From 6f59f3892a2ffb9d8617477d037dd374be1594a7 Mon Sep 17 00:00:00 2001 From: Helmut Merz Date: Mon, 15 Jul 2013 16:50:41 +0200 Subject: [PATCH] check permission when displaying part views; restrict access to person work items --- browser/compound/view_macros.pt | 4 +++- organize/work/browser.py | 5 ++++- security/common.py | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/browser/compound/view_macros.pt b/browser/compound/view_macros.pt index eac9cc3..c854558 100644 --- a/browser/compound/view_macros.pt +++ b/browser/compound/view_macros.pt @@ -3,7 +3,9 @@ - + + + diff --git a/organize/work/browser.py b/organize/work/browser.py index 4b002eb..3a78a10 100644 --- a/organize/work/browser.py +++ b/organize/work/browser.py @@ -50,7 +50,7 @@ from loops.organize.tracking.browser import BaseTrackView from loops.organize.tracking.report import TrackDetails from loops.organize.work.base import WorkItem from loops.security.common import canAccessObject, canListObject, canWriteObject -from loops.security.common import checkPermission +from loops.security.common import canAccessRestricted, checkPermission from loops import util from loops.util import _ @@ -322,6 +322,9 @@ class PersonWorkItems(BaseWorkItemsView, ConceptView): columns = set(['Task', 'Title', 'Day', 'Start', 'End', 'Duration', 'Info']) + def checkPermissions(self): + return canAccessRestricted(self.context) + def getCriteria(self): return self.baseCriteria diff --git a/security/common.py b/security/common.py index 30c1c3c..f1904ec 100644 --- a/security/common.py +++ b/security/common.py @@ -74,6 +74,9 @@ def canListObject(obj, noCheck=False): return True return canAccess(obj, 'title') +def canAccessRestricted(obj): + return checkPermission('loops.ViewRestricted', obj) + def canWriteObject(obj): return canWrite(obj, 'title') or canAssignAsParent(obj)