def test_escape_dossier_title_to_prevent_xss(self, browser):
self.login(self.regular_user, browser=browser)
self.dossier.title = u'<b>B\xf6ld title</b>'
TaskSqlSyncer(self.subtask, None).sync()
TaskSqlSyncer(self.task, None).sync()
browser.open(self.dossier, view='tabbedview_view-tasks')
table = browser.css('.listing').first
second_row_dossier_cell = table.rows[1].css(
'td:nth-child(10) .maindossierLink').first
self.assertEquals(
u'<b>B\xf6ld title</b>',
second_row_dossier_cell.innerHTML.strip().strip('\n'))
def save_reference_number_prefix(obj, event):
if IDontIssueDossierReferenceNumber.providedBy(obj.REQUEST):
return
if IObjectRemovedEvent.providedBy(event):
return
parent = aq_parent(aq_inner(obj))
prefix_adapter = IReferenceNumberPrefix(parent)
if not prefix_adapter.get_number(obj):
prefix_adapter.set_number(obj)
# because we can't control the order of event handlers we have to sync
# all containing tasks manually
catalog = api.portal.get_tool('portal_catalog')
tasks = catalog({
'path': '/'.join(obj.getPhysicalPath()),
'object_provides': 'opengever.task.task.ITask',
'depth': -1
})
for task in tasks:
TaskSqlSyncer(task.getObject(), None).sync()
# And also proposals
proposals = catalog({
'path': '/'.join(obj.getPhysicalPath()),
'object_provides': 'opengever.meeting.proposal.IProposal',
'depth': -1
})
for proposal in proposals:
ProposalSqlSyncer(proposal.getObject(), None).sync()
obj.reindexObject(idxs=['reference'])
def create_subtask_response(context, event):
"""When adding a new task object within a task(subtask),
it adds a response to the maintask.
"""
# the event is fired multiple times when the task was transported, so we
# need to verify that the request was not called by another client.
request = context.REQUEST
if request.get_header('X-OGDS-AC', None) or \
request.get_header('X-OGDS-AUID', None) or \
request.get('X-CREATING-SUCCESSOR', None):
return
parent = aq_parent(aq_inner(context))
if ITask.providedBy(parent):
if ITask.providedBy(context):
transition = 'transition-add-subtask'
# If the the added object is a subtask we have to make sure
# that the subtask is already synced to the globalindex
if not context.get_sql_object():
TaskSqlSyncer(context, event).sync()
elif IBaseDocument.providedBy(context):
transition = 'transition-add-document'
# add a response with a link to the object
add_simple_response(parent,
added_object=context,
transition=transition)
def change_task_workflow_state(task, transition, **kwargs):
"""Changes the workflow state of the task by executing a transition
and adding a response. The keyword args are passed to
add_simple_response, allowing to add additional information on the
created response.
"""
wftool = getToolByName(task, 'portal_workflow')
before = wftool.getInfoFor(task, 'review_state')
before = wftool.getTitleForStateOnType(before, task.Type())
response = add_simple_response(task, transition=transition, **kwargs)
wftool.doActionFor(task, transition)
TaskSqlSyncer(task, None).sync()
after = wftool.getInfoFor(task, 'review_state')
after = wftool.getTitleForStateOnType(after, task.Type())
response.add_change('review_state', _(u'Issue state'), before, after)
response.transition = transition
return response