Commit 7627bbe0 authored by Jean-Paul Smets's avatar Jean-Paul Smets

Add security declarations for the class and make the __call__ permission...

Add security declarations for the class and make the __call__ permission consistent with the view and list permissions.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12063 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 38053180
......@@ -386,8 +386,11 @@ class Base( CopyContainer,
aq_preference_generated = 0
# FIXME: Preference should not be included in ERP5Type
# Declarative security
# Declarative security - in ERP5 we use AccessContentsInformation to
# define the right of accessing content properties as opposed
# to view which is the right to view the object with a form
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
# Declarative properties
property_sheets = ( PropertySheet.Base, )
......@@ -1847,12 +1850,17 @@ class Base( CopyContainer,
except TypeError:
return None
# Default views
# Default views - the default security in CMFCore
# is View - however, security was not defined on
# __call__ - to be consistent, between view and
# __call__ we have to define permission here to View
security.declareProtected(Permissions.View, '__call__')
security.declareProtected(Permissions.View, 'list')
def list(self,reset=0):
'''
"""
Returns the default list even if folder_contents is overridden.
'''
"""
list_action = _getViewFor(self, view='list')
if getattr(aq_base(list_action), 'isDocTemp', 0):
return apply(list_action, (self, self.REQUEST),reset=reset)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment