Rename _setPasswordByForce to __setPasswordByForce and edit method cannot call it.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@26886 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5/Document/Person.py

@@ -207,7 +207,7 @@ class Person(XMLObject):
     # public method(They are callable from user directly or through edit method)
     # _setPasswordByForce is needed to reset password without security check
     # by Password Tool.
-    def _setPasswordByForce(self, value):
+    def __setPasswordByForce(self, value):
       self.password = PersistentMapping()
       self._setEncodedPassword(pw_encrypt(value))
 
@@ -215,7 +215,7 @@ class Person(XMLObject):
       if not _checkPermission(Permissions.SetOwnPassword, self):
         raise AccessControl_Unauthorized('setPassword')
       else:
-        self._setPasswordByForce(value)
+        self.__setPasswordByForce(value)
 
     security.declarePublic('setPassword')
     def setPassword(self, value) :

product/ERP5/Tool/PasswordTool.py

@@ -200,7 +200,11 @@ class PasswordTool(BaseTool):
     self.password_request_dict.pop(password_key)
     persons = self.acl_users.erp5_users.getUserByLogin(user_login)              
     person = persons[0]
-    person._setPasswordByForce(password)
+    # Calling private method starts with __ from outside is normally BAD,
+    # but if we leave the method as a normal method starts with _ and follow
+    # our naming convention, then the method can be callable through edit
+    # method without appropriate permission check and then security breaks.
+    person._Person__setPasswordByForce(password)
     person.reindexObject()
     if REQUEST is not None:
       msg = translateString("Password changed.")

product/ERP5/tests/testPerson.py

@@ -145,6 +145,10 @@ class TestPerson(ERP5TypeTestCase):
     # specific permission.
     p.setPassword(None)
     self.assertFalse(p.getPassword())
+    # Make sure that edit method cannot call __setPasswordByForce and nothing
+    # changes.
+    p.edit(password_by_force='waaa')
+    self.assertFalse(p.getPassword())
 
     p.manage_permission(Permissions.SetOwnPassword, ['Anonymous'], 0)
     p.setPassword('secret')