From a0e5c0762bf2a969b4cbc6ddf511ec4b7f5289ee Mon Sep 17 00:00:00 2001 From: Ramon Bartl Date: Tue, 2 Feb 2021 21:32:03 +0100 Subject: [PATCH 1/2] Disallow results entry when sample modification is not allowed --- src/bika/lims/browser/analyses/view.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/bika/lims/browser/analyses/view.py b/src/bika/lims/browser/analyses/view.py index a6454d135b..c443daf9c4 100644 --- a/src/bika/lims/browser/analyses/view.py +++ b/src/bika/lims/browser/analyses/view.py @@ -55,6 +55,7 @@ from DateTime import DateTime from plone.memoize import view as viewcache from Products.Archetypes.config import REFERENCE_CATALOG +from Products.CMFCore.permissions import ModifyPortalContent from Products.CMFPlone.utils import safe_unicode from senaite.app.listing import ListingView from zope.component import getAdapters @@ -297,6 +298,10 @@ def is_analysis_edition_allowed(self, analysis_brain): # inside a deactivated Analysis Request, for instance return False + if not self.has_permission(ModifyPortalContent, obj=self.context): + # skip any further checks if the sample can not be modified + return False + analysis_obj = self.get_object(analysis_brain) if analysis_obj.getPointOfCapture() == 'field': # This analysis must be captured on field, during sampling. From c653be01567f0d38cbaa81e155465d5f40618b86 Mon Sep 17 00:00:00 2001 From: Ramon Bartl Date: Tue, 2 Feb 2021 21:36:37 +0100 Subject: [PATCH 2/2] Changelog updated --- CHANGES.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.rst b/CHANGES.rst index 096aa92340..b9a42105d9 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -4,6 +4,7 @@ Changelog 2.0.0 (unreleased) ------------------ +- #1767 Disallow results entry when sample modification is not allowed - #1755 Set markup schema to `html/text` as default for RichText fields - #1754 Fix KeyError in calculation validator - #1753 Fixed indexing of partitions and missing metadata generation