From b2dbef2bc4020a3a2868e25d40a869bc452eb2ae Mon Sep 17 00:00:00 2001
From: Gaetan Delannay <gaetan.delannay@gmail.com>
Date: Sat, 3 May 2014 15:18:41 +0200
Subject: [PATCH] Improved class appy.Hack to be able to hack static methods as
 well; [gen] pod field can now accept a string in param 'showTemplate' if a
 single format is accepted; when showing linked objects in a ref field, we
 show a message and no data for every object the currently logged user is not
 allowed to read; improved the default UI layout (less table borders).

---
 __init__.py                 | 26 +++++++++++++++++++-------
 fields/pod.py               |  1 +
 fields/ref.py               | 19 +++++++++++++------
 fields/workflow.py          |  9 ++++++++-
 gen/tr/Appy.pot             |  4 ++++
 gen/tr/ar.po                |  4 ++++
 gen/tr/de.po                |  4 ++++
 gen/tr/en.po                |  4 ++++
 gen/tr/es.po                |  4 ++++
 gen/tr/fr.po                |  4 ++++
 gen/tr/it.po                |  4 ++++
 gen/tr/nl.po                |  4 ++++
 gen/ui/appy.css             |  3 +--
 gen/ui/appywide.css         |  2 +-
 gen/utils.py                |  7 +++----
 gen/wrappers/ToolWrapper.py |  2 +-
 16 files changed, 79 insertions(+), 22 deletions(-)

diff --git a/__init__.py b/__init__.py
index a2cd311..e9f4877 100644
--- a/__init__.py
+++ b/__init__.py
@@ -49,21 +49,33 @@ class Hack:
     '''This class proposes methods for patching some existing code with
        alternative methods.'''
     @staticmethod
-    def patch(method, replacement):
+    def patch(method, replacement, klass=None):
         '''This method replaces m_method with a p_replacement method, but
            keeps p_method on its class under name
            "_base_<initial_method_name>_". In the patched method, one may use
-           Hack.base to call the base method.'''
+           Hack.base to call the base method. If p_method is static, you must
+           specify its class in p_klass.'''
         # Get the class on which the surgery will take place.
-        klass = method.im_class
+        isStatic = klass
+        klass = klass or method.im_class
         # On this class, store m_method under its "base" name.
-        name = method.im_func.__name__
+        name = isStatic and method.func_name or method.im_func.__name__
         baseName = '_base_%s_' % name
         setattr(klass, baseName, method)
-        # Store the replacement method on klass.
+        # Store the replacement method on klass. When doing so, even when
+        # m_method is static, it is wrapped in a method. This is why, in
+        # m_base below, when the method is static, we return method.im_func to
+        # retrieve the original static method.
         setattr(klass, name, replacement)
 
     @staticmethod
-    def base(method):
-        return getattr(method.im_class, '_base_%s_' % method.im_func.__name__)
+    def base(method, klass=None):
+        '''Allows to call the base (replaced) method. If p_method is static,
+           you must specify its p_klass.'''
+        isStatic = klass
+        klass = klass or method.im_class
+        name = isStatic and method.func_name or method.im_func.__name__
+        res = getattr(klass, '_base_%s_' % name)
+        if isStatic: res = res.im_func
+        return res
 # ------------------------------------------------------------------------------
diff --git a/fields/pod.py b/fields/pod.py
index 1f288e3..42dc531 100644
--- a/fields/pod.py
+++ b/fields/pod.py
@@ -249,6 +249,7 @@ class Pod(Field):
                 formats = self.showTemplate(obj, template)
                 if not formats: continue
                 formats = isManager and self.getAllFormats(template) or formats
+                if isinstance(formats, basestring): formats = (formats,)
                 res.append(Object(template=template, formats=formats,
                            freezeFormats=self.getFreezeFormats(obj, template)))
         return res
diff --git a/fields/ref.py b/fields/ref.py
index 8253835..c6ad77a 100644
--- a/fields/ref.py
+++ b/fields/ref.py
@@ -214,7 +214,8 @@ class Ref(Field):
      <x>:tool.pxNavigate</x>
 
      <!-- No object is present -->
-     <p class="discreet" if="not objects and not showPlusIcon">:_('no_ref')</p>
+     <p class="discreet"
+        if="not objects and (innerRef and showPlusIcon)">:_('no_ref')</p>
 
      <!-- Linked objects -->
      <table if="objects" class=":not innerRef and 'list' or ''"
@@ -240,23 +241,29 @@ class Ref(Field):
       <tr for="tied in objects" valign="top"
           class=":loop.tied.odd and 'even' or 'odd'"
           var2="tiedUid=tied.o.id;
-                objectIndex=field.getIndexOf(zobj, tiedUid)|None">
+                objectIndex=field.getIndexOf(zobj, tiedUid)|None;
+                mayView=tied.allows('read')">
        <td if="not inPickList and numbered">:field.pxNumber</td>
        <td for="column in columns" width=":column.width" align=":column.align"
            var2="refField=column.field">
         <!-- The "title" field -->
         <x if="refField.name == 'title'">
-         <x>:field.pxObjectTitle</x>
-         <div if="tied.o.mayAct()">:field.pxObjectActions</div>
+         <x if="mayView">
+          <x>:field.pxObjectTitle</x>
+          <div if="tied.o.mayAct()">:field.pxObjectActions</div>
+         </x>
+         <div if="not mayView">
+          <img src=":url('fake')" style="margin-right: 5px"/>
+          <x>:_('unauthorized')</x></div>
         </x>
         <!-- Any other field -->
-        <x if="refField.name != 'title'">
+        <x if="(refField.name != 'title') and mayView">
          <x var="zobj=tied.o; obj=tied; layoutType='cell';
                  innerRef=True; field=refField"
             if="field.isShowable(zobj, 'result')">:field.pxRender</x>
         </x>
        </td>
-       <td if="checkboxes" class="cbCell">
+       <td if="checkboxes and mayView" class="cbCell">
         <input type="checkbox" name=":ajaxHookId" checked="checked"
                value=":tiedUid" onclick="toggleRefCb(this)"/>
        </td>
diff --git a/fields/workflow.py b/fields/workflow.py
index bb6f641..d56690d 100644
--- a/fields/workflow.py
+++ b/fields/workflow.py
@@ -395,7 +395,14 @@ class Transition:
         self.trigger(name, obj, wf, rq.get('comment', ''), reindex=False)
         # Reindex obj if required.
         if not obj.isTemporary(): obj.reindex()
-        return tool.goto(obj.getUrl(rq['HTTP_REFERER']))
+        # If we are viewing the object and if the logged user looses the
+        # permission to view it, redirect the user to its home page.
+        if not obj.allows('read') and \
+           (obj.absolute_url_path() in rq['HTTP_REFERER']):
+            back = tool.getHomePage()
+        else:
+            back = obj.getUrl(rq['HTTP_REFERER'])
+        return tool.goto(back)
 
     @staticmethod
     def getBack(workflow, transition):
diff --git a/gen/tr/Appy.pot b/gen/tr/Appy.pot
index f89465d..87b03a9 100644
--- a/gen/tr/Appy.pot
+++ b/gen/tr/Appy.pot
@@ -710,3 +710,7 @@ msgstr ""
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr ""
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr ""
diff --git a/gen/tr/ar.po b/gen/tr/ar.po
index c6197b3..0d65a2f 100644
--- a/gen/tr/ar.po
+++ b/gen/tr/ar.po
@@ -710,3 +710,7 @@ msgstr ""
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr ""
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr ""
diff --git a/gen/tr/de.po b/gen/tr/de.po
index c5cbb7d..a1c027d 100644
--- a/gen/tr/de.po
+++ b/gen/tr/de.po
@@ -710,3 +710,7 @@ msgstr ""
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr ""
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr ""
diff --git a/gen/tr/en.po b/gen/tr/en.po
index 813bb1f..3241133 100644
--- a/gen/tr/en.po
+++ b/gen/tr/en.po
@@ -711,3 +711,7 @@ msgstr "${date} - This page is locked by ${user}."
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr "You are not allowed to consult this."
diff --git a/gen/tr/es.po b/gen/tr/es.po
index f49e40a..1c782d1 100644
--- a/gen/tr/es.po
+++ b/gen/tr/es.po
@@ -710,3 +710,7 @@ msgstr ""
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr ""
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr ""
diff --git a/gen/tr/fr.po b/gen/tr/fr.po
index 6e47ab8..be42cb7 100644
--- a/gen/tr/fr.po
+++ b/gen/tr/fr.po
@@ -711,3 +711,7 @@ msgstr "${date} - Cette page est verrouillée par ${user}."
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr "Dans certaines situations, en quittant cette page de cette manière, vous pouvez perdre les données encodées ou empêcher d'autres utilisateurs de les éditer par la suite. Veuillez utilisez les boutons ad hoc."
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr "Vous n'êtes pas autorisé à consulter ceci."
diff --git a/gen/tr/it.po b/gen/tr/it.po
index b9cee8c..849468e 100644
--- a/gen/tr/it.po
+++ b/gen/tr/it.po
@@ -710,3 +710,7 @@ msgstr ""
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr ""
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr ""
diff --git a/gen/tr/nl.po b/gen/tr/nl.po
index fd00039..1fb9f8f 100644
--- a/gen/tr/nl.po
+++ b/gen/tr/nl.po
@@ -710,3 +710,7 @@ msgstr ""
 #. Default: "In some situations, by leaving this page this way, you may lose encoded data or prevent other users from editing it afterwards. Please use buttons instead."
 msgid "warn_leave_form"
 msgstr ""
+
+#. Default: "You are not allowed to consult this."
+msgid "unauthorized"
+msgstr ""
diff --git a/gen/ui/appy.css b/gen/ui/appy.css
index 39741df..fe6bede 100644
--- a/gen/ui/appy.css
+++ b/gen/ui/appy.css
@@ -52,8 +52,7 @@ img { border: 0; vertical-align: middle }
 .xhtml p { margin: 3px 0 7px 0 }
 .clickable { cursor: pointer }
 .refLink { font-style: italic; padding-left: 5px; font-size: 90%; color: grey }
-.main { width: 900px; height: 95%; box-shadow: 3px 3px 3px #A9A9A9;
-        border-style: solid; border-width: 1px; border-color: grey}
+.main { width: 900px; height: 95%; box-shadow: 3px 3px 3px #A9A9A9 }
 .top { height: 89px; margin-left: 3em; vertical-align: top;
        background-color: white }
 .lang { margin-right: 6px }
diff --git a/gen/ui/appywide.css b/gen/ui/appywide.css
index 0f982b0..614ca9f 100644
--- a/gen/ui/appywide.css
+++ b/gen/ui/appywide.css
@@ -1,2 +1,2 @@
 body { margin: 0 }
-.main {border: 0; width: 100%; height: 100%}
+.main { width: 100%; height: 100% }
diff --git a/gen/utils.py b/gen/utils.py
index 890064d..a424738 100644
--- a/gen/utils.py
+++ b/gen/utils.py
@@ -225,8 +225,7 @@ class No:
        can't be triggered, do not return False, return an instance of No
        instead. When creating such an instance, you can specify an error
        message.'''
-    def __init__(self, msg):
-        self.msg = msg
-    def __nonzero__(self):
-        return False
+    def __init__(self, msg): self.msg = msg
+    def __nonzero__(self): return False
+    def __repr__(self): return '<No: %s>' % self.msg
 # ------------------------------------------------------------------------------
diff --git a/gen/wrappers/ToolWrapper.py b/gen/wrappers/ToolWrapper.py
index 33ae29d..efacad4 100644
--- a/gen/wrappers/ToolWrapper.py
+++ b/gen/wrappers/ToolWrapper.py
@@ -394,7 +394,7 @@ class ToolWrapper(AbstractWrapper):
                refInfo=ztool.getRefInfo();
                refObject=refInfo[0];
                refField=refInfo[1];
-               refUrlPart=refObject and ('&amp;ref=%s:%s' % (refObject.UID(), \
+               refUrlPart=refObject and ('&amp;ref=%s:%s' % (refObject.id, \
                                                              refField)) or '';
                startNumber=req.get('startNumber', '0');
                startNumber=int(startNumber);