[Erp5-dev] owner in catalog and security
Jérome Perrin
jerome at nexedi.com
Fri Aug 17 18:58:33 CEST 2007
bartek a écrit :
> Jérome Perrin wrote:
>> bartek a écrit :
>>> I think I see where the problem comes from: Owner role has View
>>> permission, yes, but I don't have this role, somebody else has it. So
>>> the problem with getViewPermissionOwner is that if Owner role has
>>> View permission it returns the user who created the object, NOT the
>>> user who currently has the Owner local role.
>>
>> Yes, being the owner and having an Owner local role in zope is
>> different things. So this method does not support the case where the
>> owner does not have an Owner local role.
>> Maybe we should simply check that the owner has the view permission,
>> like in this attached patch ?
>
> I applied the patch, reindexed, and everything is fine. Thanks. Will you
> commit it?
OK thanks. I just checked it in.
Jérome
More information about the Erp5-dev
mailing list