Mercurial > p > roundup > code

diff roundup/cgi/templating.py @ 4090:6f698aef2ad4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix missed hole in the CSV editing - could still view items in the generic index editor
author Richard Jones <richard@users.sourceforge.net>
date Thu, 12 Mar 2009 03:04:10 +0000
parents 34434785f308
children 1daf9f921cc9
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Thu Mar 12 02:52:56 2009 +0000
+++ b/roundup/cgi/templating.py	Thu Mar 12 03:04:10 2009 +0000
@@ -615,9 +615,16 @@
         s = StringIO.StringIO()
         writer = csv.writer(s)
         writer.writerow(props)
+        check = self._client.db.security.hasPermission
         for nodeid in self._klass.list():
             l = []
             for name in props:
+                # check permission to view this property on this item
+                if not check('View', self._client.userid, itemid=nodeid,
+                        classname=self._klass.classname, property=name):
+                    raise Unauthorised('view', self._klass.classname,
+                        translator=self._client.translator)
+                row.append(str(klass.get(itemid, name)))
                 value = self._klass.get(nodeid, name)
                 if value is None:
                     l.append('')
Roundup Issue Tracker: http://roundup-tracker.org/