From d4c709cdf216ea78d6f342d759d766db1bc9b397 Mon Sep 17 00:00:00 2001
From: Romain Courteaud <romain@nexedi.com>
Date: Thu, 13 Mar 2008 10:32:40 +0000
Subject: [PATCH] Remove Manager proxy role from Base_createCloneDocument in
 order to prevent information leak. Some improvements may be required on this
 script, as Unauthorized error may happen if one subobject is not traversable
 by the user.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19837 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../erp5_xhtml_style/Base_createCloneDocument.xml             | 4 +---
 product/ERP5/bootstrap/erp5_xhtml_style/bt/revision           | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
index 1f8934348d..e740101fbb 100644
--- a/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
@@ -132,9 +132,7 @@ return new_object.Base_redirect(form_id, \n
         <item>
             <key> <string>_proxy_roles</string> </key>
             <value>
-              <tuple>
-                <string>Manager</string>
-              </tuple>
+              <tuple/>
             </value>
         </item>
         <item>
diff --git a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
index ec52cb80b9..99f9f071dc 100644
--- a/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
+++ b/product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
@@ -1 +1 @@
-501
\ No newline at end of file
+502
\ No newline at end of file
-- 
2.30.9