wcs-trackingcode-acl.diff

     import random
     import binascii
     from quixote import get_request, get_publisher
     from quixote import get_request, get_publisher, get_session
     from qommon.storage import StorableObject
     import qommon.misc
-...
             return variables
         get_substitution_variables_list = classmethod(get_substitution_variables_list)
         def is_submitter(self, user):
             if self.user_id and self.user_id == user.id:
         def tracking_code_is_present(self):
             session = get_session()
             if session and session.has_tracking_code(self.tracking_code):
                 return True
             if self.user_hash and self.user_hash == user.hash:
             return False
         def is_submitter(self, user):
             if user:
                 if self.user_id and self.user_id == user.id:
                     return True
                 if self.user_hash and self.user_hash == user.hash:
                     return True
             if self.tracking_code_is_present():
                 return True
             return False

         def is_user_allowed_read(self, user, formdata=None):
             if self.acl_read == 'all':
                 return True
             if (self.acl_read == 'owner') and formdata and formdata.tracking_code_is_present():
                 return True # access by tracking code
             if not user:
                 return False
             if user.is_admin:

             session = get_session()
             mine = False
             user = get_request().user
             if user:
                 if user.anonymous:
                     anonylink = AnonymityLink.select(
                         lambda x: x.name_identifier == session.name_identifier and
                                   x.formdata_type == 'form' and
                                   x.formdata_def_id == self.formdef.id)
                     if len(anonylink) == 1:
                         mine = True
                 elif self.filled.is_submitter(user):
             if self.filled.is_submitter(user):
                 mine = True
             if user and user.anonymous:
                 anonylink = AnonymityLink.select(
                     lambda x: x.name_identifier == session.name_identifier and
                               x.formdata_type == 'form' and
                               x.formdata_def_id == self.formdef.id)
                 if len(anonylink) == 1:
                     mine = True
             if not self.filled.formdef.is_user_allowed_read(user, self.filled):

             evo = Evolution()
             evo.time = time.localtime()
             if user:
                 if filled.is_submitter(user):
                     evo.who = '_submitter'
                 else:
                     evo.who = user.id
             if filled.is_submitter(user):
                 evo.who = '_submitter'
             elif user:
                 evo.who = user.id
             if not filled.evolution:
                 filled.evolution = []
-...
                                 break
                             else:
                                 continue
                         if not user: # (for example tracking code situation)
                             continue
                         role = get_role_translation(filled.formdef, role)
                         if role in (user.roles or []):
                             break
-...
             for role in self.by or []:
                 if user and role == logged_users_role().id:
                     return True
                 if role == '_submitter' and formdata.tracking_code_is_present():
                     return True
                 if not user:
                     continue
                 if role == '_submitter':

Produits Entr'ouvert » w.c.s.