will be down from Thursday, 20 March 2025, 07:30:00 UTC for a duration of approximately 2 hours

Commit 77259dea authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_web_renderjs_ui: user can login even has no access permission on it's person document

parent 87584248
......@@ -917,7 +917,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
# Handle also other kind of users: instance, computer, master
person = portal.portal_membership.getAuthenticatedMember().getUserValue()
if person is not None:
if person is not None and portal.portal_membership.checkPermission('View', person):
result_dict['_links']['me'] = {
"href": default_document_uri_template % {
"root_url": site_root.absolute_url(),
......@@ -40,7 +40,7 @@ else:
person = portal.portal_membership.getAuthenticatedMember().getUserValue()
url_parameter = ""
pattern = '{[&|?]%s}' % url_parameter
if (person is None):
if (person is None or not portal.portal_membership.checkPermission('View', person)):
came_from = re.sub(pattern, '', came_from)
prefix = "&" if "&%s" % url_parameter in came_from else "?"
......@@ -227,12 +227,18 @@
<!--As the user don't have access to anything(no assignment), he come back to login page -->
<!--User can access even has no access to it's person document -->
\ No newline at end of file
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment