Commit c282fa8a authored by Yoshinori Okuji's avatar Yoshinori Okuji

Do not set a permission in a constructor. This is managed by Add portal contents.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@1384 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 278bebf3
...@@ -472,7 +472,8 @@ def importLocalDocument(class_id, document_path = None): ...@@ -472,7 +472,8 @@ def importLocalDocument(class_id, document_path = None):
setattr(Products.ERP5Type.Document, document_constructor_name, document_constructor) setattr(Products.ERP5Type.Document, document_constructor_name, document_constructor)
setDefaultClassProperties(document_class) setDefaultClassProperties(document_class)
pr=PermissionRole(document_class.add_permission, default_permission) pr=PermissionRole(document_class.add_permission, default_permission)
document_constructor.__roles__ = pr # There used to be security breach which was fixed (None replaced by pr) #document_constructor.__roles__ = pr # There used to be security breach which was fixed (None replaced by pr)
document_constructor.__roles__ = None # Anyone can add XXX
InitializeClass(document_class) InitializeClass(document_class)
f.close() f.close()
# Temp documents are created as standard classes with a different constructor # Temp documents are created as standard classes with a different constructor
...@@ -519,7 +520,8 @@ def importLocalDocument(class_id, document_path = None): ...@@ -519,7 +520,8 @@ def importLocalDocument(class_id, document_path = None):
m[initial.__name__]=manage_addContentForm m[initial.__name__]=manage_addContentForm
m[initial.__name__+'__roles__']=pr m[initial.__name__+'__roles__']=pr
for method in constructors[1:]: for method in constructors[1:]:
if type(method) is type((1,2)): name, method = method if type(method) is type((1,2)):
name, method = method
else: else:
name=os.path.split(method.__name__)[-1] name=os.path.split(method.__name__)[-1]
if name != 'factory_type_information': if name != 'factory_type_information':
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment