Mercurial Repository: p/roundup/code: roundup/cgi/templating.py comparison

comparison roundup/cgi/templating.py @ 5221:24945480d24c

Iterate over multilink items if they labelprop is accessible to the user. See: https://sourceforge.net/p/roundup/mailman/message/35763294/ [Roundup-devel] I can see nosy but not repeat over items Basically using tal:repeat uses the viewableGenerator() method in the templating.py MultilinkHTMLProperty. This Generator verifies that the user has access to the item referenced in the multilink. However this leads to the odd condition that: all users in the nosy list of an issue are displayed with their usernames then looking at issue3 if the user can see the nosy property of issue3. trying to tal:repeat using the elements of the nosy list in issue3 fails if the user doesn't have access to the user class. The user's ability to access the mutlilink property doesn't matter. This wierdness was fixed by changing the viewableGenerator to check for View access to the label property for the class (user in the case above).

author	John Rouillard <rouilj@ieee.org>
date	Wed, 05 Apr 2017 21:20:20 -0400
parents	17b213eab274
children	9bf221cebef3

comparison

equal deleted inserted replaced

-:14d8f61e6ef2
+:24945480d24c
 check = self._db.security.hasPermission
 userid = self._client.userid
 classname = self._prop.classname
 if check('Web Access', userid):
 for value in values:
-if check('View', userid, classname, itemid=value):
+if check('View', userid, classname,
+itemid=value,
+property=self._db.getclass(classname).labelprop(default_to_id=1)):
 yield HTMLItem(self._client, classname, value)
 def __iter__(self):
 """ iterate and return a new HTMLItem
 """

Mercurial > p > roundup > code

comparison roundup/cgi/templating.py @ 5221:24945480d24c