[Erp5-report] r30778 - /erp5/trunk/products/CMFActivity/ActivityTool.py

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Nov 19 19:53:51 CET 2009 

Author: leonardo
Date: Thu Nov 19 19:53:49 2009
New Revision: 30778

URL: http://svn.erp5.org?rev=30778&view=rev
Log:
Properly reset security context on activity reactivation

The cold to reactivate an activity could sometimes switch to 'Anonymous User' and not switch back.

Move the user switching logic to inside the 'try' block that restores the user afterwards.

Modified:
    erp5/trunk/products/CMFActivity/ActivityTool.py

Modified: erp5/trunk/products/CMFActivity/ActivityTool.py
URL: http://svn.erp5.org/erp5/trunk/products/CMFActivity/ActivityTool.py?rev=30778&r1=30777&r2=30778&view=diff
==============================================================================
--- erp5/trunk/products/CMFActivity/ActivityTool.py [utf8] (original)
+++ erp5/trunk/products/CMFActivity/ActivityTool.py [utf8] Thu Nov 19 19:53:49 2009
@@ -276,10 +276,10 @@
     else:
       try:
         old_security_manager = getSecurityManager()
-        # Change user if required (TO BE DONE)
-        # We will change the user only in order to execute this method
-        user = self.changeUser(self.user_name, activity_tool)
         try:
+          # Change user if required (TO BE DONE)
+          # We will change the user only in order to execute this method
+          self.changeUser(self.user_name, activity_tool)
           try:
             # XXX: There is no check to see if user is allowed to access
             # that method !
@@ -351,17 +351,16 @@
   def reactivate(self, activity_tool, activity=DEFAULT_ACTIVITY):
     # Reactivate the original object.
     obj= self.getObject(activity_tool)
-    # Change user if required (TO BE DONE)
-    # We will change the user only in order to execute this method
-    current_user = str(_getAuthenticatedUser(self))
-    user = self.changeUser(self.user_name, activity_tool)
+    old_security_manager = getSecurityManager()
     try:
+      # Change user if required (TO BE DONE)
+      # We will change the user only in order to execute this method
+      user = self.changeUser(self.user_name, activity_tool)
       active_obj = obj.activate(activity=activity, **self.activity_kw)
       getattr(active_obj, self.method_id)(*self.args, **self.kw)
     finally:
       # Use again the previous user
-      if user is not None:
-        self.changeUser(current_user, activity_tool)
+      setSecurityManager(old_security_manager)
 
   def setExecutionState(self, is_executed, exc_info=None, log=True, context=None):
     """

More information about the Erp5-report mailing list