index a08dbcd85729d055777098c8e9e9174f91a17d00..510aa6148acf8845636528303770108f4cfe08d7 100644 (file)
"request" takes precedence over the other three arguments.
"""
+ security = self._db.security
+ userid = self._client.userid
if request is not None:
+ # for a request we asume it has already been
+ # security-filtered
filterspec = request.filterspec
sort = request.sort
group = request.group
+ else:
+ cn = self.classname
+ filterspec = security.filterFilterspec(userid, cn, filterspec)
+ sort = security.filterSortspec(userid, cn, sort)
+ group = security.filterSortspec(userid, cn, group)
- check = self._db.security.hasPermission
- userid = self._client.userid
+ check = security.hasPermission
if not check('Web Access', userid):
return []
HTMLInputMixin.__init__(self)
def __repr__(self):
- return '<HTMLProperty(0x%x) %s %r %r>'%(id(self), self._formname,
- self._prop, self._value)
+ classname = self.__class__.__name__
+ return '<%s(0x%x) %s %r %r>'%(classname, id(self), self._formname,
+ self._prop, self._value)
def __str__(self):
return self.plain()
def __cmp__(self, other):
def make_sort_function(db, classname, sort_on=None):
- """Make a sort function for a given class
+ """Make a sort function for a given class.
+
+ The list being sorted may contain mixed ids and labels.
"""
linkcl = db.getclass(classname)
if sort_on is None:
sort_on = linkcl.orderprop()
def sortfunc(a, b):
- return cmp(linkcl.get(a, sort_on), linkcl.get(b, sort_on))
+ if num_re.match(a):
+ a = linkcl.get(a, sort_on)
+ if num_re.match(b):
+ b = linkcl.get(b, sort_on)
+ return cmp(a, b)
return sortfunc
def handleListCGIValue(value):
self.columns = handleListCGIValue(self.form[name])
break
self.show = support.TruthDict(self.columns)
+ security = self._client.db.security
+ userid = self._client.userid
# sorting and grouping
self.sort = []
self.group = []
self._parse_sort(self.sort, 'sort')
self._parse_sort(self.group, 'group')
+ self.sort = security.filterSortspec(userid, self.classname, self.sort)
+ self.group = security.filterSortspec(userid, self.classname, self.group)
# filtering
self.filter = []
self.filterspec[name] = handleListCGIValue(fv)
else:
self.filterspec[name] = fv.value
+ self.filterspec = security.filterFilterspec(userid, self.classname,
+ self.filterspec)
# full-text search argument
self.search_text = None