diff --git a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_getRoleNameItemList.xml b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_getRoleNameItemList.xml index ebf1fb18c1df1d8c8a0c36c27e170a50dcb16edb..4e06638b5f646f9cb616ea4723f564a1d5b8833f 100644 --- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_getRoleNameItemList.xml +++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_getRoleNameItemList.xml @@ -54,13 +54,10 @@ <item> <key> <string>_body</string> </key> <value> <string>from Products.ERP5Type.Message import translateString\n -item_list = [(\'\', \'\')]\n \n -for role in context.valid_roles():\n - if role not in (\'Owner\', \'Manager\', \'Assignor\',):\n - item_list.append((translateString(role), role))\n -\n -return item_list\n +return [(translateString(role), role)\n + for role in context.valid_roles()\n + if role not in (\'Owner\', \'Manager\')]\n </string> </value> </item> <item> @@ -99,7 +96,8 @@ return item_list\n <tuple> <string>Products.ERP5Type.Message</string> <string>translateString</string> - <string>item_list</string> + <string>append</string> + <string>$append0</string> <string>_getiter_</string> <string>_getattr_</string> <string>context</string> diff --git a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_viewFieldLibrary/my_role_name.xml b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_viewFieldLibrary/my_role_name.xml index 1140c558b57b26e2322d0e509ccd5444597261a0..64a54ec9ea0c8048018e6307270e8ff83a689edc 100644 --- a/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_viewFieldLibrary/my_role_name.xml +++ b/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/RoleDefinition_viewFieldLibrary/my_role_name.xml @@ -13,9 +13,9 @@ <key> <string>delegated_list</string> </key> <value> <list> - <string>title</string> <string>description</string> <string>items</string> + <string>title</string> </list> </value> </item> @@ -133,7 +133,7 @@ <dictionary> <item> <key> <string>_text</string> </key> - <value> <string>here/RoleDefinition_getRoleNameItemList</string> </value> + <value> <string>python: [(\'\',\'\')] + here.RoleDefinition_getRoleNameItemList()</string> </value> </item> </dictionary> </pickle> diff --git a/bt5/erp5_base/bt/revision b/bt5/erp5_base/bt/revision index 748e6f1af544d497e99e1f5c583027349aa4a4c3..a869e998c0e3bac924179254460c4911d81e84a6 100644 --- a/bt5/erp5_base/bt/revision +++ b/bt5/erp5_base/bt/revision @@ -1 +1 @@ -637 \ No newline at end of file +638 \ No newline at end of file diff --git a/product/ERP5/Document/RoleDefinition.py b/product/ERP5/Document/RoleDefinition.py index 1b161505ff4c987e56738b170f39d3a1cb58a7eb..72122f62c129bdbf42a16ccd9360efcc8d97a616 100644 --- a/product/ERP5/Document/RoleDefinition.py +++ b/product/ERP5/Document/RoleDefinition.py @@ -25,7 +25,7 @@ # ############################################################################## -from AccessControl import ClassSecurityInfo +from AccessControl import ClassSecurityInfo, Unauthorized from Products.CMFCore.utils import getToolByName from Products.ERP5Type import Permissions, PropertySheet, Constraint, interfaces from Products.ERP5Type.XMLObject import XMLObject @@ -49,3 +49,9 @@ class RoleDefinition(XMLObject): , PropertySheet.DublinCore , PropertySheet.RoleDefinition ) + + def _setRoleName(self, value): + if value and value not in \ + zip(*self.RoleDefinition_getRoleNameItemList())[1]: + raise Unauthorized("You are not allowed to give %s role" % value) + self._baseSetRoleName(value) diff --git a/product/ERP5/tests/testERP5Web.py b/product/ERP5/tests/testERP5Web.py index 6b4bd952b0a20d6217577cbddbbcb70de4ceb468..571e3465736349fd3c83da7ec17204d082b4ef57 100644 --- a/product/ERP5/tests/testERP5Web.py +++ b/product/ERP5/tests/testERP5Web.py @@ -1043,6 +1043,8 @@ class TestERP5WebWithSimpleSecurity(ERP5TypeTestCase): site.get_local_roles_for_userid(person_reference)) self.assertSameSet(('Associate',), section.get_local_roles_for_userid(person_reference)) + self.assertRaises(Unauthorized, site_role_definition.edit, + role_name='Manager') # delete Role Definition and check again (local roles must be gone too) site.manage_delObjects(site_role_definition.getId())