# HG changeset patch # User Thierry Florac # Date 1444288615 -7200 # Node ID 893e485046bc69d7ea71e0c9f62a4e45c04265de # Parent 5c2f8344b85dea0057953202a97f1e2bc07d5772 Added "check_mode" method to check mode and permissions diff -r 5c2f8344b85d -r 893e485046bc src/pyams_form/form.py --- a/src/pyams_form/form.py Thu Oct 08 09:15:08 2015 +0200 +++ b/src/pyams_form/form.py Thu Oct 08 09:16:55 2015 +0200 @@ -26,6 +26,7 @@ from pyams_i18n.interfaces import II18n from pyams_skin.interfaces import IDialog, ISkinnable, IContentTitle from pyams_template.interfaces import IContentTemplate, ILayoutTemplate +from pyams_utils.interfaces import FORBIDDEN_PERMISSION from pyramid_chameleon.interfaces import IChameleonTranslate from z3c.form.interfaces import DISPLAY_MODE, IErrorViewSnippet from zope.publisher.interfaces.browser import IBrowserRequest @@ -35,7 +36,6 @@ from pyams_pagelet.interfaces import PageletCreatedEvent from pyams_skin.skin import apply_skin from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter -from pyams_utils.list import unique from pyams_utils.url import absolute_url from pyramid.decorator import reify from pyramid.events import subscriber @@ -99,24 +99,26 @@ else: return II18n(self.context).query_attribute('title', request=self.request) - def update(self): + def check_mode(self): + content = self.getContent() # check form permission to get form mode - if self.edit_permission and not self.request.has_permission(self.edit_permission, self.getContent()): + if self.edit_permission and not self.request.has_permission(self.edit_permission, content): self.mode = DISPLAY_MODE # check form mode based on context checker registry = self.request.registry permission = None - for content in unique((self.getContent(), self.context)): - checker = registry.queryMultiAdapter((content, self.request, self), IFormContextPermissionChecker) - if checker is None: - checker = registry.queryAdapter(content, IFormContextPermissionChecker) - if checker is not None: - permission = checker.edit_permission - break - if permission != self.edit_permission: - if (permission == 'system.forbidden') or \ - not self.request.has_permission(permission, self.getContent()): + checker = registry.queryMultiAdapter((content, self.request, self), IFormContextPermissionChecker) + if checker is None: + checker = registry.queryAdapter(content, IFormContextPermissionChecker) + if checker is not None: + permission = checker.edit_permission + if permission and (permission != self.edit_permission): + if (permission == FORBIDDEN_PERMISSION) or not self.request.has_permission(permission, content): self.mode = DISPLAY_MODE + + def update(self): + # check form mode + self.check_mode() # update form and sub-forms [subform.update() for subform in self.subforms] [tabform.update() for tabform in self.tabforms] @@ -319,6 +321,7 @@ self.request.registry.notify(PageletCreatedEvent(self)) data, errors = {}, () for form in self.forms: + form.check_mode() form.updateWidgets() form.updateActions() form_data, form_errors = form.extractData() @@ -354,7 +357,7 @@ buttons = Buttons(Interface) - def __init__(self, context, request, view): + def __init__(self, context, request, view=None): super(InnerAddForm, self).__init__(context, request) self.parent_form = view @@ -399,6 +402,7 @@ self.request.registry.notify(PageletCreatedEvent(self)) data, errors = {}, () for form in self.forms: + form.check_mode() form.updateWidgets() form.updateActions() form_data, form_errors = form.extractData() @@ -441,7 +445,7 @@ buttons = Buttons(Interface) - def __init__(self, context, request, view): + def __init__(self, context, request, view=None): super(InnerEditForm, self).__init__(context, request) self.parent_form = view @@ -477,7 +481,7 @@ buttons = Buttons(Interface) - def __init__(self, context, request, view): + def __init__(self, context, request, view=None): super(InnerDisplayForm, self).__init__(context, request) self.parent_form = view