From 5348b48f4d785b0aea694d1347b4d80e86d86a98 Mon Sep 17 00:00:00 2001
From: Ivan Tyagov <ivan@nexedi.com>
Date: Fri, 27 Jan 2012 09:02:48 +0200
Subject: [PATCH] ERP5 SUPER_USER is always allowed (still it is never allowed
 to login -i.e. authenticated as it is used in some special cases like
 security calculation when no restrictions should exists).

---
 product/ERP5Security/ERP5UserFactory.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/product/ERP5Security/ERP5UserFactory.py b/product/ERP5Security/ERP5UserFactory.py
index 242f88012c..5c4868ce6c 100644
--- a/product/ERP5Security/ERP5UserFactory.py
+++ b/product/ERP5Security/ERP5UserFactory.py
@@ -26,6 +26,7 @@ from Products.PluggableAuthService.interfaces.plugins import IUserFactoryPlugin
 from Products.PluggableAuthService.PropertiedUser import PropertiedUser
 from Products.PluggableAuthService.PropertiedUser import \
                                             _what_not_even_god_should_do
+from Products.ERP5Security.ERP5UserManager import SUPER_USER
 
 manage_addERP5UserFactoryForm = PageTemplateFile(
     'www/ERP5Security_addERP5UserFactory', globals(),
@@ -99,6 +100,10 @@ class ERP5User(PropertiedUser):
       As for getRolesInContext, we take into account _getAcquireLocalRoles for
       ERP5.
       """
+      if self.getUserName() == SUPER_USER:
+        # super user is allowed to any object
+        return 1
+
       if object_roles is _what_not_even_god_should_do:
         return 0
 
-- 
2.30.9