Closed jochumdev closed 3 years ago
@tdesvenain can you have look on this please?
@vincentfretin or @ebrehault can you review/merge these pull requests or tell us who would be responsible for that? thanks a lot!
Hi, I agree with checking security on fields, but here, you check security on export context, not on each exported object indeed, you can add a security check at the get value level.
above that, you can add in collective.excelexport a method get_ordered_allowed_fields that checks the permission on a given context and add an exportable that checks the field permissions at portal level, and document how to use it instead of default one
Only export fields where the current user has the permission to read that field. The security check doesn't not happen on the object but on the context of the calling view for performance reasons.
Signed-off-by: Rene Jochum rene@jochums.at