bug fix: check view permission even if only one document is related

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6060 20353a03-c40f-0410-a6d1-a30d3c3de9de

bug fix: check view permission even if only one document is related
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6060 20353a03-c40f-0410-a6d1-a30d3c3de9de
9fc036e9 · Jérome Perrin · 12e6958e · 9fc036e9
Commit 9fc036e9 authored Mar 09, 2006 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_jumpToRelatedObject.xml ...eItem/portal_skins/erp5_core/Base_jumpToRelatedObject.xml +4 -4

No files found.
--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_jumpToRelatedObject.xml
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_jumpToRelatedObject.xml
@@ -68,6 +68,7 @@
            <key> <string>_body</string> </key>
            <value> <string>from ZTUtils import make_query\n
 N_ = context.Base_translateString\n
+checkPerm = context.portal_membership.checkPermission\n
 \n
 search_method = getattr(context, \'get%sRelatedList\' %\n
          string.join([string.capitalize(x) for x in base_category.split(\'_\')], \'\'))\n
@@ -83,7 +84,7 @@ if len(related_list) == 0:\n
 \n
 elif len(related_list) == 1:\n
  related_object = context.restrictedTraverse(related_list[0], None)\n
-  if related_object is not None :\n
+  if related_object is not None and checkPerm("View", related_object) :\n
    url = related_list[0]\n
    message = N_(\n
      # first, try to get a full translated message with portal types\n
@@ -97,11 +98,10 @@ elif len(related_list) == 1:\n
    url = context.absolute_url()\n
    message = N_("You are not authorized to view the related document.")\n
 else :\n
-  checkPerm = context.portal_membership.checkPermission\n
  # compute the list of objects we are actually authorized to view\n
  related_object_list = []\n
  for path in search_method(portal_type=portal_type) :\n
-    obj = context.restrictedTraverse(path, None)\n
+    obj = context.getPortalObject().restrictedTraverse(path, None)\n
    if obj is not None and checkPerm("View", obj):\n
      related_object_list.append(obj)\n
  if len(related_object_list) == 0 :\n
@@ -173,6 +173,7 @@ context.REQUEST[ \'RESPONSE\' ].redirect(redirect_url)\n
                            <string>_getattr_</string>
                            <string>context</string>
                            <string>N_</string>
+                            <string>checkPerm</string>
                            <string>getattr</string>
                            <string>string</string>
                            <string>append</string>
@@ -189,7 +190,6 @@ context.REQUEST[ \'RESPONSE\' ].redirect(redirect_url)\n
                            <string>None</string>
                            <string>related_object</string>
                            <string>unicode</string>
-                            <string>checkPerm</string>
                            <string>related_object_list</string>
                            <string>path</string>
                            <string>obj</string>