remove comment from the code that implement for the security

bzr revid: mga@tinyerp.com-8727f031c11e3adc8f71fc5c585e6cc99ffa4da3
2008-04-16 03:59:40 +00:00 · 2008-04-16 03:59:40 +00:00 · 9e5c9c7c99
parent bee7076f8d
commit 9e5c9c7c99
1 changed files with 15 additions and 14 deletions
--- a/bin/addons/base/ir/ir_values.py
+++ b/bin/addons/base/ir/ir_values.py
@ -229,20 +229,21 @@ class ir_values(osv.osv):
 		keys = []
 		res = filter(bool, map(lambda x: _result_get(x, keys), list(result)))
 		res2 = res[:]
-#		for r in res:
-#			if r[2]['type'] == 'ir.actions.report.xml' or r[2]['type'] == 'ir.actions.report.xml':
-#				print 
-#				if r[2].has_key('groups_id'):
-#					groups = r[2]['groups_id']
-#					if len(groups) > 0:
-#						group_ids = ','.join([ str(x) for x in r[2]['groups_id']])
-#						cr.execute("select count(*) from res_groups_users_rel where gid in (%s) and uid='%s'" % (group_ids, uid))
-#						gr_ids = cr.fetchall()
-#						if not gr_ids[0][0] > 0:
-#							res2.remove(r)
-#				else:
-#					#raise osv.except_osv('Error !','You have not permission to perform operation !!!')
-#					res2.remove(r)
+		for r in res:
+			if type(r) == type([]):
+				if r[2]['type'] == 'ir.actions.report.xml' or r[2]['type'] == 'ir.actions.report.xml':
+					print 
+					if r[2].has_key('groups_id'):
+						groups = r[2]['groups_id']
+						if len(groups) > 0:
+							group_ids = ','.join([ str(x) for x in r[2]['groups_id']])
+							cr.execute("select count(*) from res_groups_users_rel where gid in (%s) and uid='%s'" % (group_ids, uid))
+							gr_ids = cr.fetchall()
+							if not gr_ids[0][0] > 0:
+								res2.remove(r)
+					else:
+						#raise osv.except_osv('Error !','You have not permission to perform operation !!!')
+						res2.remove(r)
 		return res2
 ir_values()