Add proxy role to SaleInvoiceTransaction_getVAT, because it might access...

Add proxy role to SaleInvoiceTransaction_getVAT, because it might access simulation movements for which the user doesn't have permission. Prevent the script to be called directly from URL git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@17687 20353a03-c40f-0410-a6d1-a30d3c3de9de

Add proxy role to SaleInvoiceTransaction_getVAT, because it might access...
Add proxy role to SaleInvoiceTransaction_getVAT, because it might access simulation movements for which the user doesn't have permission. Prevent the script to be called directly from URL git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@17687 20353a03-c40f-0410-a6d1-a30d3c3de9de
c28b2c95 · Jérome Perrin · c26d957e · c28b2c95 · c28b2c95
Commit c28b2c95 authored Nov 19, 2007 by Jérome Perrin
2 changed files
--- a/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml
+++ b/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/SaleInvoiceTransaction_getVAT.xml
@@ -3,11 +3,8 @@
  <record id="1" aka="AAAAAAAAAAE=">
    <pickle>
      <tuple>
-        <tuple>
-          <string>Products.PythonScripts.PythonScript</string>
-          <string>PythonScript</string>
-        </tuple>
-        <none/>
+        <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+        <tuple/>
      </tuple>
    </pickle>
    <pickle>
@@ -88,6 +85,9 @@ rate associated with an invoice line.\n
 \n
 This API will probably change.\n
 """\n
+if REQUEST is not None:\n
+  from zExceptions import Unauthorized\n
+  raise Unauthorized, script.getId()\n
 \n
 vat_infos = {\n
  \'total\' : 0,\n
@@ -161,7 +161,7 @@ return vat_infos\n
        </item>
        <item>
            <key> <string>_params</string> </key>
-            <value> <string></string> </value>
+            <value> <string>REQUEST=None</string> </value>
        </item>
        <item>
            <key> <string>errors</string> </key>
@@ -181,23 +181,27 @@ return vat_infos\n
                  <dictionary>
                    <item>
                        <key> <string>co_argcount</string> </key>
-                        <value> <int>0</int> </value>
+                        <value> <int>1</int> </value>
                    </item>
                    <item>
                        <key> <string>co_varnames</string> </key>
                        <value>
                          <tuple>
+                            <string>REQUEST</string>
+                            <string>None</string>
+                            <string>zExceptions</string>
+                            <string>Unauthorized</string>
+                            <string>_getattr_</string>
+                            <string>script</string>
                            <string>vat_infos</string>
                            <string>context</string>
                            <string>invoice</string>
-                            <string>_getattr_</string>
                            <string>portal</string>
                            <string>accounting_movement_list</string>
                            <string>len</string>
                            <string>_getiter_</string>
                            <string>movement</string>
                            <string>account</string>
-                            <string>None</string>
                            <string>_getitem_</string>
                            <string>float</string>
                            <string>_write_</string>
@@ -216,7 +220,9 @@ return vat_infos\n
        <item>
            <key> <string>func_defaults</string> </key>
            <value>
-              <none/>
+              <tuple>
+                <none/>
+              </tuple>
            </value>
        </item>
        <item>

--- a/bt5/erp5_accounting/bt/revision
+++ b/bt5/erp5_accounting/bt/revision
-498
\ No newline at end of file
+500
\ No newline at end of file