Skip to content

Commit

Permalink
check for "collective.easyform.DownloadSavedInput" permission, before…
Browse files Browse the repository at this point in the history 
… including the saved data in serializer
  • Loading branch information
@MrTango
MrTango committed Nov 2, 2023
1 parent b5c2a4e commit 1bd342d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
3 changes: 2 additions & 1 deletion CHANGES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ Changelog
4.1.5 (unreleased)
------------------

- Nothing changed yet.
- check for "collective.easyform.DownloadSavedInput" permission, before including the saved data in serializer.
[MrTango]


4.1.4 (2023-07-27)
Expand Down
5 changes: 3 additions & 2 deletions src/collective/easyform/serializer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from zope.schema import getFieldsInOrder
from zope.schema.interfaces import ISet, IDate, IDatetime

from plone import api
from plone.restapi.serializer.dxcontent import SerializeToJson as DXContentToJson
from plone.restapi.deserializer.dxcontent import (
DeserializeFromJson as DXContentFromJson,
Expand All @@ -37,8 +38,8 @@
class SerializeToJson(DXContentToJson):
def __call__(self, version=None, include_items=True):
result = super(SerializeToJson, self).__call__(version, include_items)
self.serializeSavedData(result)

if api.user.has_permission('collective.easyform.DownloadSavedInput', obj=self.context):
self.serializeSavedData(result)
return result

def serializeSavedData(self, result):
Expand Down

0 comments on commit 1bd342d

Please sign in to comment.