From d4c709cdf216ea78d6f342d759d766db1bc9b397 Mon Sep 17 00:00:00 2001 From: Romain Courteaud <romain@nexedi.com> Date: Thu, 13 Mar 2008 10:32:40 +0000 Subject: [PATCH] Remove Manager proxy role from Base_createCloneDocument in order to prevent information leak. Some improvements may be required on this script, as Unauthorized error may happen if one subobject is not traversable by the user. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19837 20353a03-c40f-0410-a6d1-a30d3c3de9de --- .../erp5_xhtml_style/Base_createCloneDocument.xml | 4 +--- product/ERP5/bootstrap/erp5_xhtml_style/bt/revision | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml index 1f8934348d..e740101fbb 100644 --- a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml +++ b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml @@ -132,9 +132,7 @@ return new_object.Base_redirect(form_id, \n <item> <key> <string>_proxy_roles</string> </key> <value> - <tuple> - <string>Manager</string> - </tuple> + <tuple/> </value> </item> <item> diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision index ec52cb80b9..99f9f071dc 100644 --- a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision +++ b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision @@ -1 +1 @@ -501 \ No newline at end of file +502 \ No newline at end of file -- 2.30.9