Commit 77259dea authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_web_renderjs_ui: user can login even has no access permission on it's person document

parent 87584248
......@@ -917,7 +917,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
# Handle also other kind of users: instance, computer, master
person = portal.portal_membership.getAuthenticatedMember().getUserValue()
if person is not None:
if person is not None and portal.portal_membership.checkPermission('View', person):
result_dict['_links']['me'] = {
"href": default_document_uri_template % {
"root_url": site_root.absolute_url(),
......
......@@ -40,7 +40,7 @@ else:
person = portal.portal_membership.getAuthenticatedMember().getUserValue()
url_parameter = "n.me"
pattern = '{[&|?]%s}' % url_parameter
if (person is None):
if (person is None or not portal.portal_membership.checkPermission('View', person)):
came_from = re.sub(pattern, '', came_from)
else:
prefix = "&" if "&%s" % url_parameter in came_from else "?"
......
......@@ -227,12 +227,18 @@
<td>//input[@value='Login']</td>
<td></td>
</tr>
<!--As the user don't have access to anything(no assignment), he come back to login page -->
<!--User can access even has no access to it's person document -->
<tr>
<td>waitForElementPresent</td>
<td>waitForElementNotPresent</td>
<td>//input[@name='__ac_name']</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//span[@data-i18n='Worklist']</td>
<td></td>
</tr>
</tbody></table>
</body>
</html>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment