use UnrestrictedMethod's super user instead of ad-hoc SUPER_USER. Squashed commit of the following:
commit 2ba8fb59b67cda4a35bda5ee809ac0dd6af40d84 Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Fri Jun 1 23:26:30 2012 +0200 if the activity is called by super user, it should be invoked with the same permission as UnrestrictedMethod. commit f63c2e8625934d0a5a056e933f4c7215098bfa1b Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Fri Jun 1 15:58:41 2012 +0200 use UnrestrictedMethod's super user instead of ad-hoc SUPER_USER. commit 965460b092967bc3ada3ee7268e1f942fc770efd Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Fri Jun 1 15:57:45 2012 +0200 security query for super user should be simply empty. commit 6d519b78f52f1a631d6663ee5594ae92a0730cc3 Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Fri Jun 1 15:37:33 2012 +0200 support both ERP5Security's SUPER_USER and UnrestrictedMethod's super user. commit 21431518b821a5e2756caad5393fc746bed79d36 Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Fri Jun 1 15:32:45 2012 +0200 make sure that SUPER_USER can access the object explicitly, that can be required with erp5_web. commit 63279ac74cbb40e520da36571927bfdee5af5e05 Author: Kazuhiko Shiozaki <kazuhiko@nexedi.com> Date: Fri Jun 1 15:27:00 2012 +0200 use UnrestrictedMethod instead of ad-hoc SUPER_USER, still keeping SUPER_USER for compatibility.
Showing
Please register or sign in to comment