From fc3ca9ffb4b69414b4f898f3525fbcc8ff563762 Mon Sep 17 00:00:00 2001
From: Romain Courteaud <romain@nexedi.com>
Date: Thu, 28 Sep 2006 12:27:44 +0000
Subject: [PATCH] Catalog security is based on the permission on 'View' and not
 on 'Access Content Permission', which was a major error. Catalog is designed
 to be used with the user interface, and every object returned by
 portal_catalog should be viewable.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10394 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Catalog/CatalogTool.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index c40bb7a070..bfd17805d6 100644
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -95,7 +95,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
         withnuxgroups = getSecurityProduct(ob.acl_users)\
                               == SECURITY_USING_NUX_USER_GROUPS
         allowed = {}
-        for r in rolesForPermissionOn('Access contents information', ob):
+        for r in rolesForPermissionOn('View', ob):
           allowed[r] = 1
         if withnuxgroups:
           localroles = mergedLocalRoles(ob, withgroups=1)
-- 
2.30.9