Updated permissions checker
authorThierry Florac <thierry.florac@onf.fr>
Mon, 11 Sep 2017 14:47:59 +0200
changeset 132 ae2a738e3d23
parent 131 b113d88d9ee8
child 133 08237dfa6357
Updated permissions checker
src/pyams_content/shared/common/zmi/__init__.py
--- a/src/pyams_content/shared/common/zmi/__init__.py	Mon Sep 11 14:46:24 2017 +0200
+++ b/src/pyams_content/shared/common/zmi/__init__.py	Mon Sep 11 14:47:59 2017 +0200
@@ -79,6 +79,8 @@
         if 'title' in self.widgets:
             self.widgets['title'].description = _("This title can be modified afterwards")
         if 'notepad' in self.widgets:
+            self.widgets['notepad'].label = IWorkflowCommentInfo['comment'].title
+            self.widgets['notepad'].description = IWorkflowCommentInfo['comment'].description
             self.widgets['notepad'].widget_css_class = 'textarea'
 
     def create(self, data):
@@ -102,7 +104,7 @@
         uuid = self.__uuid = str(uuid4())
         self.context[uuid] = content
         IWorkflowVersions(content).add_version(wf_content, None)
-        IWorkflowInfo(wf_content).fire_transition('init')
+        IWorkflowInfo(wf_content).fire_transition('init', comment=wf_content.notepad)
 
     def nextURL(self):
         return absolute_url(self.context, self.request, '{0}/++versions++/1/admin'.format(self.__uuid))
@@ -133,7 +135,7 @@
 
     @property
     def label(self):
-        return II18n(self.context).query_attribute('short_name', request=self.request)
+        return II18n(self.context).query_attribute('title', request=self.request)
 
 
 #
@@ -156,18 +158,19 @@
             request = check_request()
             if request.has_permission(MANAGE_SITE_ROOT_PERMISSION, self.context):  # webmaster access
                 return MANAGE_SITE_ROOT_PERMISSION
+            principal_id = request.principal.id
             if state in workflow.manager_states:  # restricted manager access
-                if request.principal.id in self.context.managers:
+                if principal_id in self.context.managers:
                     return PUBLISH_CONTENT_PERMISSION
-                restrictions = IManagerRestrictions(self.context).get_restrictions(request.principal)
+                restrictions = IManagerRestrictions(self.context).get_restrictions(principal_id)
                 if restrictions and restrictions.check_access(self.context,
                                                               permission=PUBLISH_CONTENT_PERMISSION,
                                                               request=request):
                     return PUBLISH_CONTENT_PERMISSION
             else:
-                if request.principal.id in self.context.owner | self.context.contributors | self.context.managers:
+                if principal_id in self.context.owner | self.context.contributors | self.context.managers:
                     return MANAGE_CONTENT_PERMISSION
-                restrictions = IManagerRestrictions(self.context).get_restrictions(request.principal)
+                restrictions = IManagerRestrictions(self.context).get_restrictions(principal_id)
                 if restrictions and restrictions.check_access(self.context,
                                                               permission=MANAGE_CONTENT_PERMISSION,
                                                               request=request):