Commit ef25a671 authored by iv's avatar iv

ERP5Workflow: use Nexedi patched version of guard check

this will allow the use of proxy_roles
fixes, among others, broken tests on packing list
parent 40f1a34a
...@@ -35,12 +35,24 @@ class GuardableMixin(object): ...@@ -35,12 +35,24 @@ class GuardableMixin(object):
self.guard_permission or self.guard_role self.guard_permission or self.guard_role
def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw): def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
"""Checks conditions in this guard. """
Checks conditions in this guard.
original source code from DCWorkflow (Nexedi patched version for use of
proxy_roles)
""" """
user_roles = None user_roles = None
def getRoles():
stack = security_manager._context.stack
if stack:
proxy_roles = getattr(stack[-1], '_proxy_roles', None)
if proxy_roles:
return proxy_roles
return security_manager.getUser().getRolesInContext(current_object)
if workflow.manager_bypass: if workflow.manager_bypass:
# Possibly bypass. # Possibly bypass.
user_roles = security_manager.getUser().getRolesInContext(current_object) user_roles = getRoles()
if 'Manager' in user_roles: if 'Manager' in user_roles:
return True return True
if self.guard_permission: if self.guard_permission:
...@@ -52,8 +64,7 @@ class GuardableMixin(object): ...@@ -52,8 +64,7 @@ class GuardableMixin(object):
if check_roles and self.guard_role: if check_roles and self.guard_role:
# Require at least one of the given roles. # Require at least one of the given roles.
if user_roles is None: if user_roles is None:
user_roles = security_manager.getUser()\ user_roles = getRoles()
.getRolesInContext(current_object)
for role in self.guard_role: for role in self.guard_role:
if role in user_roles: if role in user_roles:
break break
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment