In Folder_delete, use...

In Folder_delete, use portal_categories.getRelatedPropertyList(property_name='relative_url') instead of [related_object.getRelativeUrl() for related_object in portal_categories.getRelatedValueList()] to prevent Unauthorized that may happen while getting attribute from related_object in restricted environment.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@23743 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Folder_delete.xml

@@ -70,12 +70,12 @@ REQUEST=context.REQUEST\n
 qs = \'\'\n
 ret_url = \'\'\n
 \n
+getRelatedPropertyList = portal.portal_categories.getRelatedPropertyList\n
 def Object_hasRelation(obj):\n
   # Check if there is some related objets.\n
   result = 0\n
   for o in obj.getIndexableChildValueList():\n
-    for related in obj.portal_categories.getRelatedValueList(o):\n
-      related_url = related.getRelativeUrl()\n
+    for related_url in getRelatedPropertyList(o, property_name=\'relative_url\'):\n
       if related_url.startswith(obj.getRelativeUrl()):\n
         continue\n
       elif related_url.startswith(\'portal_simulation\'):\n
@@ -243,6 +243,7 @@ return REQUEST.RESPONSE.redirect("%s%s" % (ret_url, qs))\n
                             <string>REQUEST</string>
                             <string>qs</string>
                             <string>ret_url</string>
+                            <string>getRelatedPropertyList</string>
                             <string>Object_hasRelation</string>
                             <string>message</string>
                             <string>None</string>

product/ERP5/bootstrap/erp5_core/bt/revision

-962
+963
\ No newline at end of file