Mercurial > p > roundup > code
view templates/classic/html/_generic.item.html @ 3117:460eb0209a9e
Permissions improvements.
- have Permissions only test the check function if itemid is suppled
- modify index templates to check for row-level Permission
- more documentation of security mechanisms
- better unit tests for security mechanisms
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 28 Jan 2005 03:51:19 +0000 |
| parents | 60b2b9f55174 |
| children | c26f2ba69c78 |
line wrap: on
line source
<tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" i18n:translate="" ><span tal:replace="python:context._classname.capitalize()" i18n:name="class" /> editing - <span i18n:name="tracker" tal:replace="config/TRACKER_NAME" /></title> <tal:block metal:fill-slot="body_title" i18n:translate="" ><span tal:replace="python:context._classname.capitalize()" i18n:name="class" /> editing</tal:block> <td class="content" metal:fill-slot="content"> <span tal:condition="python:not (context.is_view_ok() or context.is_edit_ok())" tal:omit-tag="python:1" i18n:translate="" >You are not allowed to view this page.</span> <form method="POST" onSubmit="return submit_once()" enctype="multipart/form-data" tal:condition="context/is_edit_ok" tal:attributes="action context/designator"> <input type="hidden" name="@template" value="item"> <table class="form"> <tr tal:repeat="prop python:db[context._classname].properties()"> <tal:block tal:condition="python:prop._name not in ('id', 'creator', 'creation', 'actor', 'activity')"> <th tal:content="prop/_name"></th> <td tal:content="structure python:context[prop._name].field()"></td> </tal:block> </tr> <tr> <td> </td> <td colspan=3 tal:content="structure context/submit"> submit button will go here </td> </tr> </table> </form> <table class="form" tal:condition="context/is_only_view_ok"> <tr tal:repeat="prop python:db[context._classname].properties()"> <tal:block tal:condition="python:prop._name not in ('id', 'creator', 'creation', 'activity')"> <th tal:content="prop/_name"></th> <td tal:content="structure python:context[prop._name].field()"></td> </tal:block> </tr> </table> <tal:block tal:condition="python:context.id and context.is_view_ok()"> <tal:block tal:replace="structure context/history" /> </tal:block> </td> </tal:block>