Commit 75991ec1 authored by Jérome Perrin's avatar Jérome Perrin

Don't show 'invalidated' payment nodes. Also an check we can access the bank...

Don't show 'invalidated' payment nodes. Also an check we can access the bank account, to prevent unauthorized.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12620 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 1e0ec429
...@@ -75,11 +75,14 @@ item_list = [[\'\', \'\']]\n ...@@ -75,11 +75,14 @@ item_list = [[\'\', \'\']]\n
\n \n
entity = context.getDestinationSectionValue()\n entity = context.getDestinationSectionValue()\n
if entity is not None:\n if entity is not None:\n
bank_account_list = entity.contentValues(filter={\'portal_type\':\n bank_account_id_list = entity.contentIds(filter={\'portal_type\':\n
entity.getPortalPaymentNodeTypeList()})\n entity.getPortalPaymentNodeTypeList()})\n
for bank_account in bank_account_list:\n for bank_account_id in bank_account_id_list:\n
# skip objects we are not allowed to access\n
bank_account = entity.restrictedTraverse(bank_account_id, None)\n
if bank_account is not None and \\\n
bank_account.getValidationState() != \'invalidated\':\n
url = bank_account.getRelativeUrl()\n url = bank_account.getRelativeUrl()\n
#label = bank_account.getIban()\n
label = bank_account.getReference() or bank_account.getTitle()\n label = bank_account.getReference() or bank_account.getTitle()\n
item_list.append([label, url])\n item_list.append([label, url])\n
\n \n
...@@ -133,8 +136,9 @@ return item_list\n ...@@ -133,8 +136,9 @@ return item_list\n
<string>context</string> <string>context</string>
<string>entity</string> <string>entity</string>
<string>None</string> <string>None</string>
<string>bank_account_list</string> <string>bank_account_id_list</string>
<string>_getiter_</string> <string>_getiter_</string>
<string>bank_account_id</string>
<string>bank_account</string> <string>bank_account</string>
<string>url</string> <string>url</string>
<string>label</string> <string>label</string>
......
...@@ -75,9 +75,13 @@ item_list = [[\'\', \'\']]\n ...@@ -75,9 +75,13 @@ item_list = [[\'\', \'\']]\n
\n \n
entity = context.getSourceSectionValue()\n entity = context.getSourceSectionValue()\n
if entity is not None:\n if entity is not None:\n
bank_account_list = entity.contentValues(filter={\'portal_type\':\n bank_account_id_list = entity.contentIds(filter={\'portal_type\':\n
entity.getPortalPaymentNodeTypeList()})\n entity.getPortalPaymentNodeTypeList()})\n
for bank_account in bank_account_list:\n for bank_account_id in bank_account_id_list:\n
# skip objects we are not allowed to access\n
bank_account = entity.restrictedTraverse(bank_account_id, None)\n
if bank_account is not None and \\\n
bank_account.getValidationState() != \'invalidated\':\n
url = bank_account.getRelativeUrl()\n url = bank_account.getRelativeUrl()\n
label = bank_account.getReference() or bank_account.getTitle()\n label = bank_account.getReference() or bank_account.getTitle()\n
item_list.append([label, url])\n item_list.append([label, url])\n
...@@ -132,8 +136,9 @@ return item_list\n ...@@ -132,8 +136,9 @@ return item_list\n
<string>context</string> <string>context</string>
<string>entity</string> <string>entity</string>
<string>None</string> <string>None</string>
<string>bank_account_list</string> <string>bank_account_id_list</string>
<string>_getiter_</string> <string>_getiter_</string>
<string>bank_account_id</string>
<string>bank_account</string> <string>bank_account</string>
<string>url</string> <string>url</string>
<string>label</string> <string>label</string>
......
177 178
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment