Commit b717db2c by Jérome Perrin

notification_tool: fix Unauthorized when sending message to person user cannot access

1 parent 65ca95b6
......@@ -288,7 +288,7 @@ class NotificationTool(BaseTool):
searchUsers = self.acl_users.searchUsers
def getUserValueByUserId(user_id):
user, = searchUsers(id=user_id, exact_match=True)
return portal.restrictedTraverse(user['path'])
return portal.unrestrictedTraverse(user['path'])
if notifier_list is None:
# XXX TODO: Use priority_level. Need to implement default notifier query system.
......
......@@ -485,6 +485,29 @@ Yes, I will go."""
sequence_list.addSequenceString(sequence_string)
sequence_list.play(self)
def stepCheckNotificationWithoutPermissionOnRecipient(self, sequence=None):
"""
Check that notification is send by user who cannot see recipient
"""
self.logout()
self.portal.portal_notifications.sendMessage(
recipient=sequence['user_a_id'], subject='Subject', message='Message')
last_message = self.portal.MailHost._last_message
self.assertNotEquals((), last_message)
def test_permission_on_recipient_not_needed(self):
"""Notification Tool can be used to send Messages even when user does not
have permission on sender or recipent documents.
"""
sequence_list = SequenceList()
sequence_string = '\
AddUserA \
Tic \
CheckNotificationWithoutPermissionOnRecipient \
'
sequence_list.addSequenceString(sequence_string)
sequence_list.play(self)
class TestNotificationToolWithCRM(TestNotificationTool):
"""Make sure that notification tool works with crm"""
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!