x) for x in base_category.split(\'_\')], \'\'))\n
...@@ -83,7 +84,7 @@ if len(related_list) == 0:\n ...@@ -83,7 +84,7 @@ if len(related_list) == 0:\n
\n \n
elif len(related_list) == 1:\n elif len(related_list) == 1:\n
related_object = context.restrictedTraverse(related_list[0], None)\n related_object = context.restrictedTraverse(related_list[0], None)\n
if related_object is not None :\n if related_object is not None and checkPerm("View", related_object) :\n
url = related_list[0]\n url = related_list[0]\n
message = N_(\n message = N_(\n
# first, try to get a full translated message with portal types\n # first, try to get a full translated message with portal types\n
...@@ -97,11 +98,10 @@ elif len(related_list) == 1:\n ...@@ -97,11 +98,10 @@ elif len(related_list) == 1:\n
url = context.absolute_url()\n url = context.absolute_url()\n
message = N_("You are not authorized to view the related document.")\n message = N_("You are not authorized to view the related document.")\n
else :\n else :\n
checkPerm = context.portal_membership.checkPermission\n
# compute the list of objects we are actually authorized to view\n # compute the list of objects we are actually authorized to view\n
related_object_list = []\n related_object_list = []\n
for path in search_method(portal_type=portal_type) :\n for path in search_method(portal_type=portal_type) :\n
obj = context.restrictedTraverse(path, None)\n obj = context.getPortalObject().restrictedTraverse(path, None)\n
if obj is not None and checkPerm("View", obj):\n if obj is not None and checkPerm("View", obj):\n
related_object_list.append(obj)\n related_object_list.append(obj)\n
if len(related_object_list) == 0 :\n if len(related_object_list) == 0 :\n
...@@ -173,6 +173,7 @@ context.REQUEST[ \'RESPONSE\' ].redirect(redirect_url)\n ...@@ -173,6 +173,7 @@ context.REQUEST[ \'RESPONSE\' ].redirect(redirect_url)\n
<string>_getattr_</string> <string>_getattr_</string>
<string>context</string> <string>context</string>
<string>N_</string> <string>N_</string>
<string>checkPerm</string>
<string>getattr</string> <string>getattr</string>
<string>string</string> <string>string</string>
<string>append</string> <string>append</string>
...@@ -189,7 +190,6 @@ context.REQUEST[ \'RESPONSE\' ].redirect(redirect_url)\n ...@@ -189,7 +190,6 @@ context.REQUEST[ \'RESPONSE\' ].redirect(redirect_url)\n
<string>None</string> <string>None</string>
<string>related_object</string> <string>related_object</string>
<string>unicode</string> <string>unicode</string>
<string>checkPerm</string>
<string>related_object_list</string> <string>related_object_list</string>
<string>path</string> <string>path</string>
<string>obj</string> <string>obj</string>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment