Commit b0769165 authored by Jérome Perrin's avatar Jérome Perrin

Prevent getAvailablePropertySheetList and getAvailableConstraintList from...

Prevent getAvailablePropertySheetList and getAvailableConstraintList from returning internal attributes such as _lock and _factory

As zope prevents from creating objects starting with _, we can filter out
attributes whose names starts with "_"
parent 3e88895f
...@@ -636,7 +636,7 @@ class ERP5TypeInformation(XMLObject, ...@@ -636,7 +636,7 @@ class ERP5TypeInformation(XMLObject,
'getAvailablePropertySheetList') 'getAvailablePropertySheetList')
def getAvailablePropertySheetList(self): def getAvailablePropertySheetList(self):
property_sheet_set = set([k for k in PropertySheet.__dict__ property_sheet_set = set([k for k in PropertySheet.__dict__
if not k.startswith('__')]) if not k.startswith('_')])
property_sheet_tool = self.getPortalObject().portal_property_sheets property_sheet_tool = self.getPortalObject().portal_property_sheets
property_sheet_set.update(property_sheet_tool.objectIds()) property_sheet_set.update(property_sheet_tool.objectIds())
...@@ -647,7 +647,7 @@ class ERP5TypeInformation(XMLObject, ...@@ -647,7 +647,7 @@ class ERP5TypeInformation(XMLObject,
'getAvailableConstraintList') 'getAvailableConstraintList')
def getAvailableConstraintList(self): def getAvailableConstraintList(self):
return sorted(k for k in Constraint.__dict__ return sorted(k for k in Constraint.__dict__
if k != 'Constraint' and not k.startswith('__')) if k != 'Constraint' and not k.startswith('_'))
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'getAvailableGroupList') 'getAvailableGroupList')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment