From b6da61192b7d4b4f96d98a10973288ce8d95344b Mon Sep 17 00:00:00 2001 From: Romain Courteaud <romain@nexedi.com> Date: Mon, 19 Jan 2009 17:09:37 +0000 Subject: [PATCH] Revert r25177, which allows user without any security uid to view all objects. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@25179 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Catalog/CatalogTool.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index 873cec696a..044fb26de4 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -596,10 +596,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject): if security_uid_list: query = ComplexQuery(Query(security_uid=security_uid_list, operator='IN'), query, operator='OR') - elif security_uid_list: - # If security_uid_list is empty, adding it to criterions will only - # result in "false or [...]", so avoid useless overhead by not - # adding it at all. + else: query = Query(security_uid=security_uid_list, operator='IN') if local_role_column_dict: -- 2.30.9