Menu
▾
▴
[bika-dev] Help with livesearch
|
From: Anneline S. <ann...@bi...> - 2006-10-09 13:13:06
|
I need some help here - can't figure out how to address this problem... Details are in [ bika-Bugs-1573299 ] LiveSearch Results which I copy at = the bottom for completeness. Essentially the problem: The livesearch offers a list of all the items matching the search value, but if you click on the search button, only those for which the user has permissions is presented in the main = screen. But if you click on one of the items on the drop down, for which you don't have permissions, you either get 'no privileges'or in the case of invoice line items, where permissions have not been set, you get to see the item. I could put a permissions check in the livesearch_reply.py, but surely = this will be an unacceptable performance overhead?=20 Is there a better way of doing this?=20 1) When using Live search logged in as a contact, and you search i.e. on PointA, then it shows the result (PointA) in the listing, but when clicking it and you have no right to see the object, then an ' insufficient priviledges' page shows. comment Lemoene: only results to which the user has access to is listed in the search results 2) it also shows the invoice items (status: 'public draft'. Should a contact be able to see them? i.e.: http://bbklab.co.za:8080/bika/invoices/invoicebatch_1/MS-0001/invoiceline= item_2 3) (Request) Should it not show the list of AR's that PointA is used for, against that contact/client?=20 I.e. should the LiveSearch not also list all the objects that ARE linked to the search term' that ARE allowed to be seen by the login type? This seems to be (not) working in the same way as in bika 1.1 In fact, there are more problems: (applying to both bika 1.1 and 1.2) Searching for an analysis service, lists the definition (no privileges) and the statement line item (which it shows regardless of ownership) and pricelist item (which it shows) but no AR's with that service. Searching for cultivar/samplepoint, lists definition (no privileges), statement item, but no AR's with that cultivar Searching for AR number, shows ARs correctly if owned, but also statement items to all.=20 So, major problem here seems to be the invoice line items, which do not have workflow, hence no permissions defined.=20 Working on it...The livesearch offers a list of all the items matching = the search value, but if you click on the search button, only those for which the user has permissions is presented. But if you click on one of the items on the drop down, for which you don't have permissions, you either get 'no privileges'or in the case of invoice line items, where permissions have not been set, you get to see the item. |
