Changeset 3157 for WAeUP_SRP/base/skins


Ignore:
Timestamp:
13 Feb 2008, 18:26:14 (17 years ago)
Author:
joachim
Message:

allow cpsdocument_create only for section_officers

File:
1 edited

Legend:

Unmodified
Added
Removed
  • WAeUP_SRP/base/skins/cps_custom/cpsdocument_create.py

    r2217 r3157  
    2727ti = getToolByName(context, 'portal_types').getTypeInfo(type_name)
    2828
    29 is_valid, ds = ti.validateObject(None, layout_mode='create',
    30                                  request=REQUEST, context=context,
    31                                  cluster=cluster, use_session=True)
    32 
    33 if is_valid:
    34     meth_id = ti.queryMethodID('create_do', 'cpsdocument_create_do')
    35     ob = getattr(context, meth_id)(type_name, ds.getDataModel())
    36     url = ob.absolute_url()
    37     meth_id = ti.queryMethodID('created', None)
    38     if meth_id is not None:
    39         getattr(context, meth_id)(object=ob)
    40     action = ob.getTypeInfo().immediate_view
    41     psm = 'psm_content_created'
    42     args = {}
    43 else:
    44     url = context.absolute_url()
    45     action = 'cpsdocument_create_form'
    46     psm = 'psm_content_error'
    47     args = {'type_name': type_name}
    48     args.update(getFormUidUrlArg(REQUEST))
    49 
     29while True:
     30    if not context.isSectionOfficer():
     31        psm = "illegal access"
     32        break
     33    is_valid, ds = ti.validateObject(None, layout_mode='create',
     34                                    request=REQUEST, context=context,
     35                                    cluster=cluster, use_session=True)
     36   
     37    if is_valid:
     38        meth_id = ti.queryMethodID('create_do', 'cpsdocument_create_do')
     39        ob = getattr(context, meth_id)(type_name, ds.getDataModel())
     40        url = ob.absolute_url()
     41        meth_id = ti.queryMethodID('created', None)
     42        if meth_id is not None:
     43            getattr(context, meth_id)(object=ob)
     44        action = ob.getTypeInfo().immediate_view
     45        psm = 'psm_content_created'
     46        args = {}
     47    else:
     48        url = context.absolute_url()
     49        action = 'cpsdocument_create_form'
     50        psm = 'psm_content_error'
     51        args = {'type_name': type_name}
     52        args.update(getFormUidUrlArg(REQUEST))
     53    break
     54   
    5055args['portal_status_message'] = psm
    5156url = url + '/' + action + '?' + urlencode(args)
Note: See TracChangeset for help on using the changeset viewer.