Commit 87584248 authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_hal_json_style: relationfield is rendered as no editable with empty value...

erp5_hal_json_style: relationfield is rendered as no editable with empty value when user can't access related document
parent 9b10d489
......@@ -7,6 +7,7 @@ import datetime
import time
from email.Utils import formatdate
import re
from zExceptions import Unauthorized
if REQUEST is None:
REQUEST = context.REQUEST
......@@ -209,10 +210,16 @@ def renderField(traversed_document, field, form, value=None, meta_type=None, key
accessor_name = 'get%sValueList' % \
''.join([part.capitalize() for part in base_category.split('_')])
try:
jump_reference_list = getattr(traversed_document, accessor_name)(
portal_type=[x[0] for x in field.get_value('portal_type')],
filter=kw
) or []
except Unauthorized:
jump_reference_list = []
result.update({
"editable": False
})
query = url_template_dict["jio_search_template"] % {
"query": make_query({"query": sql_catalog.buildQuery(
{"portal_type": portal_type_list}
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="ZopePageTemplate" module="Products.PageTemplates.ZopePageTemplate"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>content_type</string> </key>
<value> <string>text/html</string> </value>
</item>
<item>
<key> <string>expand</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>testAccessUnauthorizedRelationValue</string> </value>
</item>
<item>
<key> <string>output_encoding</string> </key>
<value> <string>utf-8</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <unicode></unicode> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<html xmlns:tal="http://xml.zope.org/namespaces/tal"
xmlns:metal="http://xml.zope.org/namespaces/metal">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Test RenderJS UI</title>
</head>
<body>
<table cellpadding="1" cellspacing="1" border="1">
<thead>
<tr><td rowspan="1" colspan="3">Test RenderJS UI</td></tr>
</thead><tbody>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/macros/init" />
<!-- Clean Up -->
<tr>
<td>open</td>
<td>${base_url}/foo_module/ListBoxZuite_reset</td>
<td></td>
</tr>
<tr>
<td>assertTextPresent</td>
<td>Reset Successfully.</td>
<td></td>
</tr>
<tr>
<td>open</td>
<td>${base_url}/Foo_createHasUnauthorizedFoo</td>
<td></td>
</tr>
<tr>
<td>waitForTextPresent</td>
<td>Done</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/macros/wait_for_activities" />
<!-- Initialize -->
<tr>
<td>open</td>
<td>${base_url}/web_site_module/renderjs_runner/#/foo_module</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//a[contains(text(), 'hasAccessUnauthorized')]</td>
<td></td>
</tr>
<tr>
<td>click</td>
<td>//a[contains(text(), 'hasAccessUnauthorized')]</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//a[@data-i18n="Editable"]</td>
<td></td>
</tr>
<tr>
<td>click</td>
<td>//a[@data-i18n="Editable"]</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//button[@data-i18n="Save"]</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/go_to_foo_relation_field_view" />
<tr>
<td>waitForElementPresent</td>
<td>//button[@data-i18n="Save"]</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//label[@for="field_my_successor_title"]</td>
<td></td>
</tr>
<tr>
<td>verifyElementNotPresent</td>
<td>//div[@data-gadget-scope="field_my_successor_title"]//input</td>
<td></td>
</tr>
</tbody></table>
</body>
</html>
\ No newline at end of file
foo1 = context.foo_module.newContent(portal_type='Foo')
foo2 = context.foo_module.newContent(portal_type='Foo')
foo1.setTitle('hasAccessUnauthorized')
foo1.setSuccessorValue(foo2)
foo1.immediateReindexObject()
foo2.immediateReindexObject()
  • Why call immediateReindexObject ? I see the next sequence step is precisely to wait for any pending activity to finish, so I do not understand these 2 lines.

    /cc @romain

  • @vpelletier without those 2 lines, foo1 and foo2 may get randomly recursiveImmediateReindexObject failure, the error is:

    Exception Type	Unauthorized
    Exception Value	You are not allowed to access 'isResourceType' in this context

    then test will fail

    so i think reindex should be done before change permission of foo2 is done

  • Can it be related with the fact that we passing roles as a string where method expect a sequence ?

    ( see https://github.com/zopefoundation/AccessControl/blob/1b5488a478a80c44586db845c5c817f336590a5d/src/AccessControl/interfaces.py#L119 )

    My guess is that this grants permission to ['M', 'a', 'n', 'a', 'g', 'e', 'r'] , but it's an interesting error. I should not be a problem to reindex a document on which Manager role does not have any permission.

  • @xiaowu.zhang : Did you check Jerome's guess ?

Please register or sign in to reply
foo2.activate().manage_permission( 'Access contents information', 'Manager', 0)
return 'Done'
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Foo_createHasUnauthorizedFoo</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment