Commit 4b42c8c2 authored by Jean-Paul Smets's avatar Jean-Paul Smets

Added permission filtering to category child methods. Romain will do tests.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16962 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 642c3df9
...@@ -216,7 +216,8 @@ class Category(Folder): ...@@ -216,7 +216,8 @@ class Category(Folder):
def getCategoryChildValueList(self, recursive=1, include_if_child=1, def getCategoryChildValueList(self, recursive=1, include_if_child=1,
is_self_excluded=1, sort_on=None, is_self_excluded=1, sort_on=None,
sort_order=None, local_sort_method=None, sort_order=None, local_sort_method=None,
local_sort_id=None, **kw): local_sort_id=None, checked_permission=None,
**kw):
""" """
List the child objects of this category and all its subcategories. List the child objects of this category and all its subcategories.
...@@ -274,12 +275,21 @@ class Category(Folder): ...@@ -274,12 +275,21 @@ class Category(Folder):
for c in child_value_list: for c in child_value_list:
value_list.append(c) value_list.append(c)
if checked_permission is not None:
checkPermission = self.portal_membership.checkPermission
def permissionFilter(obj):
if checkPermission(checked_permission, obj):
return 1
else:
return 0
value_list = filter(permissionFilter, value_list)
return sortValueList(value_list, sort_on, sort_order, **kw) return sortValueList(value_list, sort_on, sort_order, **kw)
# List names recursively # List names recursively
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getCategoryChildRelativeUrlList') 'getCategoryChildRelativeUrlList')
def getCategoryChildRelativeUrlList(self, base='', recursive=1): def getCategoryChildRelativeUrlList(self, base='', recursive=1, checked_permission=None):
""" """
List the path of this category and all its subcategories. List the path of this category and all its subcategories.
...@@ -291,7 +301,8 @@ class Category(Folder): ...@@ -291,7 +301,8 @@ class Category(Folder):
if base == 0 or base is None: base = '' # Make sure we get a meaningful base if base == 0 or base is None: base = '' # Make sure we get a meaningful base
if base == 1: base = self.getBaseCategoryId() + '/' # Make sure we get a meaningful base if base == 1: base = self.getBaseCategoryId() + '/' # Make sure we get a meaningful base
url_list = [] url_list = []
for value in self.getCategoryChildValueList(recursive = recursive): for value in self.getCategoryChildValueList(recursive=recursive,
checked_permission=checked_permission):
url_list.append(base + value.getRelativeUrl()) url_list.append(base + value.getRelativeUrl())
return url_list return url_list
...@@ -693,7 +704,8 @@ class BaseCategory(Category): ...@@ -693,7 +704,8 @@ class BaseCategory(Category):
'getCategoryChildValueList') 'getCategoryChildValueList')
def getCategoryChildValueList(self, is_self_excluded=1, recursive=1, def getCategoryChildValueList(self, is_self_excluded=1, recursive=1,
include_if_child=1, sort_on=None, sort_order=None, include_if_child=1, sort_on=None, sort_order=None,
local_sort_method=None, local_sort_id=None, **kw): local_sort_method=None, local_sort_id=None,
checked_permission=None, **kw):
""" """
List the child objects of this category and all its subcategories. List the child objects of this category and all its subcategories.
...@@ -752,6 +764,16 @@ class BaseCategory(Category): ...@@ -752,6 +764,16 @@ class BaseCategory(Category):
else: else:
if len(c.objectIds(self.allowed_types))==0: if len(c.objectIds(self.allowed_types))==0:
value_list.append(c) value_list.append(c)
if checked_permission is not None:
checkPermission = self.portal_membership.checkPermission
def permissionFilter(obj):
if checkPermission(checked_permission, obj):
return 1
else:
return 0
value_list = filter(permissionFilter, value_list)
return sortValueList(value_list, sort_on, sort_order, **kw) return sortValueList(value_list, sort_on, sort_order, **kw)
# Alias for compatibility # Alias for compatibility
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment