CVS Commit Overview for 2008-01-23
==================================
2008-01-23 Marko Niinimaki <[email protected]>
* modules/websearch/lib/search_engine.py: List initialisation as an
empty list, not None
2008-01-23 Marko Niinimaki <[email protected]>
* modules/bibrank/lib/bibrank_citation_indexer.py: add in
selfcitlist only if the record is not there already
2008-01-23 Samuele Kaplun <[email protected]>
* modules/webaccess/lib/webaccessadmin_lib.py: Fixed 3 bugs (two
introduced during FireRole migration). Ported all run_sql calls to
the new standard run_sql('bla %s', (value, )).
2008-01-23 Samuele Kaplun <[email protected]>
* modules/websubmit/lib/bibdocfile.py,
modules/websubmit/lib/websubmit_webinterface.py,
modules/websearch/lib/search_engine.py,
modules/websearch/lib/websearch_webinterface.py,
modules/webcomment/lib/webcomment_webinterface.py: Improved
security handling WRT collections. Fixed security flaw in which
users were able to visit /record/123/{files, comments, reviews}
even if they were not authorized to the collection to which the
record belonged. Enriched authorization WRT restricted documents by
letting their submitters to display them even when they're not
authorized to the collection. In case of a restricted fulltext
document (with bibdocfile new feature), if the user is authorized
to download the document, then he/she can regardless of the
collection restriction.
2008-01-23 Samuele Kaplun <[email protected]>
* modules/webaccess/lib/access_control_config.py,
modules/websearch/lib/search_engine.py: Added
CFG_ACC_EMAILS_IN_TAGS_AUTHORIZED_TO_VIEW_RECORD, in order to
configure which tags do contain emails of user that should be
authorized to always view a record.
--
CDS Invenio Developers <[email protected]>
