1. 12 Jan, 2015 32 commits
  2. 09 Jan, 2015 2 commits
    • Kirill Smelkov's avatar
      bt5/erp5_forum_tutorial: Correct role mapping on DiscussionThreadModule for forum Admin & User · 5c589e7b
      Kirill Smelkov authored
      tl;dr currently function/forum/{administrator,user} are mapped to Author
            only role on forum module without also mapping to Auditor role.
      
            Auditor role is needed because by definition Author cannot view
            content and without such role Admin & User cannot see
            DiscussionThreadModule at all.
      
            Similarly besides having Author role, Users also need to have
            Auditor role on DiscussionThread in order to view threads.
      
      Currently for DiscussionThreadModule we map categories
      
          function/forum/administrator    and
          function/forum/user
      
      to one Author role in A5 speak.
      
      Then, for forum, it is assumed that each user will be assigned only one
      functional category to each user (e.g. only one of
      function/forum/{administrator,user,visitor}).
      
      So it turns out e.g. function/forum/administrator category is mapped to
      only Author role on DiscussionThreadModule.
      
      Now by definition Authors can create documents, but they cannot
      access/view them (as per http://www.erp5.org/ERP5SecurityModel).
      This is also indirectly justified by default-assigned security settings
      for Author role - see section "Adjust Permissions on the Module" -
      Author is not allowed to "View".
      
          So if forum administrator is only mapped to Author role, he can
          _not_ view/access the forum module.
      
      And I discovered this exactly this way - usual visitors (who map to
      Auditor role) were being able to see the module, but admin and users
      could not.
      
      To solve this logically, lets also map
      
          function/forum/administrator    and
          function/forum/user
      
      to Auditor role on DiscussionThreadModule (i.e. they now both map to
      Author & Auditor). And now both admin & user can access/view the module
      & create threads.
      
      Similarly without Auditor role on DiscussionThread, User cannot view it.
      ( And Administrator has Assignor on DiscussionThread which allows viewing
        by itself )
      
      NOTE for DiscussionPost we don't need to change anything in order for
      users to view it because DiscussionPost acquires local roles.
      Helped-by: Klaus Wölfel's avatarKlaus Wölfel <klaus@nexedi.com>
      5c589e7b
    • Tristan Cavelier's avatar
      fix erp5.css classic table view · b8f34d3c
      Tristan Cavelier authored
      b8f34d3c
  3. 08 Jan, 2015 1 commit
    • Vincent Pelletier's avatar
      CategoryTool_importCategoryFile: Refactor. · 92c93bdf
      Vincent Pelletier authored
      Factorise code paths between simulation and "real" modes,
      fixing occasional non-representativeness of simulation mode.
      Factorise code (down from 300 to 200 lines).
      Simplify code (ex: use set instead of None-value dict).
      Merge consecutive loops:
      - delete/expire immediately instead of building a list to process later
      - process each Base Category entirely (create, edit, delete/expire/keep)
      before going to the next
      This merging should overall reduce memory usage significantly.
      92c93bdf
  4. 07 Jan, 2015 1 commit
  5. 06 Jan, 2015 2 commits
  6. 02 Jan, 2015 1 commit
  7. 31 Dec, 2014 1 commit