diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getThumbnailAbsoluteUrl.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getThumbnailAbsoluteUrl.xml index f68cd39f4fb9816b5c3854dc0352fe9f27a0a0a1..c3d872246a3eee9161fdc371c9ca378dfcd1fbda 100644 --- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getThumbnailAbsoluteUrl.xml +++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_getThumbnailAbsoluteUrl.xml @@ -67,7 +67,8 @@ """\n portal_type = context.getPortalType()\n \n -if portal_type in (\'Image\', \'Presentation\', \'Drawing\', \'Spreadsheet\', \'Text\', \'PDF\', ):\n +if portal_type in (\'Image\', \'Presentation\', \'Drawing\', \'Spreadsheet\', \'Text\', \'PDF\', ) \\\n + and context.isTargetFormatPermitted("png"):\n return context.absolute_url()\n \n return None\n diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Document_isTargetFormatPermitted.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Document_isTargetFormatPermitted.xml new file mode 100644 index 0000000000000000000000000000000000000000..81fdcc22b00cf47a7d11507ee622e75323351bac --- /dev/null +++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Document_isTargetFormatPermitted.xml @@ -0,0 +1,162 @@ +<?xml version="1.0"?> +<ZopeData> + <record id="1" aka="AAAAAAAAAAE="> + <pickle> + <tuple> + <global name="PythonScript" module="Products.PythonScripts.PythonScript"/> + <tuple/> + </tuple> + </pickle> + <pickle> + <dictionary> + <item> + <key> <string>Script_magic</string> </key> + <value> <int>3</int> </value> + </item> + <item> + <key> <string>_bind_names</string> </key> + <value> + <object> + <klass> + <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>_asgns</string> </key> + <value> + <dictionary> + <item> + <key> <string>name_container</string> </key> + <value> <string>container</string> </value> + </item> + <item> + <key> <string>name_context</string> </key> + <value> <string>context</string> </value> + </item> + <item> + <key> <string>name_m_self</string> </key> + <value> <string>script</string> </value> + </item> + <item> + <key> <string>name_subpath</string> </key> + <value> <string>traverse_subpath</string> </value> + </item> + </dictionary> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>_body</string> </key> + <value> <string>"""\n +This script provides a facility to permit conversion by format.\n +"""\n +\n +###Below is an example which pure auditors can only view in non editable\n +### formats (pdf, html, txt, png, etc.)\n +###\n +from AccessControl import getSecurityManager\n +user = getSecurityManager().getUser()\n +role_list = user.getRolesInContext(context)\n +## \n +\n +# Users involved in the document may view it in editable mode\n +if "Associate" in role_list or "Assignee" in role_list or\\\n + "Assignor" in role_list or "Manager" in role_list or "Owner" in role_list:\n + return True\n +# Reject original format\n +if format is None:\n + return False\n +##\n +# All users with view permission may view the document \n +# in read only mode\n +if format in (\'html\', \'stripped-html\', \'text\', \'txt\', \'pdf\', \'png\', \'jpg\', \'gif\'):\n + return True\n +if format.endswith(\'pdf\'):\n + return True\n +if format.endswith(\'html\'):\n + return True\n +##\n +## # All other formats are prohibitted\n +return False\n +</string> </value> + </item> + <item> + <key> <string>_code</string> </key> + <value> + <none/> + </value> + </item> + <item> + <key> <string>_params</string> </key> + <value> <string>format=None</string> </value> + </item> + <item> + <key> <string>errors</string> </key> + <value> + <tuple/> + </value> + </item> + <item> + <key> <string>func_code</string> </key> + <value> + <object> + <klass> + <global name="FuncCode" module="Shared.DC.Scripts.Signature"/> + </klass> + <tuple/> + <state> + <dictionary> + <item> + <key> <string>co_argcount</string> </key> + <value> <int>1</int> </value> + </item> + <item> + <key> <string>co_varnames</string> </key> + <value> + <tuple> + <string>format</string> + <string>AccessControl</string> + <string>getSecurityManager</string> + <string>_getattr_</string> + <string>user</string> + <string>context</string> + <string>role_list</string> + <string>True</string> + <string>None</string> + <string>False</string> + </tuple> + </value> + </item> + </dictionary> + </state> + </object> + </value> + </item> + <item> + <key> <string>func_defaults</string> </key> + <value> + <tuple> + <none/> + </tuple> + </value> + </item> + <item> + <key> <string>id</string> </key> + <value> <string>Document_isTargetFormatPermitted</string> </value> + </item> + <item> + <key> <string>warnings</string> </key> + <value> + <tuple/> + </value> + </item> + </dictionary> + </pickle> + </record> +</ZopeData> diff --git a/product/ERP5/bootstrap/erp5_core/bt/revision b/product/ERP5/bootstrap/erp5_core/bt/revision index ec2aa7c82267d13ca80386aa8e68c5adf0feebeb..aa8f5c86030dba5940da86da8757d4d647530872 100644 --- a/product/ERP5/bootstrap/erp5_core/bt/revision +++ b/product/ERP5/bootstrap/erp5_core/bt/revision @@ -1 +1 @@ -1535 \ No newline at end of file +1536 \ No newline at end of file