[Erp5-dev] security-unaware catalog calls
Alexandre Boeglin
alex at nexedi.com
Mon Jan 22 10:35:46 CET 2007
Le samedi 20 janvier 2007 à 15:18 +0100, Jean-Paul Smets a écrit :
> Le samedi 20 janvier 2007 14:20, bartek a écrit :
> > If I am writing a Product class and I need to check something in the
> > portal_catalog, but bypassing security restrictions - is delegation to a
> > Script (Python) with proxy roles the only way to do it, or can it be
> > done from the class?
Using a proxy role will not "bypass security", just allow to define
which role will be used.
> Using proxy roles on scripts does not help since catalog and SQL methods are
> use the user security context.
This was fixed in
http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=11099&view=rev
Alex
More information about the Erp5-dev
mailing list