Allow HTMLRequest.batch to filter on other permissions than "View"...

...(e.g. on the new "Search" permission") by adding a "permission"
parameter. Thanks to Eli Collins for the patch. Closes issue2550699.

Author: Ralf Schlatterbeck

CHANGES.txt

@@ -12,6 +12,9 @@ Features:
 - PostgreSQL backend minor improvement: database creation less likely to fail
   for PostgreSQL versions >= 8.1 as the table "postgres" is used by default.
   Closes issue2550543. Thanks to Kai Storbeck for the patch. (Bernhard Reiter)
+- Allow HTMLRequest.batch to filter on other permissions than "View"
+  (e.g. on the new "Search" permission") by adding a "permission"
+  parameter. Thanks to Eli Collins for the patch. Closes issue2550699.
 
 Fixed:
 

roundup/cgi/templating.py

@@ -2718,7 +2718,7 @@ def base_javascript(self):
 </script>
 """%self.base
 
-    def batch(self):
+    def batch(self, permission='View'):
         """ Return a batch object for results from the "current search"
         """
         check = self._client.db.security.hasPermission
@@ -2744,7 +2744,7 @@ def batch(self):
 
         # filter for visibility
         l = [id for id in klass.filter(matches, filterspec, sort, group)
-            if check('View', userid, self.classname, itemid=id)]
+            if check(permission, userid, self.classname, itemid=id)]
 
         # return the batch object, using IDs only
         return Batch(self.client, l, self.pagesize, self.startwith,