# HG changeset patch # User Ralf Schlatterbeck # Date 1729591443 -7200 # Node ID 261438b9c91ce97137a9e0c87b066269a4c280db # Parent 618dccf7199df7a91734bb03f5a1a67d9ec5a2f3 Use new filtering for csv export variants diff -r 618dccf7199d -r 261438b9c91c roundup/cgi/actions.py --- a/roundup/cgi/actions.py Tue Oct 22 12:03:34 2024 +0200 +++ b/roundup/cgi/actions.py Tue Oct 22 12:04:03 2024 +0200 @@ -1706,13 +1706,9 @@ # generate the CSV output self.client._socket_op(writer.writerow, columns) # and search - for itemid in klass.filter(matches, filterspec, sort, group): + filter = klass.filter_with_permissions + for itemid in filter(matches, filterspec, sort, group): row = [] - # don't put out a row of [hidden] fields if the user has - # no access to the issue. - if not self.hasPermission(self.permissionType, itemid=itemid, - classname=request.classname): - continue for name in columns: # check permission for this property on this item # TODO: Permission filter doesn't work for the 'user' class @@ -1807,15 +1803,9 @@ self.client._socket_op(writer.writerow, columns) # and search - for itemid in klass.filter(matches, filterspec, sort, group): + filter = klass.filter_with_permissions + for itemid in filter(matches, filterspec, sort, group): row = [] - # FIXME should this code raise an exception if an item - # is included that can't be accessed? Enabling this - # check will just skip the row for the inaccessible item. - # This makes it act more like the web interface. - # if not self.hasPermission(self.permissionType, itemid=itemid, - # classname=request.classname): - # continue for name in columns: # check permission to view this property on this item if not self.hasPermission(self.permissionType, itemid=itemid,