Message2214
When I log as a normal user I don't have the menu :
"Class List" on my sidebar, but if I enter
http://localhost:8080/support/home?@template=classlist
directly on my url bar, I have access to the class list.
If can now go :
http://localhost:8080/support/query
By the way, I don't need to go first to
home?@template=classlist, if I go directly to query I
have access to the queries list.
I am supposed to be able to see only my own queries (or
the non privates ones), but I can see every queries.
I think this is due to the fact that the template
checks if I can edit the class, meaning creating an
item. And, as I can, it shows me csv of all the class.
This happens in roundup 1.1.1
A workaround I have thought of, is to check for the
permission on every item is HTMLClass.csv
(cgi/templating.py line 580)
for example, from line 587
for nodeid in self._klass.list():
if self._db.security.hasPermission('View',
self._client.userid, self._classname, itemid=nodeid):
l = []
for name in props:
value = self._klass.get(nodeid, name)
if value is None:
l.append('')
elif isinstance(value, type([])):
l.append(':'.join(map(str, value)))
else:
l.append(str(self._klass.get(nodeid,
name)))
writer.writerow(l)
return s.getvalue()
another way I can think of would be to create
html/query.index.html and to use it instead of
html/_generic.index.html |
|
| Date |
User |
Action |
Args |
| 2009-02-03 14:21:42 | admin | link | issue1442835 messages |
| 2009-02-03 14:21:42 | admin | create | |
|