Check if the user is allowed to clone the document.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@18813 20353a03-c40f-0410-a6d1-a30d3c3de9de

Check if the user is allowed to clone the document.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@18813 20353a03-c40f-0410-a6d1-a30d3c3de9de
8a2f194a · Romain Courteaud · 0f695a3d · 8a2f194a · 8a2f194a
Commit 8a2f194a authored Jan 22, 2008 by Romain Courteaud
2 changed files
--- a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
@@ -82,6 +82,14 @@ if clone:\n
 else:\n
  portal_type = form_data[\'clone_portal_type\']\n
 \n
+parent = context.getParentValue()\n
+allowed_type_list = parent.getVisibleAllowedContentTypeList()\n
+if portal_type not in allowed_type_list:\n
+  return context.ERP5Site_redirect(\'%s/%s/view\' % (\n
+        parent.getUrl(), context.getId()),\n
+        keep_items={\'portal_status_message\':\n
+           translateString("You are not allowed to clone this object.")})\n
+\n
 # prepare query params\n
 kw = {\'portal_type\' : portal_type}\n
 \n
@@ -162,6 +170,8 @@ return new_object.Base_redirect(form_id, \n
                            <string>form_data</string>
                            <string>portal_type</string>
                            <string>_getitem_</string>
+                            <string>parent</string>
+                            <string>allowed_type_list</string>
                            <string>kw</string>
                            <string>getattr</string>
                            <string>None</string>

--- a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
-484
+485
\ No newline at end of file