Skip to content

erp5
erp5
Commit 0036c4ba authored by Arnaud Fontaine's avatar Arnaud Fontaine
Browse files
Options

ZODB Components: Only Manager or Developer Role should be able to access... 

ZODB Components: Only Manager or Developer Role should be able to access Component Tools and Components.
parent ff9f05e3
Show whitespace changes
Inline Side-by-side
Showing with 11 additions and 5 deletions
product/ERP5Type/Tool/ComponentTool.py
View file @ 0036c4ba
......@@ -82,12 +82,12 @@ class ComponentTool(BaseTool):
permission_function = lambda self: ('Manager',)
elif permission_name in ('Change permissions', 'Define permissions'):
permission_function = lambda self: ()
elif not (permission_name.startswith('Access ') or
elif (permission_name.startswith('Access ') or
permission_name.startswith('View') or
permission_name.startswith('WebDAV')):
permission_function = lambda self: ('Developer',)
permission_name == 'WebDAV access'):
permission_function = lambda self: ('Developer', 'Manager')
else:
continue
permission_function = lambda self: ('Developer',)
setattr(cls, pname(permission_name), property(permission_function))
......
product/ERP5Type/tests/testDynamicClassGeneration.py
View file @ 0036c4ba
......@@ -1802,6 +1802,12 @@ def bar(*args, **kwargs):
self.tic()
# Anonymous should not even be able to view/access Component Tool
self.failIfUserCanViewDocument(None, self._component_tool)
self.failIfUserCanAccessDocument(None, self._component_tool)
self.failIfUserCanViewDocument(None, component)
self.failIfUserCanAccessDocument(None, component)
user_id = 'ERP5TypeTestCase'
self.assertUserCanChangeLocalRoles(user_id, self._component_tool)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7