Mercurial > p > roundup > code
changeset 8128:261438b9c91c permission-performance
Use new filtering for csv export variants
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Tue, 22 Oct 2024 12:04:03 +0200 |
| parents | 618dccf7199d |
| children | 627871650f4f |
| files | roundup/cgi/actions.py |
| diffstat | 1 files changed, 4 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/roundup/cgi/actions.py Tue Oct 22 12:03:34 2024 +0200 +++ b/roundup/cgi/actions.py Tue Oct 22 12:04:03 2024 +0200 @@ -1706,13 +1706,9 @@ # generate the CSV output self.client._socket_op(writer.writerow, columns) # and search - for itemid in klass.filter(matches, filterspec, sort, group): + filter = klass.filter_with_permissions + for itemid in filter(matches, filterspec, sort, group): row = [] - # don't put out a row of [hidden] fields if the user has - # no access to the issue. - if not self.hasPermission(self.permissionType, itemid=itemid, - classname=request.classname): - continue for name in columns: # check permission for this property on this item # TODO: Permission filter doesn't work for the 'user' class @@ -1807,15 +1803,9 @@ self.client._socket_op(writer.writerow, columns) # and search - for itemid in klass.filter(matches, filterspec, sort, group): + filter = klass.filter_with_permissions + for itemid in filter(matches, filterspec, sort, group): row = [] - # FIXME should this code raise an exception if an item - # is included that can't be accessed? Enabling this - # check will just skip the row for the inaccessible item. - # This makes it act more like the web interface. - # if not self.hasPermission(self.permissionType, itemid=itemid, - # classname=request.classname): - # continue for name in columns: # check permission to view this property on this item if not self.hasPermission(self.permissionType, itemid=itemid,