Commit d6e5356e authored by wenjie.zheng's avatar wenjie.zheng

Transition.py: a more robust guard which avoid anonymous user doing whatever...

Transition.py: a more robust guard which avoid anonymous user doing whatever in URL. Now if guard is None, getGuard will give all roles except Anonymous to guard.
parent 9b33c55d
......@@ -88,17 +88,15 @@ class Transition(IdAsReferenceMixin("transition_", "prefix"), XMLObject):
return res
def getGuard(self):
if self.getRoleList() is None and\
self.getPermissionList() is None and\
self.getGroupList() is None and\
self.getExpression() is None and\
self.guard is None:
return Guard().__of__(self)
elif self.guard is None:
self.generateGuard()
if not self.guard.roles or self.guard.roles == []:
reasonable_roles = self.getParent().getManagedRoleList()
reasonable_roles.remove('Anonymous')
self.guard.roles = reasonable_roles
return self.guard
def generateGuard(self):
if self.guard is None:
self.guard = Guard()
if self.getRoleList() is not None:
self.guard.roles = self.getRoleList()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment