Skip to content

erp5
erp5
Commit 252aa095 authored by Jean-Paul Smets's avatar Jean-Paul Smets
Browse files
Options

Added format conversion control system to make sure a document can only be... 

Added format conversion control system to make sure a document can only be converted to a given list of formats based on the user profile. Required update of erp5_dms.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16743 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 139019a4
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 0 deletions
product/ERP5OOo/Document/OOoDocument.py
View file @ 252aa095
...@@ -32,6 +32,7 @@ from xmlrpclib import Fault ...@@ -32,6 +32,7 @@ from xmlrpclib import Fault
from xmlrpclib import Transport from xmlrpclib import Transport
from xmlrpclib import SafeTransport from xmlrpclib import SafeTransport
from AccessControl import ClassSecurityInfo from AccessControl import ClassSecurityInfo
from AccessControl import Unauthorized
from OFS.Image import Pdata from OFS.Image import Pdata
from Products.CMFCore.utils import getToolByName, _setCacheHeaders from Products.CMFCore.utils import getToolByName, _setCacheHeaders
from Products.ERP5Type import Permissions, PropertySheet, Constraint, Interface from Products.ERP5Type import Permissions, PropertySheet, Constraint, Interface
...@@ -153,6 +154,14 @@ class OOoDocument(File, ConversionCacheMixin): ...@@ -153,6 +154,14 @@ class OOoDocument(File, ConversionCacheMixin):
""" """
# Accelerate rendering in Web mode # Accelerate rendering in Web mode
_setCacheHeaders(self, {'format' : format}) _setCacheHeaders(self, {'format' : format})
# Verify that the format is acceptable (from permission point of view)
method = self._getTypeBasedMethod('checkConversionFormatPermission',
fallback_script_id = 'Document_checkConversionFormatPermission')
if not method(format=format):
raise Unauthorized("OOoDocument: user does not have enough permission to access document"
" in %s format" % format)
# Return the original file by default # Return the original file by default
if format is None: if format is None:
return File.index_html(self, REQUEST, RESPONSE) return File.index_html(self, REQUEST, RESPONSE)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7