Commit b6da6119 authored by Romain Courteaud's avatar Romain Courteaud

Revert r25177, which allows user without any security uid to view all objects.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25179 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 4847a9d8
...@@ -596,10 +596,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): ...@@ -596,10 +596,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
if security_uid_list: if security_uid_list:
query = ComplexQuery(Query(security_uid=security_uid_list, operator='IN'), query = ComplexQuery(Query(security_uid=security_uid_list, operator='IN'),
query, operator='OR') query, operator='OR')
elif security_uid_list: else:
# If security_uid_list is empty, adding it to criterions will only
# result in "false or [...]", so avoid useless overhead by not
# adding it at all.
query = Query(security_uid=security_uid_list, operator='IN') query = Query(security_uid=security_uid_list, operator='IN')
if local_role_column_dict: if local_role_column_dict:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment