Mercurial > p > roundup > code

diff roundup/cgi/templating.py @ 3565:32343bfc3da0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add permission filter to menu() implementations [SF#1431188]
author Alexander Smishlajev <a1s@users.sourceforge.net>
date Tue, 14 Feb 2006 06:13:19 +0000
parents a27124aceb69
children d7bab396c228
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Tue Feb 14 05:32:10 2006 +0000
+++ b/roundup/cgi/templating.py	Tue Feb 14 06:13:19 2006 +0000
@@ -1757,7 +1757,10 @@
         else:
             sort_on = ('+', find_sort_key(linkcl))
 
-        options = linkcl.filter(None, conditions, sort_on, (None, None))
+        options = [opt
+            for opt in linkcl.filter(None, conditions, sort_on, (None, None))
+            if self._db.security.hasPermission("View", self._client.userid,
+                linkcl.classname, itemid=id)]
 
         # make sure we list the current value if it's retired
         if value and value not in options:
@@ -1940,7 +1943,10 @@
         else:
             sort_on = ('+', find_sort_key(linkcl))
 
-        options = linkcl.filter(None, conditions, sort_on)
+        options = [opt
+            for opt in linkcl.filter(None, conditions, sort_on)
+            if self._db.security.hasPermission("View", self._client.userid,
+                linkcl.classname, itemid=id)]
         height = height or min(len(options), 7)
         l = ['<select multiple name="%s" size="%s">'%(self._formname, height)]
         k = linkcl.labelprop(1)
Roundup Issue Tracker: http://roundup-tracker.org/