SQLCatalog_zGetDocumentValueList: Tolerate security query being None

getSecurityQuery returns None when caller is superuser. Avoid passing it to buildSQLQuery, as it would mistake security_query for a column name.

SQLCatalog_zGetDocumentValueList: Tolerate security query being None
getSecurityQuery returns None when caller is superuser. Avoid passing it to buildSQLQuery, as it would mistake security_query for a column name.
60e846fe · Vincent Pelletier · 31e019b7 · 60e846fe
Commit 60e846fe authored Sep 28, 2017 by Vincent Pelletier
Showing with 3 additions and 7 deletions

product/ERP5/bootstrap/erp5_mysql_innodb_catalog/CatalogMethodTemplateItem/portal_catalog/erp5_mysql_innodb/SQLCatalog_zGetDocumentValueList.sql ...og/erp5_mysql_innodb/SQLCatalog_zGetDocumentValueList.sql +3 -7

No files found.
--- a/product/ERP5/bootstrap/erp5_mysql_innodb_catalog/CatalogMethodTemplateItem/portal_catalog/erp5_mysql_innodb/SQLCatalog_zGetDocumentValueList.sql
+++ b/product/ERP5/bootstrap/erp5_mysql_innodb_catalog/CatalogMethodTemplateItem/portal_catalog/erp5_mysql_innodb/SQLCatalog_zGetDocumentValueList.sql
 <dtml-let
  asQuery="getattr(search_context, 'asQuery', None)"
  dummy="None if asQuery is None else kw.update({'websection_query': asQuery()})"
-  query="
-    buildSQLQuery(
-      security_query=getSecurityQuery(sql_catalog_id=getId(),
-      local_roles=kw.pop('local_roles', None)),
-      **kw
-    )
-  "
+  security_query="getSecurityQuery(sql_catalog_id=getId(), local_roles=kw.pop('local_roles', None))"
+  dummy2="None if security_query is None else kw.update({'security_query': security_query})"
+  query="buildSQLQuery(**kw)"
  optimizer_switch_key_list="getOptimizerSwitchKeyList()"
 >
  <dtml-comment>