From 642c3df99aa28ecbbc5712dc58498b2d295f5c50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com>
Date: Thu, 11 Oct 2007 15:25:45 +0000
Subject: [PATCH] fix getTotalPrice's params in widget fix security on
 stop_payment's states workflow

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16961 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../CheckDeposit_view/my_total_price.xml      |  2 +-
 .../portal_workflow/stop_payment_workflow.xml |  1 +
 .../states/cancelled.xml                      | 20 +++++++++++++-----
 .../states/confirmed.xml                      | 12 +++++++++++
 .../stop_payment_workflow/states/deleted.xml  | 21 +++++++++++++------
 .../stop_payment_workflow/states/started.xml  |  6 ++++++
 .../stop_payment_workflow/states/stopped.xml  |  6 ++++++
 bt5/erp5_banking_check/bt/revision            |  2 +-
 8 files changed, 57 insertions(+), 13 deletions(-)

diff --git a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDeposit_view/my_total_price.xml b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDeposit_view/my_total_price.xml
index c87e50ba3d..b01ef18dc8 100644
--- a/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDeposit_view/my_total_price.xml
+++ b/bt5/erp5_banking_check/SkinTemplateItem/portal_skins/erp5_banking_check_operation/CheckDeposit_view/my_total_price.xml
@@ -271,7 +271,7 @@
       <dictionary>
         <item>
             <key> <string>_text</string> </key>
-            <value> <string>python: here.getTotalPrice(deliveryLineType=\'Check Operation Line\', fast=0)</string> </value>
+            <value> <string>python: here.getTotalPrice(portal_type=\'Check Operation Line\', fast=0)</string> </value>
         </item>
       </dictionary>
     </pickle>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow.xml
index ce29d42e64..89f6f465f3 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow.xml
@@ -63,6 +63,7 @@
                 <string>Access contents information</string>
                 <string>Modify portal content</string>
                 <string>Delete objects</string>
+                <string>Add portal content</string>
               </tuple>
             </value>
         </item>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/cancelled.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/cancelled.xml
index 2432739f19..f6847b18a2 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/cancelled.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/cancelled.xml
@@ -68,16 +68,26 @@
                     <key> <string>Access contents information</string> </key>
                     <value>
                       <tuple>
-                        <string>Auditor</string>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
+                        <string>Manager</string>
+                      </tuple>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple>
                         <string>Manager</string>
-                        <string>Owner</string>
                       </tuple>
                     </value>
                 </item>
                 <item>
                     <key> <string>Delete objects</string> </key>
                     <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
                 <item>
@@ -92,9 +102,9 @@
                     <key> <string>View</string> </key>
                     <value>
                       <tuple>
-                        <string>Auditor</string>
+                        <string>Assignee</string>
+                        <string>Assignor</string>
                         <string>Manager</string>
-                        <string>Owner</string>
                       </tuple>
                     </value>
                 </item>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/confirmed.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/confirmed.xml
index 543c30a035..6bb241771d 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/confirmed.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/confirmed.xml
@@ -77,6 +77,18 @@
                       </tuple>
                     </value>
                 </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Delete objects</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
                 <item>
                     <key> <string>Modify portal content</string> </key>
                     <value>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/deleted.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/deleted.xml
index d5d6e014b8..4c6ec1a95b 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/deleted.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/deleted.xml
@@ -57,17 +57,14 @@
   <record id="2" aka="AAAAAAAAAAI=">
     <pickle>
       <tuple>
-        <tuple>
-          <string>Persistence</string>
-          <string>PersistentMapping</string>
-        </tuple>
-        <none/>
+        <global name="PersistentMapping" module="Persistence.mapping"/>
+        <tuple/>
       </tuple>
     </pickle>
     <pickle>
       <dictionary>
         <item>
-            <key> <string>_container</string> </key>
+            <key> <string>data</string> </key>
             <value>
               <dictionary>
                 <item>
@@ -78,6 +75,18 @@
                       </tuple>
                     </value>
                 </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>Delete objects</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
                 <item>
                     <key> <string>Modify portal content</string> </key>
                     <value>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/started.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/started.xml
index 20471bdd2a..2839f11f6d 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/started.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/started.xml
@@ -76,6 +76,12 @@
                       </tuple>
                     </value>
                 </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
                 <item>
                     <key> <string>Delete objects</string> </key>
                     <value>
diff --git a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/stopped.xml b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/stopped.xml
index 10d627321e..0f0b228f39 100644
--- a/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/stopped.xml
+++ b/bt5/erp5_banking_check/WorkflowTemplateItem/portal_workflow/stop_payment_workflow/states/stopped.xml
@@ -76,6 +76,12 @@
                       </tuple>
                     </value>
                 </item>
+                <item>
+                    <key> <string>Add portal content</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
                 <item>
                     <key> <string>Delete objects</string> </key>
                     <value>
diff --git a/bt5/erp5_banking_check/bt/revision b/bt5/erp5_banking_check/bt/revision
index e8a4e6b71b..b99877a597 100644
--- a/bt5/erp5_banking_check/bt/revision
+++ b/bt5/erp5_banking_check/bt/revision
@@ -1 +1 @@
-329
\ No newline at end of file
+331
\ No newline at end of file
-- 
2.30.9