Do not call app() to get access to acl_users.

app() creates a new transactional connection to ZODB, which triggers
scary (although innocuous in this case) connection pool warnings.
Instead, use getSite provided in ERP5 product and filled when
traversing site's portal. Retrieved acl_users object is different, but
this should not matter.
Also, to prevent import loop and to keep this change minimal, do a
local import.

product/ERP5Type/UnrestrictedMethod.py

@@ -30,7 +30,6 @@ from AccessControl.User import UnrestrictedUser
 from AccessControl.SpecialUsers import system
 from AccessControl.SecurityManagement import getSecurityManager, \
         newSecurityManager, setSecurityManager
-from Zope2 import app
 from Products.ERP5Type.Utils import simple_decorator
 
 class PrivilegedUser(UnrestrictedUser):
@@ -86,7 +85,9 @@ def unrestricted_apply(function, args=(), kw={}): # XXX-JPS: naming
         # XXX is it better to get roles from the parent (i.e. portal)?
         uf = user.aq_inner.aq_parent
       except AttributeError:
-        uf = app().acl_users
+        # XXX: local imports are bad, getSite should be moved to ERP5Type.
+        from Products.ERP5.ERP5Site import getSite
+        uf = getSite().acl_users
       role_list = uf.valid_roles()
       if anonymous:
         # If the user is anonymous, use the id of the system user,