A bit more clever action condition(even though logged in user may not

modify Person object it can still unblock it if it has access to system events).

A bit more clever action condition(even though logged in user may not
modify Person object it can still unblock it if it has access to system events).
425d821b · Ivan Tyagov · 587fcaec · 425d821b · 425d821b
Commit 425d821b authored Aug 17, 2011 by Ivan Tyagov
2 changed files
--- a/bt5/erp5_authentication_policy/ActionTemplateItem/portal_types/Person/unblock_user_login.xml
+++ b/bt5/erp5_authentication_policy/ActionTemplateItem/portal_types/Person/unblock_user_login.xml
@@ -26,7 +26,9 @@
        </item>
        <item>
            <key> <string>condition</string> </key>
-            <value> <string></string> </value>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
        </item>
        <item>
            <key> <string>description</string> </key>
@@ -44,7 +46,7 @@
            <key> <string>permissions</string> </key>
            <value>
              <tuple>
-                <string>Modify portal content</string>
+                <string>View</string>
              </tuple>
            </value>
        </item>
@@ -80,4 +82,17 @@
      </dictionary>
    </pickle>
  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="Expression" module="Products.CMFCore.Expression"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>python: here.portal_membership.checkPermission("Access contents information", here.system_event_module)</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
 </ZopeData>
--- a/bt5/erp5_authentication_policy/bt/revision
+++ b/bt5/erp5_authentication_policy/bt/revision
-14
\ No newline at end of file
+15
\ No newline at end of file