Update of /cvsroot/openinteract/OpenInteract2/pkg/whats_new/template
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1265/template
Modified Files:
list.tmpl form.tmpl
Log Message:
remove object-level security, ensure app security is of the 'only allowed' variety; use URL-params where possible; try to eliminate double adding...
Index: list.tmpl
===================================================================
RCS file: /cvsroot/openinteract/OpenInteract2/pkg/whats_new/template/list.tmpl,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** list.tmpl 25 Sep 2004 18:20:32 -0000 1.3
--- list.tmpl 22 Sep 2005 03:37:53 -0000 1.4
***************
*** 11,14 ****
--- 11,17 ----
] ) -%]
+ [%# NOTE: items where active == 'no' are filtered out for
+ non-admins, so they never even get this far... %]
+
[%- count = 1 -%]
[% WHILE ( new_item = iterator.get_next ) %]
***************
*** 23,29 ****
<td>[% new_item.listing_type %] </td>
<td><a href="[% new_item.url %]">[% new_item.title %]</a></td>
! [%- IF new_item.tmp_security_level >= OI.security_level.write -%]
! [% edit_url = OI.make_url( ACTION = 'new' TASK = 'display_form',
! new_id = new_item.id ) %]
<td><a href="[% edit_url %]">[% MSG( 'global.label.edit' ) %]</a></td>
[% ELSE -%]
--- 26,32 ----
<td>[% new_item.listing_type %] </td>
<td><a href="[% new_item.url %]">[% new_item.title %]</a></td>
! [%- IF ACTION.task_security_allowed( 'display_form' ) -%]
! [% edit_url = OI.make_url( ACTION = 'new', TASK = 'display_form',
! URL_PARAMS = new_item.id ) %]
<td><a href="[% edit_url %]">[% MSG( 'global.label.edit' ) %]</a></td>
[% ELSE -%]
Index: form.tmpl
===================================================================
RCS file: /cvsroot/openinteract/OpenInteract2/pkg/whats_new/template/form.tmpl,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** form.tmpl 25 Sep 2004 18:20:32 -0000 1.3
--- form.tmpl 22 Sep 2005 03:37:53 -0000 1.4
***************
*** 6,13 ****
? MSG( 'whats_new.form.title_update' )
: MSG( 'whats_new.form.title_new' );
! OI.page_title( title ); -%]
!
! [%- remove_url = OI.make_url( ACTION = 'new', TASK = 'remove',
! new_id = whats_new.id ) -%]
<p align="right">
[% MSG( 'whats_new.form.remove_link', remove_url ) %]
--- 6,12 ----
? MSG( 'whats_new.form.title_update' )
: MSG( 'whats_new.form.title_new' );
! OI.page_title( title );
! remove_url = OI.make_url( ACTION = 'new', TASK = 'remove',
! URL_PARAMS = whats_new.id ) -%]
<p align="right">
[% MSG( 'whats_new.form.remove_link', remove_url ) %]
***************
*** 60,64 ****
[%- count = count + 1 -%]
[% INCLUDE label_form_text_row( label_key = 'whats_new.info.object_id',
! name = 'object_id', value = whats_new.object_id,
size = 40, maxlength = 150 ) -%]
--- 59,64 ----
[%- count = count + 1 -%]
[% INCLUDE label_form_text_row( label_key = 'whats_new.info.object_id',
! name = 'object_id',
! value = whats_new.object_id,
size = 40, maxlength = 150 ) -%]
|
