[Erp5-report] r10394 - /erp5/trunk/products/ERP5Catalog/CatalogTool.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Sep 28 14:27:45 CEST 2006
Author: romain
Date: Thu Sep 28 14:27:44 2006
New Revision: 10394
URL: http://svn.erp5.org?rev=10394&view=rev
Log:
Catalog security is based on the permission on 'View' and not on 'Access Content Permission', which was a major error.
Catalog is designed to be used with the user interface, and every object returned by portal_catalog should be viewable.
Modified:
erp5/trunk/products/ERP5Catalog/CatalogTool.py
Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=10394&r1=10393&r2=10394&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/CatalogTool.py (original)
+++ erp5/trunk/products/ERP5Catalog/CatalogTool.py Thu Sep 28 14:27:44 2006
@@ -95,7 +95,7 @@
withnuxgroups = getSecurityProduct(ob.acl_users)\
== SECURITY_USING_NUX_USER_GROUPS
allowed = {}
- for r in rolesForPermissionOn('Access contents information', ob):
+ for r in rolesForPermissionOn('View', ob):
allowed[r] = 1
if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1)
More information about the Erp5-report
mailing list