Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
erp5 erp5
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Labels
    • Labels
  • Merge requests 139
    • Merge requests 139
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI/CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Jobs
  • Commits
Collapse sidebar
  • nexedi
  • erp5erp5
  • Merge requests
  • !133

Open
Created Jun 23, 2016 by Julien Muchembled@jmOwner
  • Report abuse
Report abuse

Do not hardcode 'Modify portal content' permission for the 'Save' button (object_view actions)

  • Overview 23
  • Commits 1
  • Changes 4

The last commit describes almost everything. Previous commits are just there to improve guards on Python Scripts and External Methods.

One thing I'm not sure about is how to reuse Base_edit the use does not have 'Modify portal content' permission. I mean that the form action could point to a callable with an appropriate guard, and a proxy role so it can call Base_edit, but I think Base_edit itself will fail because proxy roles aren't inherited.

/cc @all

Assignee
Assign to
Reviewer
Request review from
None
Milestone
None
Assign milestone
Time tracking
Source branch: jm/form-action-guard
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7