Commit b717db2c by Jérome Perrin

notification_tool: fix Unauthorized when sending message to person user cannot access

1 parent 65ca95b6
......@@ -288,7 +288,7 @@ class NotificationTool(BaseTool):
searchUsers = self.acl_users.searchUsers
def getUserValueByUserId(user_id):
user, = searchUsers(id=user_id, exact_match=True)
return portal.restrictedTraverse(user['path'])
return portal.unrestrictedTraverse(user['path'])
if notifier_list is None:
# XXX TODO: Use priority_level. Need to implement default notifier query system.
......@@ -485,6 +485,29 @@ Yes, I will go."""
def stepCheckNotificationWithoutPermissionOnRecipient(self, sequence=None):
Check that notification is send by user who cannot see recipient
recipient=sequence['user_a_id'], subject='Subject', message='Message')
last_message = self.portal.MailHost._last_message
self.assertNotEquals((), last_message)
def test_permission_on_recipient_not_needed(self):
"""Notification Tool can be used to send Messages even when user does not
have permission on sender or recipent documents.
sequence_list = SequenceList()
sequence_string = '\
AddUserA \
Tic \
CheckNotificationWithoutPermissionOnRecipient \
class TestNotificationToolWithCRM(TestNotificationTool):
"""Make sure that notification tool works with crm"""
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!