From fc3ca9ffb4b69414b4f898f3525fbcc8ff563762 Mon Sep 17 00:00:00 2001 From: Romain Courteaud <romain@nexedi.com> Date: Thu, 28 Sep 2006 12:27:44 +0000 Subject: [PATCH] Catalog security is based on the permission on 'View' and not on 'Access Content Permission', which was a major error. Catalog is designed to be used with the user interface, and every object returned by portal_catalog should be viewable. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10394 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Catalog/CatalogTool.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py index c40bb7a070..bfd17805d6 100644 --- a/product/ERP5Catalog/CatalogTool.py +++ b/product/ERP5Catalog/CatalogTool.py @@ -95,7 +95,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper): withnuxgroups = getSecurityProduct(ob.acl_users)\ == SECURITY_USING_NUX_USER_GROUPS allowed = {} - for r in rolesForPermissionOn('Access contents information', ob): + for r in rolesForPermissionOn('View', ob): allowed[r] = 1 if withnuxgroups: localroles = mergedLocalRoles(ob, withgroups=1) -- 2.30.9