From d30536b30ce3873d56d6b34b7e0d85c57fb1cc82 Mon Sep 17 00:00:00 2001
From: Jean-Paul Smets <jp@nexedi.com>
Date: Mon, 26 Feb 2007 21:58:16 +0000
Subject: [PATCH] Do not use security for user lookup.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@13057 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Security/ERP5GroupManager.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/product/ERP5Security/ERP5GroupManager.py b/product/ERP5Security/ERP5GroupManager.py
index 3333a06b77..e08a6fcf65 100644
--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -119,8 +119,8 @@ class ERP5GroupManager(BasePlugin):
         else:
           security_definition_list = mapping_method()
 
-        # get the person from its reference
-        catalog_result = self.portal_catalog(
+        # get the person from its reference - no security check needed
+        catalog_result = self.portal_catalog.unrestrictedSearchResults(
             portal_type="Person", reference=user_name)
         if len(catalog_result) != 1: # we won't proceed with groups
           if len(catalog_result) > 1: # configuration is screwed
@@ -133,8 +133,7 @@ class ERP5GroupManager(BasePlugin):
         person_id = person_object.getId()
 
         # Fetch category values from defined scripts
-        for (method_name, base_category_list) in \
-            security_definition_list:
+        for (method_name, base_category_list) in security_definition_list:
           base_category_list = tuple(base_category_list)
           method = getattr(self, method_name)
           security_category_list = security_category_dict.setdefault(
-- 
2.30.9