jochumdev
commented
8 years ago @tdesvenain can you have look on this please?
Closed jochumdev closed 3 years ago
jochumdev
commented
8 years ago @tdesvenain can you have look on this please?
frisi
commented
8 years ago @vincentfretin or @ebrehault can you review/merge these pull requests or tell us who would be responsible for that? thanks a lot!
tdesvenain
commented
8 years ago Hi, I agree with checking security on fields, but here, you check security on export context, not on each exported object indeed, you can add a security check at the get value level.
above that, you can add in collective.excelexport a method get_ordered_allowed_fields that checks the permission on a given context and add an exportable that checks the field permissions at portal level, and document how to use it instead of default one
Only export fields where the current user has the permission to read that field. The security check doesn't not happen on the object but on the context of the calling view for performance reasons.
Signed-off-by: Rene Jochum rene@jochums.at