[Erp5-report] r24611 - /erp5/trunk/products/ERP5/Document/Person.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Nov 17 17:03:24 CET 2008
Author: nicolas
Date: Mon Nov 17 17:03:22 2008
New Revision: 24611
URL: http://svn.erp5.org?rev=24611&view=rev
Log:
Password encryption should be managed at _setPassword level
because Password Tool need to bypass setPassword to avoid SetOwnPassword Permission checking.
Modified:
erp5/trunk/products/ERP5/Document/Person.py
Modified: erp5/trunk/products/ERP5/Document/Person.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/Document/Person.py?rev=24611&r1=24610&r2=24611&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/Document/Person.py [utf8] (original)
+++ erp5/trunk/products/ERP5/Document/Person.py [utf8] Mon Nov 17 17:03:22 2008
@@ -192,8 +192,14 @@
if value is not None:
if not _checkPermission(Permissions.SetOwnPassword, self):
raise AccessControl_Unauthorized('setPassword')
- self._setPassword(pw_encrypt(value))
+ self._setPassword(value)
self.reindexObject()
+
+ def _setPassword(self, value):
+ """
+ Encrypt value
+ """
+ self._baseSetPassword(pw_encrypt(value))
# Time management
security.declareProtected(Permissions.AccessContentsInformation,
More information about the Erp5-report
mailing list