erp5_data_notebook: Check user permission for at entry point for...

erp5_data_notebook: Check user permission for at entry point for Base_executeJupyter python script so that non-developer user cannot execute python code through script

erp5_data_notebook: Check user permission for at entry point for...
erp5_data_notebook: Check user permission for at entry point for Base_executeJupyter python script so that non-developer user cannot execute python code through script
a1a08811 · Ayush Tiwari · 5fd03c12 · a1a08811
Commit a1a08811 authored Oct 02, 2015 by Ayush Tiwari
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

bt5/erp5_data_notebook/SkinTemplateItem/portal_skins/erp5_data_notebook/Base_executeJupyter.xml ...m/portal_skins/erp5_data_notebook/Base_executeJupyter.xml +5 -2

No files found.
--- a/bt5/erp5_data_notebook/SkinTemplateItem/portal_skins/erp5_data_notebook/Base_executeJupyter.xml
+++ b/bt5/erp5_data_notebook/SkinTemplateItem/portal_skins/erp5_data_notebook/Base_executeJupyter.xml
@@ -61,9 +61,12 @@
        </item>
        <item>
            <key> <string>_body</string> </key>
-            <value> <string>import json\n
+            <value> <string>portal = context.getPortalObject()\n
+# Check permissions for current user \n
+if not portal.Base_checkPermission(\'portal_components\', \'Manage Portal\'):\n
+  return "You are not authorized to access the script"\n
 \n
-portal = context.getPortalObject()\n
+import json\n
 \n
 # The boolean values via requests are received as \n
 request_reference = {\'True\': True, \'False\': False}.get(request_reference, False)\n