Fixed some issues related to security.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@22950 20353a03-c40f-0410-a6d1-a30d3c3de9de

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_event_workflow/scripts/BugEvent_buildMessage.xml

@@ -90,6 +90,14 @@ bug_event.send()\n
             <key> <string>_params</string> </key>
             <value> <string>state_change</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>errors</string> </key>
             <value>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_event_workflow/states/draft.xml

@@ -86,6 +86,7 @@
                       <tuple>
                         <string>Assignee</string>
                         <string>Assignor</string>
+                        <string>Auditor</string>
                         <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
@@ -105,6 +106,7 @@
                       <tuple>
                         <string>Assignee</string>
                         <string>Assignor</string>
+                        <string>Auditor</string>
                         <string>Manager</string>
                         <string>Owner</string>
                       </tuple>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_event_workflow/states/started.xml

@@ -75,6 +75,7 @@
                         <string>Associate</string>
                         <string>Auditor</string>
                         <string>Manager</string>
+                        <string>Owner</string>
                       </tuple>
                     </value>
                 </item>
@@ -117,6 +118,7 @@
                         <string>Associate</string>
                         <string>Auditor</string>
                         <string>Manager</string>
+                        <string>Owner</string>
                       </tuple>
                     </value>
                 </item>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_event_workflow/transitions/start_action.xml

@@ -80,6 +80,7 @@
                 <string>Assignor</string>
                 <string>Assignee</string>
                 <string>Auditor</string>
+                <string>Owner</string>
               </tuple>
             </value>
         </item>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_workflow/scripts/Bug_sendNotification.xml

@@ -68,23 +68,21 @@
             <value> <string encoding="cdata"><![CDATA[
 
 bug = state_change["object"]\n
-destination_state_title = state_change["new_state"].title\n
-person_list = []\n
+valid_transaction_list = ["confirm_action", "stop_action", \n
+                                           "deliver_action", "set_ready_action"]\n
 \n
-history = state_change.getHistory()\n
-\n
-valid_transaction_list = ["confirm_action", "stop_action", "deliver_action", "set_ready_action"]\n
+message = [ h for h in state_change.getHistory() \\\n
+                                        if h[\'action\'] in valid_transaction_list]\n
 \n
 comment = ""\n
-message = [ h for h in history if h[\'action\'] in valid_transaction_list]\n
 if len(message) > 0:\n
   comment=message[-1]["comment"] \n
 \n
-line = bug.newContent(title="This bug was %s" % state_change["new_state"].title,\n
+line = bug.newContent(title="This bug was %s" % bug.getSimulationStateTitle(),\n
                                            portal_type="Bug Line",\n
                                            text_content=comment)\n
 \n
-# Call line workflow.\n
+# This will post The message Automatically.\n
 line.start()\n
 
 
@@ -112,6 +110,12 @@ line.start()\n
             <key> <string>_params</string> </key>
             <value> <string>state_change</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
         <item>
             <key> <string>errors</string> </key>
             <value>
@@ -139,17 +143,14 @@ line.start()\n
                             <string>state_change</string>
                             <string>_getitem_</string>
                             <string>bug</string>
-                            <string>_getattr_</string>
-                            <string>destination_state_title</string>
-                            <string>person_list</string>
-                            <string>history</string>
                             <string>valid_transaction_list</string>
-                            <string>comment</string>
                             <string>append</string>
                             <string>$append0</string>
                             <string>_getiter_</string>
+                            <string>_getattr_</string>
                             <string>h</string>
                             <string>message</string>
+                            <string>comment</string>
                             <string>len</string>
                             <string>line</string>
                           </tuple>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_workflow/states/confirmed.xml

@@ -76,16 +76,11 @@
                         <string>Assignor</string>
                         <string>Associate</string>
                         <string>Auditor</string>
+                        <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
                     </value>
                 </item>
-                <item>
-                    <key> <string>Add Content Type Registrys</string> </key>
-                    <value>
-                      <tuple/>
-                    </value>
-                </item>
                 <item>
                     <key> <string>Add portal content</string> </key>
                     <value>
@@ -93,6 +88,7 @@
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Associate</string>
+                        <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
                     </value>
@@ -103,6 +99,7 @@
                       <tuple>
                         <string>Assignee</string>
                         <string>Assignor</string>
+                        <string>Manager</string>
                       </tuple>
                     </value>
                 </item>
@@ -114,6 +111,7 @@
                         <string>Assignor</string>
                         <string>Associate</string>
                         <string>Auditor</string>
+                        <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
                     </value>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_workflow/states/deleted.xml

@@ -64,31 +64,33 @@
                 <item>
                     <key> <string>Access contents information</string> </key>
                     <value>
-                      <tuple/>
-                    </value>
-                </item>
-                <item>
-                    <key> <string>Add Content Type Registrys</string> </key>
-                    <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
                 <item>
                     <key> <string>Add portal content</string> </key>
                     <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
                 <item>
                     <key> <string>Modify portal content</string> </key>
                     <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
                 <item>
                     <key> <string>View</string> </key>
                     <value>
-                      <tuple/>
+                      <tuple>
+                        <string>Manager</string>
+                      </tuple>
                     </value>
                 </item>
               </dictionary>

bt5/erp5_forge/WorkflowTemplateItem/portal_workflow/bug_workflow/states/stopped.xml

@@ -79,18 +79,13 @@
                       </tuple>
                     </value>
                 </item>
-                <item>
-                    <key> <string>Add Content Type Registrys</string> </key>
-                    <value>
-                      <tuple/>
-                    </value>
-                </item>
                 <item>
                     <key> <string>Add portal content</string> </key>
                     <value>
                       <tuple>
                         <string>Assignee</string>
                         <string>Assignor</string>
+                        <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
                     </value>

bt5/erp5_forge/bt/revision

-301
+302
\ No newline at end of file