Commit 87584248 authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_hal_json_style: relationfield is rendered as no editable with empty value...

erp5_hal_json_style: relationfield is rendered as no editable with empty value when user can't access related document
parent 9b10d489
......@@ -7,6 +7,7 @@ import datetime
import time
from email.Utils import formatdate
import re
from zExceptions import Unauthorized
if REQUEST is None:
......@@ -209,10 +210,16 @@ def renderField(traversed_document, field, form, value=None, meta_type=None, key
accessor_name = 'get%sValueList' % \
''.join([part.capitalize() for part in base_category.split('_')])
jump_reference_list = getattr(traversed_document, accessor_name)(
portal_type=[x[0] for x in field.get_value('portal_type')],
) or []
jump_reference_list = getattr(traversed_document, accessor_name)(
portal_type=[x[0] for x in field.get_value('portal_type')],
) or []
except Unauthorized:
jump_reference_list = []
"editable": False
query = url_template_dict["jio_search_template"] % {
"query": make_query({"query": sql_catalog.buildQuery(
{"portal_type": portal_type_list}
<?xml version="1.0"?>
<record id="1" aka="AAAAAAAAAAE=">
<global name="ZopePageTemplate" module="Products.PageTemplates.ZopePageTemplate"/>
<key> <string>_bind_names</string> </key>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
<key> <string>_asgns</string> </key>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
<key> <string>content_type</string> </key>
<value> <string>text/html</string> </value>
<key> <string>expand</string> </key>
<value> <int>0</int> </value>
<key> <string>id</string> </key>
<value> <string>testAccessUnauthorizedRelationValue</string> </value>
<key> <string>output_encoding</string> </key>
<value> <string>utf-8</string> </value>
<key> <string>title</string> </key>
<value> <unicode></unicode> </value>
<html xmlns:tal=""
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Test RenderJS UI</title>
<table cellpadding="1" cellspacing="1" border="1">
<tr><td rowspan="1" colspan="3">Test RenderJS UI</td></tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/macros/init" />
<!-- Clean Up -->
<td>Reset Successfully.</td>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/macros/wait_for_activities" />
<!-- Initialize -->
<td>//a[contains(text(), 'hasAccessUnauthorized')]</td>
<td>//a[contains(text(), 'hasAccessUnauthorized')]</td>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/go_to_foo_relation_field_view" />
\ No newline at end of file
foo1 = context.foo_module.newContent(portal_type='Foo')
foo2 = context.foo_module.newContent(portal_type='Foo')
  • Why call immediateReindexObject ? I see the next sequence step is precisely to wait for any pending activity to finish, so I do not understand these 2 lines.

    /cc @romain

  • @vpelletier without those 2 lines, foo1 and foo2 may get randomly recursiveImmediateReindexObject failure, the error is:

    Exception Type	Unauthorized
    Exception Value	You are not allowed to access 'isResourceType' in this context

    then test will fail

    so i think reindex should be done before change permission of foo2 is done

  • Can it be related with the fact that we passing roles as a string where method expect a sequence ?

    ( see )

    My guess is that this grants permission to ['M', 'a', 'n', 'a', 'g', 'e', 'r'] , but it's an interesting error. I should not be a problem to reindex a document on which Manager role does not have any permission.

  • @xiaowu.zhang : Did you check Jerome's guess ?

Please register or sign in to reply
foo2.activate().manage_permission( 'Access contents information', 'Manager', 0)
return 'Done'
<?xml version="1.0"?>
<record id="1" aka="AAAAAAAAAAE=">
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
<key> <string>_bind_names</string> </key>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
<key> <string>_asgns</string> </key>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
<key> <string>_params</string> </key>
<value> <string></string> </value>
<key> <string>id</string> </key>
<value> <string>Foo_createHasUnauthorizedFoo</string> </value>
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment