Skip to content

erp5
erp5
Commit fdf2b59c authored by Jean-Paul Smets's avatar Jean-Paul Smets Committed by Xiaowu Zhang
Browse files
Options

Add script to detect shared shopping cart

parent c36badc9
Hide whitespace changes
Inline Side-by-side
Showing with 108 additions and 0 deletions
bt5/erp5_commerce/SkinTemplateItem/portal_skins/erp5_commerce/SaleOrder_isShoppingCartConsistent.xml 0 → 100644
View file @ fdf2b59c
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>"""\n
In some cases, a session ID already exists in the browser\n
and can lead one user to access data created by another user.\n
Roles and permission will usually prevent this and raise\n
exception. This script tries to detect such situation in\n
order to make sure such data is deleted before this happens.\n
\n
TODO\n
- add log for "should never happen case" so that we can\n
make sure this case does not happen on public site\n
anymore\n
- rename script to SaleOrder_isShoppingCartUserConsistent\n
"""\n
result = True\n
\n
# If user is anonymous and destination is not None, inconsistent\n
isAnon = context.portal_membership.isAnonymousUser()\n
if isAnon and context.getDestinationSection():\n
return False\n
\n
# If the shopping cart customer is not the current user logged in, inconsistent\n
# This should never happen\n
if not isAnon:\n
destination_section = context.getDestinationSection()\n
customer = context.ERP5Site_getAuthenticatedMemberPersonValue()\n
if destination_section and customer is not None:\n
if destination_section != customer.getRelativeUrl():\n
return False\n
\n
return result\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>SaleOrder_isShoppingCartConsistent</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>Detect shared shopping cart</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7