[FIX] website_slides: do not display links to unviewable slides

Channel allow to browse slides and a list of available slide is displayed as a left panel in the eLearning frontend. Even slides current user cannot see are displayed in order to give some information about course content. Accessible slides are clickable, other slides should be displayed as strings. However due to some sudo when computing slide informations all links are set as clickable. There is no security issue as when being redirected to a slide the user cannot access there is an acl error. However he should not have the links displayed, just strings. This commit fixes that behavior. closes odoo/odoo#42333 Signed-off-by: Thibault Delavallee (tde) <tde@openerp.com>

[FIX] website_slides: do not display links to unviewable slides
04a957bb · Thibault Delavallée · a58d0c45 · 04a957bb · 04a957bb
Commit 04a957bb authored 5 years ago by Thibault Delavallée
--- a/addons/website_slides/views/website_slides_templates_lesson.xml
+++ b/addons/website_slides/views/website_slides_templates_lesson.xml
@@ -137,8 +137,8 @@
        <ul class="collapse show p-0 m-0 list-unstyled" t-att-id="('collapse-%s') % (category.id if category else 0)" >
            <t t-foreach="category_slide_ids" t-as="aside_slide">
                <t t-set="slide_completed" t-value="channel_progress[aside_slide.id].get('completed')"/>
-                <t t-set="is_member" t-value="aside_slide.channel_id.is_member"/>
-                <t t-set="can_access" t-value="aside_slide.is_preview or is_member or aside_slide.channel_id.can_publish"/>
+                <t t-set="is_member" t-value="slide.channel_id.is_member"/>
+                <t t-set="can_access" t-value="aside_slide.is_preview or is_member or slide.channel_id.can_publish"/>
                <li class="p-0 pb-1">
                    <a t-att-href="'/slides/slide/%s' % (slug(aside_slide)) if can_access else '#'"
                        t-att-class="'o_wslides_lesson_aside_list_link d-flex align-items-top px-2 pt-1 text-decoration-none %s%s' % (('bg-100 py-1 active' if aside_slide == slide else ''), 'text-muted' if not can_access else '')">

--- a/addons/website_slides/views/website_slides_templates_lesson_fullscreen.xml
+++ b/addons/website_slides/views/website_slides_templates_lesson_fullscreen.xml
@@ -80,8 +80,8 @@
        <ul class="o_wslides_fs_sidebar_section_slides collapse show position-relative px-0 pb-1 my-0 mx-n3" t-att-id="('collapse-%s') % (category.id if category else 0)">
            <t t-foreach="slides" t-as="slide">
                <t t-set="slide_completed" t-value="channel_progress[slide.id].get('completed')"/>
-                <t t-set="is_member" t-value="slide.channel_id.is_member"/>
-                <t t-set="can_access" t-value="slide.is_preview or is_member or slide.channel_id.can_publish"/>
+                <t t-set="is_member" t-value="current_slide.channel_id.is_member"/>
+                <t t-set="can_access" t-value="slide.is_preview or is_member or current_slide.channel_id.can_publish"/>
                <li t-att-class="'o_wslides_fs_sidebar_list_item d-flex align-items-top py-1 %s' % ('active' if slide.id == current_slide.id else '')"
                    t-att-data-id="slide.id"
                    t-att-data-can-access="can_access"