[IMP] Event Security Fix + Publish Track
bzr revid: fp@tinyerp.com-20140227131144-8rq3woldpl1zbppj
This commit is contained in:
parent
3324351bf6
commit
100cc571cd
|
@ -187,18 +187,6 @@ class website_event(http.Controller):
|
|||
}
|
||||
return request.website.render("website_event.event_description_full", values)
|
||||
|
||||
@http.route(['/event/publish'], type='json', auth="public", website=True)
|
||||
def publish(self, id, object):
|
||||
# if a user publish an event, he publish all linked res.partner
|
||||
event = request.registry[object].browse(request.cr, request.uid, int(id))
|
||||
if not event.website_published:
|
||||
if event.organizer_id and not event.organizer_id.website_published:
|
||||
event.organizer_id.write({'website_published': True})
|
||||
if event.address_id and not event.address_id.website_published:
|
||||
event.address_id.write({'website_published': True})
|
||||
|
||||
return controllers.publish(id, object)
|
||||
|
||||
@http.route('/event/add_event/', type='http', auth="user", multilang=True, methods=['POST'], website=True)
|
||||
def add_event(self, event_name="New Event", **kwargs):
|
||||
return self._add_event(event_name, request.context, **kwargs)
|
||||
|
|
|
@ -189,11 +189,6 @@
|
|||
</ol>
|
||||
</div>
|
||||
<div class="col-sm-5" groups="event.group_event_manager">
|
||||
<t t-call="website.publish_management">
|
||||
<t t-set="object" t-value="event"/>
|
||||
<t t-set="publish_edit" t-value="True"/>
|
||||
<t t-set="publish_controller">/event/publish</t>
|
||||
</t>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -266,7 +261,6 @@
|
|||
<t t-call="website.publish_management">
|
||||
<t t-set="object" t-value="comment"/>
|
||||
<t t-set="publish_edit" t-value="True"/>
|
||||
<t t-set="publish_controller">/event/publish</t>
|
||||
</t>
|
||||
<t t-raw="comment.body"/>
|
||||
<small class="pull-right muted text-right">
|
||||
|
|
|
@ -194,6 +194,12 @@
|
|||
<template id="track_view">
|
||||
<t t-call="website_event.layout">
|
||||
<div class="container">
|
||||
<t t-call="website.publish_management">
|
||||
<t t-set="object" t-value="track"/>
|
||||
<t t-set="publish_edit" t-value="True"/>
|
||||
</t>
|
||||
<div class="clearfix"/>
|
||||
|
||||
<h2 t-field="track.name" class="text-center"/>
|
||||
<h3 t-field="event.name" class="text-center text-muted"/>
|
||||
<ul t-if="track.tag_ids" class="text-center text-muted list-inline">
|
||||
|
|
Loading…
Reference in New Issue