-
- Downloads
[IMP] prevent edition of page if groups which current user doesn't have
If the current view uses @groups attributes (possibly in called templates), the corresponding elements are rendered to a void (empty string in qweb). If said user can edit the page, does so and saves a view section in which there's a @groups to which he has no access, the element[@groups] is completely removed from the template once saved, losing it. If QWeb encounters an @groups to which the current user has no right during rendering, have it request a no-RTE page, so the user can not RTE-edit the page (or drop snippets in it).
Showing
- addons/website/static/src/js/website.editor.js 12 additions, 0 deletionsaddons/website/static/src/js/website.editor.js
- addons/website/static/src/xml/website.xml 2 additions, 1 deletionaddons/website/static/src/xml/website.xml
- addons/website/views/website_templates.xml 5 additions, 2 deletionsaddons/website/views/website_templates.xml
- openerp/addons/base/ir/ir_qweb.py 10 additions, 4 deletionsopenerp/addons/base/ir/ir_qweb.py
Loading
Please register or sign in to comment