[Erp5-report] r24836 - in /erp5/trunk/bt5/erp5_base: SkinTemplateItem/portal_skins/erp5_bas...

nobody at svn.erp5.org nobody at svn.erp5.org
Mon Dec 8 17:32:36 CET 2008 

Author: romain
Date: Mon Dec  8 17:32:33 2008
New Revision: 24836

URL: http://svn.erp5.org?rev=24836&view=rev
Log:
Prevent Unauthorized error as getToolByName returns tool, even if user can not access the tool

Modified:
    erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_createNewFile.xml
    erp5/trunk/bt5/erp5_base/bt/revision

Modified: erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_createNewFile.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_createNewFile.xml?rev=24836&r1=24835&r2=24836&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_createNewFile.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/SkinTemplateItem/portal_skins/erp5_base/Base_createNewFile.xml [utf8] Mon Dec  8 17:32:33 2008
@@ -57,6 +57,7 @@
 from Products.CMFCore.utils import getToolByName\n
 \n
 if file.filename not in [\'\', None]:\n
+  portal = context.getPortalObject()\n
 \n
   document_new_content_kw = {\n
     \'file\': file,\n
@@ -71,7 +72,7 @@
     \'description\': description,\n
   }\n
 \n
-  container = getToolByName(context.getPortalObject(), \'portal_contributions\', None)\n
+  container = getToolByName(portal, \'portal_contributions\', None)\n
   # Do not redirect when using portal_contributions, in order to prevent\n
   # conflict with automatic metadata detection\n
   redirect = 0\n
@@ -84,8 +85,7 @@
     if portal_type not in [\'%s\' % x.id for x in container.allowedContentTypes()]:\n
       is_authorized = 0\n
 \n
-  if not context.Base_checkPermission(container.getRelativeUrl(),\n
-                                      \'Add portal content\'):\n
+  if not portal.portal_membership.checkPermission(\'Add portal content\', container):\n
     is_authorized = 0\n
 \n
   if not is_authorized:\n
@@ -157,6 +157,7 @@
                             <string>Products.CMFCore.utils</string>
                             <string>getToolByName</string>
                             <string>None</string>
+                            <string>portal</string>
                             <string>document_new_content_kw</string>
                             <string>document_edit_kw</string>
                             <string>container</string>

Modified: erp5/trunk/bt5/erp5_base/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_base/bt/revision?rev=24836&r1=24835&r2=24836&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_base/bt/revision [utf8] (original)
+++ erp5/trunk/bt5/erp5_base/bt/revision [utf8] Mon Dec  8 17:32:33 2008
@@ -1,1 +1,1 @@
-488
+489

More information about the Erp5-report mailing list