Mercurial > p > roundup > code

changeset 3184:6cd2cbb47fb0 maint-0.8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge OLD changes from HEAD
author Richard Jones <richard@users.sourceforge.net>
date Tue, 15 Feb 2005 22:48:14 +0000
parents 65bc031c4464
children dd7171804290
files roundup/cgi/templating.py
diffstat 1 files changed, 53 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Tue Feb 15 00:28:03 2005 +0000
+++ b/roundup/cgi/templating.py	Tue Feb 15 22:48:14 2005 +0000
@@ -560,10 +560,16 @@
         '''
         # get the list and sort it nicely
         l = self._klass.list()
-        sortfunc = make_sort_function(self._db, self.classname, sort_on)
+        sortfunc = make_sort_function(self._db, self._classname, sort_on)
         l.sort(sortfunc)
 
-        l = [HTMLItem(self._client, self.classname, x) for x in l]
+        # check perms
+        check = self._client.db.security.hasPermission
+        userid = self._client.userid
+
+        l = [HTMLItem(self._client, self._classname, id) for id in l
+            if check('View', userid, self._classname, itemid=id)]
+
         return l
 
     def csv(self):
@@ -604,8 +610,13 @@
             filterspec = request.filterspec
             sort = request.sort
             group = request.group
+
+        check = self._db.security.hasPermission
+        userid = self._client.userid
+
         l = [HTMLItem(self._client, self.classname, x)
-             for x in self._klass.filter(None, filterspec, sort, group)]
+             for id in self._klass.filter(None, filterspec, sort, group)
+             if check('View', userid, self.classname, itemid=id)]
         return l
 
     def classhelp(self, properties=None, label=''"(list)", width='500',
@@ -1676,6 +1687,27 @@
         return '\n'.join(l)
 #    def checklist(self, ...)
 
+class MultilinkIterator:
+    def __init__(self, classname, client, values):
+        self.classname = classname
+        self.client = client
+        self.values = values
+        self.id = -1
+    def next(self):
+        '''Return the next item, but skip inaccessible items.'''
+        check = self.client.db.security.hasPermission
+        userid = self.client.userid
+        while 1:
+            self.id += 1
+            if self.id >= len(self.values):
+                raise StopIteration
+            value = self.values[self.id]
+            if check('View', userid, self.classname, itemid=value):
+                return HTMLItem(self.client, self.classname, value)
+    def __iter__(self):
+        return self
+
+
 class MultilinkHTMLProperty(HTMLProperty):
     ''' Multilink HTMLProperty
 
@@ -1698,16 +1730,22 @@
         ''' no extended attribute accesses make sense here '''
         raise AttributeError, attr
 
-    def __getitem__(self, num):
+    def __iter__(self):
         ''' iterate and return a new HTMLItem
         '''
-       #print 'Multi.getitem', (self, num)
-        value = self._value[num]
-        return HTMLItem(self._client, self._prop.classname, value)
+        return MultilinkIterator(self._prop.classname, self._client,
+            self._value)
+
+    def reverse(self):
+        ''' return the list in reverse order
+        '''
+        l = self._value[:]
+        l.reverse()
+        return MultilinkIterator(self._prop.classname, self._client, l)
 
     def sorted(self, property):
         ''' Return this multilink sorted by the given property '''
-        value = list(self._value[num])
+        value = list(self.__iter__())
         value.sort(lambda a,b:cmp(a[property], b[property]))
         return value
 
@@ -1721,14 +1759,6 @@
         '''Is my _value not []?'''
         return self._value != []
 
-    def reverse(self):
-        ''' return the list in reverse order
-        '''
-        l = self._value[:]
-        l.reverse()
-        return [HTMLItem(self._client, self._prop.classname, value)
-            for value in l]
-
     def plain(self, escape=0):
         ''' Render a "plain" representation of the property
         '''
@@ -1766,7 +1796,7 @@
 
     def menu(self, size=None, height=None, showid=0, additional=[],
             sort_on=None, **conditions):
-        ''' Render a form select list for this property
+        ''' Render a form <select> list for this property.
 
             "size" is used to limit the length of the list labels
             "height" is used to set the <select> tag's "size" attribute
@@ -2183,7 +2213,12 @@
                 re.findall(r'\b\w{2,25}\b', self.search_text), klass)
         else:
             matches = None
-        l = klass.filter(matches, filterspec, sort, group)
+
+        # filter for visibility
+        check = self._client.db.security.hasPermission
+        userid = self._client.userid
+        l = [id for id in klass.filter(matches, filterspec, sort, group)
+            if check('View', userid, self.classname, itemid=id)]
 
         # return the batch object, using IDs only
         return Batch(self.client, l, self.pagesize, self.startwith,
Roundup Issue Tracker: http://roundup-tracker.org/