Skip to content

erp5
erp5
Commit 70cd4b01 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki
Browse files
Options

category testing API should be protected by... 

category testing API should be protected by Permissions.AccessContentsInformation not Permissions.View.
XXX we need more review for other getter methods in Base.py.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@31601 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 7fb3218d
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 3 deletions
product/CMFCategory/Category.py
View file @ 70cd4b01
......@@ -689,7 +689,7 @@ class Category(Folder):
"""
return '/'.join(self.portal_url.getRelativeContentPath(self)[1:])
security.declareProtected( Permissions.View, 'isMemberOf' )
security.declareProtected( Permissions.AccessContentsInformation, 'isMemberOf' )
def isMemberOf(self, category, **kw):
"""
Tests if an object if member of a given category
......
product/ERP5Type/Base.py
View file @ 70cd4b01
......@@ -2405,14 +2405,14 @@ class Base( CopyContainer,
self._getCategoryTool()._cleanupCategories()
# Category testing
security.declareProtected( Permissions.View, 'isMemberOf' )
security.declareProtected( Permissions.AccessContentsInformation, 'isMemberOf' )
def isMemberOf(self, category, **kw):
"""
Tests if an object if member of a given category
"""
return self._getCategoryTool().isMemberOf(self, category, **kw)
security.declareProtected( Permissions.View, 'isAcquiredMemberOf' )
security.declareProtected( Permissions.AccessContentsInformation, 'isAcquiredMemberOf' )
def isAcquiredMemberOf(self, category):
"""
Tests if an object if member of a given category
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7