|
1
|
|
|
# -*- coding: utf-8 -*- |
|
2
|
|
|
# |
|
3
|
|
|
# This file is part of SENAITE.CORE. |
|
4
|
|
|
# |
|
5
|
|
|
# SENAITE.CORE is free software: you can redistribute it and/or modify it under |
|
6
|
|
|
# the terms of the GNU General Public License as published by the Free Software |
|
7
|
|
|
# Foundation, version 2. |
|
8
|
|
|
# |
|
9
|
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT |
|
10
|
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
11
|
|
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
|
12
|
|
|
# details. |
|
13
|
|
|
# |
|
14
|
|
|
# You should have received a copy of the GNU General Public License along with |
|
15
|
|
|
# this program; if not, write to the Free Software Foundation, Inc., 51 |
|
16
|
|
|
# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
17
|
|
|
# |
|
18
|
|
|
# Copyright 2018-2020 by it's authors. |
|
19
|
|
|
# Some rights reserved, see README and LICENSE. |
|
20
|
|
|
from AccessControl import Unauthorized |
|
21
|
|
|
from Products.CMFCore.permissions import View |
|
22
|
|
|
from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile |
|
23
|
|
|
from plone.app.portlets.portlets.navigation import Renderer as BaseRenderer |
|
24
|
|
|
|
|
25
|
|
|
from bika.lims import api |
|
26
|
|
|
from bika.lims.api.security import check_permission |
|
27
|
|
|
|
|
28
|
|
|
|
|
29
|
|
|
class NavigationPortletRenderer(BaseRenderer): |
|
30
|
|
|
_template = ViewPageTemplateFile( |
|
31
|
|
|
"templates/plone.app.portlets.portlets.navigation.pt") |
|
32
|
|
|
recurse = ViewPageTemplateFile( |
|
33
|
|
|
"templates/plone.app.portlets.portlets.navigation_recurse.pt") |
|
34
|
|
|
|
|
35
|
|
|
def createNavTree(self): |
|
36
|
|
|
data = self.getNavTree() |
|
37
|
|
|
|
|
38
|
|
|
# We only want the items from the nav tree for which current user has |
|
39
|
|
|
# "View" permission granted |
|
40
|
|
|
data = self.purge_nav_tree(data) |
|
41
|
|
|
|
|
42
|
|
|
bottomLevel = self.data.bottomLevel or self.properties.getProperty('bottomLevel', 0) |
|
43
|
|
|
|
|
44
|
|
|
if bottomLevel < 0: |
|
45
|
|
|
# Special case where navigation tree depth is negative |
|
46
|
|
|
# meaning that the admin does not want the listing to be displayed |
|
47
|
|
|
return self.recurse([], level=1, bottomLevel=bottomLevel) |
|
48
|
|
|
else: |
|
49
|
|
|
return self.recurse(children=data.get('children', []), level=1, bottomLevel=bottomLevel) |
|
50
|
|
|
|
|
51
|
|
|
def purge_nav_tree(self, data): |
|
52
|
|
|
"""Purges the items of the nav tree for which the current user does not |
|
53
|
|
|
have "View" permission granted |
|
54
|
|
|
""" |
|
55
|
|
|
item = data.get("item", "") |
|
56
|
|
|
if item: |
|
57
|
|
|
# Check if current user has "View" permission granted |
|
58
|
|
|
try: |
|
59
|
|
|
if not check_permission(View, item): |
|
60
|
|
|
return None |
|
61
|
|
|
except Unauthorized: |
|
62
|
|
|
return None |
|
63
|
|
|
|
|
64
|
|
|
if "children" in data: |
|
65
|
|
|
children = map(self.purge_nav_tree, data["children"]) |
|
66
|
|
|
children = filter(None, children) |
|
67
|
|
|
data["children"] = children |
|
68
|
|
|
|
|
69
|
|
|
return data |
|
70
|
|
|
|
senaite /
senaite.core
