Skip to content

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
    • Help
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
erp5
erp5
  • Project
    • Project
    • Details
    • Activity
    • Releases
    • Cycle Analytics
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Charts
  • Merge Requests 114
    • Merge Requests 114
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Charts
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Charts
  • Jobs
  • Commits
  • nexedi
  • erp5erp5
  • Merge Requests
  • !133

Open
Opened Jun 23, 2016 by Julien Muchembled@jm
  • Report abuse
Report abuse

Do not hardcode 'Modify portal content' permission for the 'Save' button (object_view actions)

The last commit describes almost everything. Previous commits are just there to improve guards on Python Scripts and External Methods.

One thing I'm not sure about is how to reuse Base_edit the use does not have 'Modify portal content' permission. I mean that the form action could point to a callable with an appropriate guard, and a proxy role so it can call Base_edit, but I think Base_edit itself will fail because proxy roles aren't inherited.

/cc @all

Check out, review, and merge locally

Step 1. Fetch and check out the branch for this merge request

git fetch origin
git checkout -b jm/form-action-guard origin/jm/form-action-guard

Step 2. Review the changes locally

Step 3. Merge the branch and fix any conflicts that come up

git fetch origin
git checkout origin/master
git merge --no-ff jm/form-action-guard

Step 4. Push the result of the merge to GitLab

git push origin master

Note that pushing to GitLab requires write access to this repository.

Tip: You can also checkout merge requests locally by following these guidelines.

  • Discussion 23
  • Commits 1
  • Changes 4
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
0
Labels
None
Assign labels
  • View project labels
Reference: nexedi/erp5!133
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备14008524号