[Erp5-dev] Catalog security is based on the permission View
Romain Courteaud
romain at nexedi.com
Thu Sep 28 14:39:16 CEST 2006
Hi all,
When you update ERP5Catalog, do not forget to reindex your site completely.
All objects returned by portal_catalog should be 'clickable' to the user, and
that's why we have to use the permission 'View'.
Romain
Le Jeudi 28 Septembre 2006 14:27, nobody at svn.erp5.org a écrit :
> Author: romain
> Date: Thu Sep 28 14:27:44 2006
> New Revision: 10394
>
> URL: http://svn.erp5.org?rev=10394&view=rev
> Log:
> Catalog security is based on the permission on 'View' and not on 'Access
> Content Permission', which was a major error. Catalog is designed to be
> used with the user interface, and every object returned by portal_catalog
> should be viewable.
>
> Modified:
> erp5/trunk/products/ERP5Catalog/CatalogTool.py
>
> Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
> URL:
> http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=1039
>4&r1=10393&r2=10394&view=diff
> ===========================================================================
>=== --- erp5/trunk/products/ERP5Catalog/CatalogTool.py (original)
> +++ erp5/trunk/products/ERP5Catalog/CatalogTool.py Thu Sep 28 14:27:44 2006
> @@ -95,7 +95,7 @@
> withnuxgroups = getSecurityProduct(ob.acl_users)\
> == SECURITY_USING_NUX_USER_GROUPS
> allowed = {}
> - for r in rolesForPermissionOn('Access contents information', ob):
> + for r in rolesForPermissionOn('View', ob):
> allowed[r] = 1
> if withnuxgroups:
> localroles = mergedLocalRoles(ob, withgroups=1)
>
> _______________________________________________
> Erp5-report mailing list
> Erp5-report at erp5.org
> http://www.erp5.org/mailman/listinfo/erp5-report
More information about the Erp5-dev
mailing list