[Erp5-report] r21342 - /erp5/trunk/products/ERP5Type/UnrestrictedMethod.py

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Jun 5 11:28:16 CEST 2008


Author: ivan
Date: Thu Jun  5 11:28:16 2008
New Revision: 21342

URL: http://svn.erp5.org?rev=21342&view=rev
Log:
Make UnrestrictedMethod work for Anonymous User.
This is dirty patch.

Modified:
    erp5/trunk/products/ERP5Type/UnrestrictedMethod.py

Modified: erp5/trunk/products/ERP5Type/UnrestrictedMethod.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/UnrestrictedMethod.py?rev=21342&r1=21341&r2=21342&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/UnrestrictedMethod.py (original)
+++ erp5/trunk/products/ERP5Type/UnrestrictedMethod.py Thu Jun  5 11:28:16 2008
@@ -27,6 +27,7 @@
 ##############################################################################
 
 from AccessControl.User import UnrestrictedUser
+from Products.ERP5Security.ERP5UserManager import SUPER_USER
 from AccessControl.SecurityManagement import getSecurityManager, \
         newSecurityManager, setSecurityManager
 
@@ -67,10 +68,18 @@
   def __call__(self, *args, **kw):
     security_manager = getSecurityManager()
     user = security_manager.getUser()
-    if user.getId() is None:
+    isAnonymousUser =  user.getUserName()=='Anonymous User'
+    if user.getId() is None and not isAnonymousUser:
       # This is a special user, thus the user is not allowed to own objects.
       super_user = UnrestrictedUser(user.getUserName(), None,
                                     user.getRoles(), user.getDomains())
+    elif isAnonymousUser:
+      # switch to ERP5 SUPER_USER
+      # XXX: hard-coded username and roles (this is bad but no way we could 
+      # currently get context (i.e. switch to roles of owner of portal)
+      # another possibility is to pass username, roles from outside in constructor
+      super_user = UnrestrictedUser(SUPER_USER, None,
+                                    ('Manager', 'Assignor' ), ('',))
     else:
       uf = user.aq_inner.aq_parent
       # XXX is it better to get roles from the parent (i.e. portal)?




More information about the Erp5-report mailing list