Allow HTMLRequest.batch to filter on other permissions than "View"

[roundup.git] / roundup / cgi / templating.py
diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py

index a541f50244f5bda31bf14704e5367ef865c82c00..b0eaf022bc34120b2084c9bc433d5d39b7dd5e1a 100644 (file)
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -567,10 +567,7 @@ class HTMLClass(HTMLInputMixin, HTMLPermissions):
          for klass, htmlklass in propclasses:
              if not isinstance(prop, klass):
                  continue
-            if isinstance(prop, hyperdb.Multilink):
-                value = []
-            else:
-                value = None
+            value = prop.get_default_value()
              return htmlklass(self._client, self._classname, None, prop, item,
                  value, self._anonymous)
  
@@ -603,13 +600,10 @@ class HTMLClass(HTMLInputMixin, HTMLPermissions):
          l = []
          for name, prop in self._props.items():
              for klass, htmlklass in propclasses:
-                if isinstance(prop, hyperdb.Multilink):
-                    value = []
-                else:
-                    value = None
                  if isinstance(prop, klass):
+                    value = prop.get_default_value()
                      l.append(htmlklass(self._client, self._classname, '',
-                        prop, name, value, self._anonymous))
+                                       prop, name, value, self._anonymous))
          if sort:
              l.sort(lambda a,b:cmp(a._name, b._name))
          return l
@@ -1114,6 +1108,13 @@ class _HTMLItem(HTMLInputMixin, HTMLPermissions):
                              cell[-1] += ' -> %s'%current[k]
                              current[k] = val
  
+                    elif isinstance(prop, hyperdb.Password) and args[k] is not None:
+                        val = args[k].dummystr()
+                        cell.append('%s: %s'%(self._(k), val))
+                        if current.has_key(k):
+                            cell[-1] += ' -> %s'%current[k]
+                            current[k] = val
+
                      elif not args[k]:
                          if current.has_key(k):
                              cell.append('%s: %s'%(self._(k), current[k]))
@@ -1567,7 +1568,10 @@ class PasswordHTMLProperty(HTMLProperty):
  
          if self._value is None:
              return ''
-        return self._('*encrypted*')
+        value = self._value.dummystr()
+        if escape:
+            value = cgi.escape(value)
+        return value
  
      def field(self, size=30, **kwargs):
          """ Render a form edit field for the property.
@@ -2714,7 +2718,7 @@ function help_window(helpurl, width, height) {
  </script>
  """%self.base
  
-    def batch(self):
+    def batch(self, permission='View'):
          """ Return a batch object for results from the "current search"
          """
          check = self._client.db.security.hasPermission
@@ -2740,7 +2744,7 @@ function help_window(helpurl, width, height) {
  
          # filter for visibility
          l = [id for id in klass.filter(matches, filterspec, sort, group)
-            if check('View', userid, self.classname, itemid=id)]
+            if check(permission, userid, self.classname, itemid=id)]
  
          # return the batch object, using IDs only
          return Batch(self.client, l, self.pagesize, self.startwith,