Post by Ivan TyagovHi,
Post by Jacek MedrzyckiWe have just find out on our site that its possible to add a content
to an object regardless of the settings in "Allowed content type" box.
For instance, it was possible to add (by the script) a Person to a
Person, despite the fact that Person is not an allowed content type
for Person.
Yes, it's possible because such a check is not applied.
This patch to Products.ERP5Type.Core.Folder (see attached) implements
this check but still it's not tested thoroughly. You can try it and
maybe send feedback?
types, the system would raise an exception. So the check was
implemented, but apparently is not there anymore. Was it removed, or what?
Post by Ivan TyagovPost by Jacek MedrzyckiI've made an svn update for products but the problem persists.
It should persists. Patch is not (yet) applied to SVN.
I think we can classify it as a bug unless that's the "expected/normal"
behavior?
Regards
Ivan
------------------------------------------------------------------------
Index: Folder.py
===================================================================
--- Folder.py (revision 12682)
+++ Folder.py (working copy)
@@ -88,7 +88,13 @@
# XXX This feature is very confusing
# And made the code more difficult to update
portal_type = container.allowedContentTypes()[0].id
-
+ # is portal_type allowed to add ?
+ allowed_content_types = []
+ allowed_content_types.append(pt.id)
+ raise RuntimeError, \
+ "You are not allowed to add %s type to container (%s)." %(portal_type, container.getRelativeUrl())
from Products.ERP5Type import Document
# we get an object from factory only for first temp container object
------------------------------------------------------------------------
_______________________________________________
Erp5-dev mailing list
Erp5-dev at erp5.org
http://erp5.org/mailman/listinfo/erp5-dev