equal
deleted
inserted
replaced
11 |
11 |
12 from copy import copy |
12 from copy import copy |
13 |
13 |
14 from simplejson import dumps |
14 from simplejson import dumps |
15 |
15 |
16 from logilab.mtconverter import html_escape |
16 from logilab.mtconverter import xml_escape |
17 |
17 |
18 from cubicweb.selectors import (match_kwargs, one_line_rset, non_final_entity, |
18 from cubicweb.selectors import (match_kwargs, one_line_rset, non_final_entity, |
19 specified_etype_implements, yes) |
19 specified_etype_implements, yes) |
20 from cubicweb.utils import make_uid |
20 from cubicweb.utils import make_uid |
21 from cubicweb.view import EntityView |
21 from cubicweb.view import EntityView |
36 def toggleable_relation_link(eid, nodeid, label='x'): |
36 def toggleable_relation_link(eid, nodeid, label='x'): |
37 """return javascript snippet to delete/undelete a relation between two |
37 """return javascript snippet to delete/undelete a relation between two |
38 entities |
38 entities |
39 """ |
39 """ |
40 js = u"javascript: togglePendingDelete('%s', %s);" % ( |
40 js = u"javascript: togglePendingDelete('%s', %s);" % ( |
41 nodeid, html_escape(dumps(eid))) |
41 nodeid, xml_escape(dumps(eid))) |
42 return u'[<a class="handle" href="%s" id="handle%s">%s</a>]' % ( |
42 return u'[<a class="handle" href="%s" id="handle%s">%s</a>]' % ( |
43 js, nodeid, label) |
43 js, nodeid, label) |
44 |
44 |
45 |
45 |
46 class DeleteConfForm(FormViewMixIn, EntityView): |
46 class DeleteConfForm(FormViewMixIn, EntityView): |
106 if not entity.has_perm('update'): |
106 if not entity.has_perm('update'): |
107 self.w(value) |
107 self.w(value) |
108 return |
108 return |
109 else: |
109 else: |
110 rset = entity.related(rtype, role) |
110 rset = entity.related(rtype, role) |
111 # XXX html_escape but that depends of the actual vid |
111 # XXX xml_escape but that depends of the actual vid |
112 value = html_escape(self.view(vid, rset, 'null') or default) |
112 value = xml_escape(self.view(vid, rset, 'null') or default) |
113 # XXX consider local roles ? |
113 # XXX consider local roles ? |
114 if role == 'subject'and not rschema.has_perm(self.req, 'add', |
114 if role == 'subject'and not rschema.has_perm(self.req, 'add', |
115 fromeid=entity.eid): |
115 fromeid=entity.eid): |
116 self.w(value) |
116 self.w(value) |
117 return |
117 return |