work in progress: restrict mail recipients to users who have access to the target object; future extension: select recipients by groups

2011-07-24 14:39:45 +02:00 · 2011-07-24 14:39:45 +02:00 · 54cf5c017f
commit 54cf5c017f
parent e13a79eca5
1 changed files with 13 additions and 2 deletions
--- a/organize/browser/party.py
+++ b/organize/browser/party.py
@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2009 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2011 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@ -145,7 +145,17 @@ class SendEmailForm(NodeView):
    def members(self):
        persons = self.conceptManager['person'].getChildren([self.typePredicate])
        persons = [adapted(p) for p in persons]
-        return [dict(title=p.title, email=p.email) for p in persons if p.email]
+        # TODO: check if user has access to target
+        #       see zope.app.securitypolicy.zopepolicy.settingsForObject
+        return [dict(title=p.title, email=p.email, object=p)
+                    for p in persons if p.email]
+
+    @Lazy
+    def membersByGroups(self):
+        groups = {}
+        pdata = self.members
+        # TODO: see security.audit.PersonWorkSpaceAssignments
+        return sorted([])

    @Lazy
    def mailBody(self):
@ -169,6 +179,7 @@ class SendEmail(FormController):
        message = form.get('mailbody') or u''
        recipients = form.get('recipients') or []
        recipients += (form.get('addrRecipients') or u'').split('\n')
+        # TODO: remove duplicates
        person = getPersonForUser(self.context, self.request)
        sender = person and adapted(person).email or 'loops@unknown.com'
        msg = MIMEText(message.encode('utf-8'), 'plain', 'utf-8')