[Erp5-report] r25757 - /erp5/trunk/products/ERP5Security/ERP5UserFactory.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Mar 2 03:23:45 CET 2009
Author: yusei
Date: Mon Mar 2 03:23:44 2009
New Revision: 25757
URL: http://svn.erp5.org?rev=25757&view=rev
Log:
Fixed a bug which allows publishing even if user does not have appropriate role.This problem happens when published object is not a subclass of ERP5Type.Base. (ex. Accessor method object, etc.)
Modified:
erp5/trunk/products/ERP5Security/ERP5UserFactory.py
Modified: erp5/trunk/products/ERP5Security/ERP5UserFactory.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Security/ERP5UserFactory.py?rev=25757&r1=25756&r2=25757&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Security/ERP5UserFactory.py [utf8] (original)
+++ erp5/trunk/products/ERP5Security/ERP5UserFactory.py [utf8] Mon Mar 2 03:23:44 2009
@@ -157,8 +157,8 @@
return 0
# patch by Klaus for LocalRole blocking
- if getattr(object, '_getAcquireLocalRoles', None) is not None:
- if not object._getAcquireLocalRoles():
+ if getattr(inner_obj, '_getAcquireLocalRoles', None) is not None:
+ if not inner_obj._getAcquireLocalRoles():
break
inner = aq_inner( inner_obj )
More information about the Erp5-report
mailing list