Commit c28b2c95 authored by Jérome Perrin's avatar Jérome Perrin

Add proxy role to SaleInvoiceTransaction_getVAT, because it might access...

Add proxy role to SaleInvoiceTransaction_getVAT, because it might access simulation movements for which the user doesn't have permission. Prevent the script to be called directly from URL

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@17687 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent c26d957e
...@@ -3,11 +3,8 @@ ...@@ -3,11 +3,8 @@
<record id="1" aka="AAAAAAAAAAE="> <record id="1" aka="AAAAAAAAAAE=">
<pickle> <pickle>
<tuple> <tuple>
<tuple> <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
<string>Products.PythonScripts.PythonScript</string> <tuple/>
<string>PythonScript</string>
</tuple>
<none/>
</tuple> </tuple>
</pickle> </pickle>
<pickle> <pickle>
...@@ -88,6 +85,9 @@ rate associated with an invoice line.\n ...@@ -88,6 +85,9 @@ rate associated with an invoice line.\n
\n \n
This API will probably change.\n This API will probably change.\n
"""\n """\n
if REQUEST is not None:\n
from zExceptions import Unauthorized\n
raise Unauthorized, script.getId()\n
\n \n
vat_infos = {\n vat_infos = {\n
\'total\' : 0,\n \'total\' : 0,\n
...@@ -161,7 +161,7 @@ return vat_infos\n ...@@ -161,7 +161,7 @@ return vat_infos\n
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string></string> </value> <value> <string>REQUEST=None</string> </value>
</item> </item>
<item> <item>
<key> <string>errors</string> </key> <key> <string>errors</string> </key>
...@@ -181,23 +181,27 @@ return vat_infos\n ...@@ -181,23 +181,27 @@ return vat_infos\n
<dictionary> <dictionary>
<item> <item>
<key> <string>co_argcount</string> </key> <key> <string>co_argcount</string> </key>
<value> <int>0</int> </value> <value> <int>1</int> </value>
</item> </item>
<item> <item>
<key> <string>co_varnames</string> </key> <key> <string>co_varnames</string> </key>
<value> <value>
<tuple> <tuple>
<string>REQUEST</string>
<string>None</string>
<string>zExceptions</string>
<string>Unauthorized</string>
<string>_getattr_</string>
<string>script</string>
<string>vat_infos</string> <string>vat_infos</string>
<string>context</string> <string>context</string>
<string>invoice</string> <string>invoice</string>
<string>_getattr_</string>
<string>portal</string> <string>portal</string>
<string>accounting_movement_list</string> <string>accounting_movement_list</string>
<string>len</string> <string>len</string>
<string>_getiter_</string> <string>_getiter_</string>
<string>movement</string> <string>movement</string>
<string>account</string> <string>account</string>
<string>None</string>
<string>_getitem_</string> <string>_getitem_</string>
<string>float</string> <string>float</string>
<string>_write_</string> <string>_write_</string>
...@@ -216,7 +220,9 @@ return vat_infos\n ...@@ -216,7 +220,9 @@ return vat_infos\n
<item> <item>
<key> <string>func_defaults</string> </key> <key> <string>func_defaults</string> </key>
<value> <value>
<tuple>
<none/> <none/>
</tuple>
</value> </value>
</item> </item>
<item> <item>
......
498 500
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment