From 998623bdc1de89ffe5f3d223ecf65bb3bb20d286 Mon Sep 17 00:00:00 2001
From: Jean-Paul Smets <jp@nexedi.com>
Date: Sat, 22 Sep 2007 17:23:15 +0000
Subject: [PATCH] Use checked_permission to take into account security and
 access rights.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16553 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../portal_skins/erp5_web/WebSite_getMainSectionList.xml     | 2 +-
 .../erp5_web_widget_library/WebSite_viewSearchRenderer.xml   | 5 +++--
 bt5/erp5_web/bt/revision                                     | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_getMainSectionList.xml b/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_getMainSectionList.xml
index 5d360de4d2..4e1980203e 100644
--- a/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_getMainSectionList.xml
+++ b/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_getMainSectionList.xml
@@ -73,7 +73,7 @@
   This script is used to generate the memus.\n
 """\n
 site = context.getWebSiteValue()\n
-section_list = site.objectValues(portal_type = \'Web Section\', sort_on=\'int_index\')\n
+section_list = site.contentValues(portal_type=\'Web Section\', sort_on=\'int_index\', checked_permission=\'View\')\n
 return filter(lambda x: x.isVisible(), section_list)\n
 </string> </value>
         </item>
diff --git a/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web_widget_library/WebSite_viewSearchRenderer.xml b/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web_widget_library/WebSite_viewSearchRenderer.xml
index 59aede8b9f..367108bf6f 100644
--- a/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web_widget_library/WebSite_viewSearchRenderer.xml
+++ b/bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web_widget_library/WebSite_viewSearchRenderer.xml
@@ -101,7 +101,8 @@ Description:\n
     </div>\n
   \n
     <div class="tabbertab"\n
-         tal:define="section_list python:here.contentValues(portal_type=\'Web Section\', sort_on=\'int_index\');\n
+         tal:define="section_list python:here.contentValues(portal_type=\'Web Section\',\n
+                                                    checked_permission=\'View\',sort_on=\'int_index\');\n
                      section_list python:filter(lambda x:x.isVisible(), section_list);\n
                      half_count python:len(section_list) / 2">\n
       <h2 value="" i18n:translate="" i18n:domain="ui">Browse</h2>\n
@@ -112,7 +113,7 @@ Description:\n
           <li value="" i18n:translate=""\n
               i18n:domain="ui" tal:content="section/getTitle">Departments and Divisions:</li>\n
           <ul>\n
-            <li tal:repeat="root_section section/contentValues">\n
+            <li tal:repeat="root_section python:section.contentValues(checked_permission=\'View\')">\n
               <a    tal:content="root_section/getTitle"\n
                     tal:condition="python:not len(root_section.contentValues())"\n
                     tal:attributes="href root_section/absolute_url"/>\n
diff --git a/bt5/erp5_web/bt/revision b/bt5/erp5_web/bt/revision
index ed615204d1..d21b6ea29b 100644
--- a/bt5/erp5_web/bt/revision
+++ b/bt5/erp5_web/bt/revision
@@ -1 +1 @@
-590
\ No newline at end of file
+591
\ No newline at end of file
-- 
2.30.9