Commit ee429cf7 authored by Mohamadou Mbengue's avatar Mohamadou Mbengue

* test if user has access to a module before displaying it.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@36755 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 8d30c714
...@@ -162,7 +162,7 @@ def setPermissionsOnEGovModule(self, portal_type_object): ...@@ -162,7 +162,7 @@ def setPermissionsOnEGovModule(self, portal_type_object):
portal_type_object.manage_role(role_to_manage='Agent', permissions=view_permission_list) portal_type_object.manage_role(role_to_manage='Agent', permissions=view_permission_list)
# if the procedure needs no authentification anonymous should access and add # if the procedure needs no authentification anonymous should access and add
if portal_type_object is not None: if portal_type_object is not None:
step_authentication = portal_type_object.getStepAuthentication() step_authentication = portal_type_object.getStepAuthentication()
step_subscription = portal_type_object.getStepSubscription() step_subscription = portal_type_object.getStepSubscription()
if not step_authentication: # and not step_subscription if not step_authentication: # and not step_subscription
......
...@@ -53,17 +53,26 @@ ...@@ -53,17 +53,26 @@
</item> </item>
<item> <item>
<key> <string>_body</string> </key> <key> <string>_body</string> </key>
<value> <string>portal_types = context.getPortalObject().portal_types\n <value> <string>from AccessControl import getSecurityManager\n
user=getSecurityManager().getUser()\n
\n
portal_types = context.getPortalObject().portal_types\n
validated_type_list = portal_types.searchFolder(portal_type=\'EGov Type\', validation_state = \'validated\')\n validated_type_list = portal_types.searchFolder(portal_type=\'EGov Type\', validation_state = \'validated\')\n
access_permission= \'Access contents information\'\n
view_permission = \'View\'\n
\n \n
portal_type_list = ()\n portal_type_list = ()\n
for ptype_title in [\'Person\', \'Organisation\']:\n
default_module = context.getDefaultModule(ptype_title)\n
if user.has_permission(access_permission,default_module) or user.has_permission(view_permission,default_module):\n
portal_type_list += (ptype_title,)\n
\n
for ptype in validated_type_list:\n
default_module = context.getDefaultModule(ptype.getTitle())\n
if user.has_permission(access_permission,default_module) or user.has_permission(view_permission,default_module):\n
portal_type_list += (ptype.getTitle(),)\n
\n \n
for portal_type in validated_type_list:\n return portal_type_list\n
portal_type_list += (portal_type.getTitle(),)\n
\n
\n
type_list = portal_type_list + (\'Person\', \'Organisation\')\n
return type_list\n
</string> </value> </string> </value>
</item> </item>
<item> <item>
...@@ -100,15 +109,21 @@ return type_list\n ...@@ -100,15 +109,21 @@ return type_list\n
<key> <string>co_varnames</string> </key> <key> <string>co_varnames</string> </key>
<value> <value>
<tuple> <tuple>
<string>AccessControl</string>
<string>getSecurityManager</string>
<string>_getattr_</string> <string>_getattr_</string>
<string>user</string>
<string>context</string> <string>context</string>
<string>portal_types</string> <string>portal_types</string>
<string>validated_type_list</string> <string>validated_type_list</string>
<string>access_permission</string>
<string>view_permission</string>
<string>portal_type_list</string> <string>portal_type_list</string>
<string>_getiter_</string> <string>_getiter_</string>
<string>portal_type</string> <string>ptype_title</string>
<string>default_module</string>
<string>_inplacevar_</string> <string>_inplacevar_</string>
<string>type_list</string> <string>ptype</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
2010-06-30 mohamadou
* test if user has access to a module before displaying it.
2010-06-30 mohamadou 2010-06-30 mohamadou
* Add role information in EGov Type * Add role information in EGov Type
......
664 667
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment