fix accesors security.

Class defined permissions are somtimes given as a permission role, sometimes directly as a list or as None. We have to make a difference for the cases where _aq_dynamic returns None and cases where security is set to None git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38475 20353a03-c40f-0410-a6d1-a30d3c3de9de

fix accesors security.
Class defined permissions are somtimes given as a permission role, sometimes directly as a list or as None. We have to make a difference for the cases where _aq_dynamic returns None and cases where security is set to None git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@38475 20353a03-c40f-0410-a6d1-a30d3c3de9de
f6f5f007 · Jérome Perrin · d5090e0b · f6f5f007
Commit f6f5f007 authored Sep 20, 2010 by Jérome Perrin
Show whitespace changes
Inline Side-by-side

Showing with 13 additions and 8 deletions

product/ERP5Type/Accessor/Base.py product/ERP5Type/Accessor/Base.py +13 -8

No files found.
--- a/product/ERP5Type/Accessor/Base.py
+++ b/product/ERP5Type/Accessor/Base.py
@@ -120,7 +120,11 @@ class Setter(Method):
          if roles is None:
            return rolesForPermissionOn(None, im_self, ('Manager',),
                                        '_Modify_portal_content_Permission')
-        return roles.__of__(im_self)
+        # if roles has an __of__ method, call it explicitly, as the Method
+        # already has an __of__ method that has been already called at this
+        # point.
+        roles = getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
+        return roles


 from Products.CMFCore.Expression import Expression
@@ -199,7 +203,8 @@ class Getter(Method):
          if roles is None:
            return rolesForPermissionOn(None, im_self, ('Manager',),
                                        '_Access_contents_information_Permission')
-        return roles.__of__(im_self)
+        roles = getattr(roles, '__of__', lambda aq_parent: roles)(im_self)
+        return roles


 class Tester(Method):