From 831902111022e6b3c0796b6fa534d4ab636f49f3 Mon Sep 17 00:00:00 2001
From: Nicolas Delaby <nicolas@nexedi.com>
Date: Mon, 17 Nov 2008 16:03:22 +0000
Subject: [PATCH] Password encryption should be managed at _setPassword level
 because Password Tool need to bypass setPassword to avoid SetOwnPassword
 Permission checking.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@24611 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5/Document/Person.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/product/ERP5/Document/Person.py b/product/ERP5/Document/Person.py
index 23fd3bd524..cf60455dba 100644
--- a/product/ERP5/Document/Person.py
+++ b/product/ERP5/Document/Person.py
@@ -192,9 +192,15 @@ class Person(XMLObject):
       if value is not None:
         if not _checkPermission(Permissions.SetOwnPassword, self):
           raise AccessControl_Unauthorized('setPassword')
-        self._setPassword(pw_encrypt(value))
+        self._setPassword(value)
         self.reindexObject()
 
+    def _setPassword(self, value):
+      """
+        Encrypt value
+      """
+      self._baseSetPassword(pw_encrypt(value))
+
     # Time management
     security.declareProtected(Permissions.AccessContentsInformation, 
                               'getAvailableTime')
-- 
2.30.9