Commit f6f5f007 authored by Jérome Perrin's avatar Jérome Perrin

fix accesors security.

Class defined permissions are somtimes given as a permission role, sometimes
directly as a list or as None. We have to make a difference for the cases where
_aq_dynamic returns None and cases where security is set to None


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38475 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent d5090e0b
...@@ -117,10 +117,14 @@ class Setter(Method): ...@@ -117,10 +117,14 @@ class Setter(Method):
roles = getattr(im_self.__class__, name, im_self) roles = getattr(im_self.__class__, name, im_self)
if roles is im_self: if roles is im_self:
roles = im_self._aq_dynamic(name) roles = im_self._aq_dynamic(name)
if roles is None: if roles is None:
return rolesForPermissionOn(None, im_self, ('Manager',), return rolesForPermissionOn(None, im_self, ('Manager',),
'_Modify_portal_content_Permission') '_Modify_portal_content_Permission')
return roles.__of__(im_self) # if roles has an __of__ method, call it explicitly, as the Method
# already has an __of__ method that has been already called at this
# point.
roles = getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
return roles
from Products.CMFCore.Expression import Expression from Products.CMFCore.Expression import Expression
...@@ -196,10 +200,11 @@ class Getter(Method): ...@@ -196,10 +200,11 @@ class Getter(Method):
roles = getattr(im_self.__class__, name, im_self) roles = getattr(im_self.__class__, name, im_self)
if roles is im_self: if roles is im_self:
roles = im_self._aq_dynamic(name) roles = im_self._aq_dynamic(name)
if roles is None: if roles is None:
return rolesForPermissionOn(None, im_self, ('Manager',), return rolesForPermissionOn(None, im_self, ('Manager',),
'_Access_contents_information_Permission') '_Access_contents_information_Permission')
return roles.__of__(im_self) roles = getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
return roles
class Tester(Method): class Tester(Method):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment