Mercurial > p > roundup > code
view website/issues/html/user.help-search.html @ 5222:9bf221cebef3
Make properties method return only properties the user can search.
See:
https://sourceforge.net/p/roundup/mailman/roundup-devel/thread/20170405002844.2004B80690%40vm71.cs.umb.edu/#msg35769250
[Roundup-devel] Bug in context/properties, lists properties user can't search.
The HTMLClass::properties() method returns a list of all
properties. This is used when creating sort on/group by filters on
index pages.
However somewhere in the code, a user needs search permission on the
property in order for it to be used for grouping or sorting.
This means the user can choose to sort/group an index page by a
property that they have no search permission for. As a result the
sort/group is ignored. This is confusing.
I have changed the properties method to only return properties the
user has View/Search permissions on. I also added a new cansearch
argument set by default to True. If set to False, all properties
regardless of Search permission are returned.
Doc updated to include the new default operation and mention the use
of cansearch argument.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 05 Apr 2017 21:38:32 -0400 |
| parents | c2d0d3e9099d |
| children | 370cc9052239 |
line wrap: on
line source
<html tal:define="form request/form/form/value; field request/form/property/value" > <head> <title>Search input for user helper</title> <script language="Javascript" type="text/javascript" tal:content="structure string:<!-- // this is the name of the field in the original form that we're working on form = parent.opener.document.${form}; field = '${field}'; //-->"> </script> <script type="text/javascript" src="@@file/help_controls.js"></script> <link rel="stylesheet" type="text/css" href="@@file/style.css" /> </head> <body onload="parent.submit.url='...'" tal:define=" qs request/env/QUERY_STRING; qs python:'&'.join([a for a in qs.split('&') if not a.startswith('@template=')])" > <pre tal:content="request/env/QUERY_STRING" tal:condition=false /> <form method="get" name="itemSynopsis" target="list" tal:attributes="action request/classname" tal:define=" property request/form/property/value; cols python:request.columns or 'id username address realname roles'.split(); sort_on request/sort | nothing; sort_desc python:sort_on and request.sort[0][0] == '-'; sort_on python:sort_on and request.sort[0][1] or 'lastname'; search_input templates/page/macros/search_input; search_select templates/page/macros/search_select; search_select_roles templates/page/macros/search_select_roles; required python:[]; th_label templates/page/macros/th_label; "> <input type="hidden" name="@template" value="help-list"> <input type="hidden" name="property" value="" tal:attributes="value property"> <input type="hidden" name="form" value="" tal:attributes="value request/form/form/value"> <table> <tr tal:define="name string:username; label string:Username:"> <th metal:use-macro="th_label">Name</th> <td metal:use-macro="search_input"><input type=text></td> </tr> <tr tal:define="name string:phone; label string:Phone number"> <th metal:use-macro="th_label">Phone</th> <td metal:use-macro="search_input"><input type=text></td> </tr> <tr tal:define="name string:roles; onchange string:this.form.submit(); label string:Roles:" > <th metal:use-macro="th_label">role</th> <td metal:use-macro="search_select_roles"> <select> <option value="">jokester</option> </select> </td> </tr> <tr> <td> </td> <td> <input type="hidden" name="@action" value="search"> <input type="submit" value="Search" i18n:attributes="value"> <input type="reset"> <input type="hidden" value="username,realname,phone,organisation,roles" name="properties"> <input type="text" name="@pagesize" id="sp-pagesize" value="25" size="2"> <label for="sp-pagesize" i18n:translate="">Pagesize</label> </td> </tr> </table> </form> <pre tal:content="request" tal:condition=false /> <script type="text/javascript"><!-- focus2id('username'); //--></script> </body> </html>