Mercurial > p > roundup > code
view templates/classic/html/query.edit.html @ 3971:ff3a8b7d1819 1.4.4
security fixes
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Sat, 01 Mar 2008 08:18:07 +0000 |
| parents | 00896a2acaa5 |
| children |
line wrap: on
line source
<!-- dollarId: user.item,v 1.7 2002/08/16 04:29:04 richard Exp dollar--> <tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" i18n:translate="" >"Your Queries" Editing - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker" /></title> <span metal:fill-slot="body_title" tal:omit-tag="python:1" i18n:translate="">"Your Queries" Editing</span> <td class="content" metal:fill-slot="content"> <span tal:condition="not:context/is_edit_ok" i18n:translate="">You are not allowed to edit queries.</span> <script language="javascript"> // This exists solely because I can't figure how to get the & into an // attributes TALES expression, and so it keeps getting quoted. function retire(qid) { window.location = 'query'+qid+'?@action=retire&@template=edit'; } </script> <form method="POST" onSubmit="return submit_once()" action="query" enctype="multipart/form-data" tal:condition="context/is_edit_ok"> <table class="list" width="100%" tal:define="uid request/user/id; mine request/user/queries"> <tr><th i18n:translate="">Query</th> <th i18n:translate="">Include in "Your Queries"</th> <th i18n:translate="">Edit</th> <th i18n:translate="">Private to you?</th> <th> </th> </tr> <tr tal:repeat="query mine"> <tal:block condition="query/is_retired"> <td><a tal:attributes="href string:${query/klass}?${query/url}" tal:content="query/name">query</a></td> <td metal:define-macro="include"> <select tal:condition="python:query.id not in mine" tal:attributes="name string:user${uid}@add@queries"> <option value="" i18n:translate="">leave out</option> <option tal:attributes="value query/id" i18n:translate="">include</option> </select> <select tal:condition="python:query.id in mine" tal:attributes="name string:user${uid}@remove@queries"> <option value="" i18n:translate="">leave in</option> <option tal:attributes="value query/id" i18n:translate="">remove</option> </select> </td> <td colspan="3" i18n:translate="">[query is retired]</td> <!-- <td> maybe offer "restore" some day </td> --> </tal:block> </tr> <tr tal:repeat="query mine"> <tal:block condition="not:query/is_retired"> <td><a tal:attributes="href string:${query/klass}?${query/url}" tal:content="query/name">query</a></td> <td metal:use-macro="template/macros/include" /> <td><a tal:attributes="href string:query${query/id}" i18n:translate="">edit</a></td> <td> <select tal:attributes="name string:query${query/id}@private_for"> <option tal:attributes="selected python:query.private_for == uid; value uid" i18n:translate="">yes</option> <option tal:attributes="selected python:query.private_for == None" value="-1" i18n:translate="">no</option> </select> </td> <td> <input type="button" value="Delete" i18n:attributes="value" tal:attributes="onClick python:'''retire('%s')'''%query.id"> </td> </tal:block> </tr> <tr tal:define="queries python:db.query.filter(filterspec={'private_for':None})" tal:repeat="query queries"> <tal:block condition="python: query.creator != uid"> <td><a tal:attributes="href string:${query/klass}?${query/url}" tal:content="query/name">query</a></td> <td metal:use-macro="template/macros/include" /> <td colspan="3" tal:condition="query/is_edit_ok"> <a tal:attributes="href string:query${query/id}" i18n:translate="">edit</a> </td> <td tal:condition="not:query/is_edit_ok" colspan="3" i18n:translate="">[not yours to edit]</td> </tal:block> </tr> <tr><td colspan="5"> <input type="hidden" name="@action" value="edit"> <input type="hidden" name="@template" value="edit"> <input type="submit" value="Save Selection" i18n:attributes="value"> </td></tr> </table> </form> </td> </tal:block>