From: Kevin C. <ke...@us...> - 2005-04-25 13:41:33
|
Update of /cvsroot/mailmanager/mailmanager/Extensions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30382/Extensions Modified Files: Tag: db-backend TicketPluggableBrain.py Log Message: added in checkAuthorized function, and changed the security permissions on the ticket index so that customers can use it. We are now doing additional checks on the ticket page to make sure tickets can only be viewed by their owners. Fixed getPrevNext, which should also be a bit clearer to read now. There was an obiwan error for offset=0 on there which is now gone. Index: TicketPluggableBrain.py =================================================================== RCS file: /cvsroot/mailmanager/mailmanager/Extensions/Attic/TicketPluggableBrain.py,v retrieving revision 1.1.2.27 retrieving revision 1.1.2.28 diff -u -d -r1.1.2.27 -r1.1.2.28 --- TicketPluggableBrain.py 21 Apr 2005 16:04:00 -0000 1.1.2.27 +++ TicketPluggableBrain.py 25 Apr 2005 13:41:24 -0000 1.1.2.28 @@ -2,6 +2,7 @@ from Globals import InitializeClass from AccessControl import ClassSecurityInfo, getSecurityManager from DateTime import DateTime +from zExceptions.unauthorized import Unauthorized # 3rd party modules. from psycopg import Binary @@ -10,13 +11,25 @@ import re import operator + from_escape = re.compile('^>*From ') class TicketPluggableBrain: security = ClassSecurityInfo() security.setPermissionDefault('MailManager Manage Tickets', - ['Tickets', 'Owner']) + ['Tickets', 'Customer']) + + security.declareProtected('MailManager Manage Tickets', 'checkAuthorized') + def checkAuthorized(self): + user = getSecurityManager().getUser() + + if not 'Tickets' in user.roles: + username = user.getUserName() + addrs = self.sql.getCustomerAddresses(username=username) + if not self['from_email'] in addrs: + print "Not allowed!" +# raise Unauthorized() security.declareProtected('MailManager Manage Tickets', 'index_html') def index_html(self, REQUEST): @@ -363,23 +376,42 @@ security.declareProtected('MailManager Manage Tickets', 'getPrevNext') def getPrevNext(self, request): - """Get the previous and next ticket ids.""" + """ + Get the previous and next ticket ids. The supplied variable offset + is the current position in the list of tickets. We retreive the + ticket previous to the offset and the one after. Return value is + a tuple containing the previous ticket id, and the next ticket id. + """ offset = request.get('offset') if offset is None: return (None, None) - count = self.listTickets(request, count=True)[0].count - results = self.listTickets(request, offset=max(offset-1, 0), limit=3) - if not results: - return (None, None) + if offset == 0: - prev_id = None - else: - prev_id = results[0].id - if offset+1 == count: - next_id = None + # If we are at the start of the result set, the previous ticket + # does not exist. Only retreive two tickets. + results = self.listTickets(request, offset=0, limit=2) + if not results: + return (None, None) + + if len(results) == 2: + return (None, results[1].id) + else: + return (None, None) + else: - next_id = results[2].id - return (prev_id, next_id) + # We are in the middle of a result set, so we want to try and + # retrieve three tickets (previous, current, next) + results = self.listTickets(request, offset=max(offset-1, 0), limit=3) + if not results: + return (None, None) + + if len(results) == 3: + return(results[0].id, results[2].id) + elif len(results) > 0: + return(results[0].id, None) + else: + return (None, None) + # Utility Functions |