From d30536b30ce3873d56d6b34b7e0d85c57fb1cc82 Mon Sep 17 00:00:00 2001 From: Jean-Paul Smets <jp@nexedi.com> Date: Mon, 26 Feb 2007 21:58:16 +0000 Subject: [PATCH] Do not use security for user lookup. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@13057 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Security/ERP5GroupManager.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/product/ERP5Security/ERP5GroupManager.py b/product/ERP5Security/ERP5GroupManager.py index 3333a06b77..e08a6fcf65 100644 --- a/product/ERP5Security/ERP5GroupManager.py +++ b/product/ERP5Security/ERP5GroupManager.py @@ -119,8 +119,8 @@ class ERP5GroupManager(BasePlugin): else: security_definition_list = mapping_method() - # get the person from its reference - catalog_result = self.portal_catalog( + # get the person from its reference - no security check needed + catalog_result = self.portal_catalog.unrestrictedSearchResults( portal_type="Person", reference=user_name) if len(catalog_result) != 1: # we won't proceed with groups if len(catalog_result) > 1: # configuration is screwed @@ -133,8 +133,7 @@ class ERP5GroupManager(BasePlugin): person_id = person_object.getId() # Fetch category values from defined scripts - for (method_name, base_category_list) in \ - security_definition_list: + for (method_name, base_category_list) in security_definition_list: base_category_list = tuple(base_category_list) method = getattr(self, method_name) security_category_list = security_category_dict.setdefault( -- 2.30.9