Commit b7f49893 authored by Romain Courteaud's avatar Romain Courteaud

Make relation string field manage permission correctly.

Only display objects for which user has the right permission.
Never remove the relation to not viewable objects.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20988 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent e07b66ac
......@@ -193,13 +193,19 @@ class DefaultValue(StaticValue):
form = field.aq_parent
ob = getattr(form, 'aq_parent', None)
value = self.value
if value not in (None, ''):
# If a default value is defined on the field, it has precedence
value = ob.getProperty(self.key, d=value)
else:
# else we should give a chance to the accessor to provide
# a default value (including None)
value = ob.getProperty(self.key)
try:
if value not in (None, ''):
# If a default value is defined on the field, it has precedence
value = ob.getProperty(self.key, d=value)
else:
# else we should give a chance to the accessor to provide
# a default value (including None)
value = ob.getProperty(self.key)
except Unauthorized:
value = ob.getProperty(self.key, d=value, checked_permission='View')
REQUEST = get_request()
if REQUEST is not None:
REQUEST.set('read_only_%s' % self.key, 1)
except (KeyError, AttributeError):
value = None
return self.returnValue(field, id, value)
......
......@@ -431,12 +431,14 @@ class MultiRelationEditor:
set_method_name = '_set%sValue' % \
convertToUpperCase(self.base_category)
getattr(o, set_method_name)(relation_object_list[0],
portal_type=self.portal_type_list)
portal_type=self.portal_type_list,
checked_permission='View')
else:
set_method_name = '_set%sValueList' % \
convertToUpperCase(self.base_category)
getattr(o, set_method_name)(relation_object_list,
portal_type=self.portal_type_list)
portal_type=self.portal_type_list,
checked_permission='View')
allow_class(MultiRelationEditor)
......
......@@ -59,11 +59,18 @@ class RelationStringFieldWidget(
def _generateRenderValueList(self, field, key, value, REQUEST):
# value = value or NO_VALUE
relation_field_id = field.generate_subfield_key(SUB_FIELD_ID, key=key)
relation_item_key = field.generate_subfield_key(ITEM_ID, key=key)
relation_item_list = REQUEST.get(relation_item_key, [])
return [(Widget.TextWidgetInstance, relation_field_id,
relation_item_list, value, None)]
if REQUEST.get(
'read_only_%s' % REQUEST.get(
'field__proxyfield_%s_%s_default' % (field.id, field._p_oid),
field).getId()[3:], 0):
return []
else:
relation_field_id = field.generate_subfield_key(SUB_FIELD_ID, key=key)
relation_item_key = field.generate_subfield_key(ITEM_ID, key=key)
relation_item_list = REQUEST.get(relation_item_key, [])
return [(Widget.TextWidgetInstance, relation_field_id,
relation_item_list, value, None)]
class RelationEditor(MultiRelationField.MultiRelationEditor):
"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment