Security should be handled by the target document not by the mapped property document.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@33501 20353a03-c40f-0410-a6d1-a30d3c3de9de

Security should be handled by the target document not by the mapped property document.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@33501 20353a03-c40f-0410-a6d1-a30d3c3de9de
12e717d1 · Kazuhiko Shiozaki · e219c994 · 12e717d1
Commit 12e717d1 authored Mar 08, 2010 by Kazuhiko Shiozaki
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

product/ERP5/Document/MappedProperty.py product/ERP5/Document/MappedProperty.py +6 -4

No files found.
--- a/product/ERP5/Document/MappedProperty.py
+++ b/product/ERP5/Document/MappedProperty.py
@@ -49,8 +49,9 @@ class MappedProperty(XMLObject):
                     PropertySheet.CategoryCore,
                     PropertySheet.MappedProperty)

-  security.declareProtected(Permissions.AccessContentsInformation,
-                            'getMappedProperty')
+  # Security should be handled by the target document not by the mapped
+  # property document.
+  security.declarePublic('getMappedProperty')
  def getMappedProperty(self, document, property):
    if property.endswith('_list'):
      property = property[:-5]
@@ -65,8 +66,9 @@ class MappedProperty(XMLObject):
    else:
      return getProperty(mapped_property)

-  security.declareProtected(Permissions.AccessContentsInformation,
-                            'setMappedProperty')
+  # Security should be handled by the target document not by the mapped
+  # property document.
+  security.declarePublic('setMappedProperty')
  def setMappedProperty(self, document, property, value):
    if property.endswith('_list'):
      property = property[:-5]