Commit 0036c4ba authored by Arnaud Fontaine's avatar Arnaud Fontaine

ZODB Components: Only Manager or Developer Role should be able to access...

ZODB Components: Only Manager or Developer Role should be able to access Component Tools and Components.
parent ff9f05e3
......@@ -82,12 +82,12 @@ class ComponentTool(BaseTool):
permission_function = lambda self: ('Manager',)
elif permission_name in ('Change permissions', 'Define permissions'):
permission_function = lambda self: ()
elif not (permission_name.startswith('Access ') or
elif (permission_name.startswith('Access ') or
permission_name.startswith('View') or
permission_name.startswith('WebDAV')):
permission_function = lambda self: ('Developer',)
permission_name == 'WebDAV access'):
permission_function = lambda self: ('Developer', 'Manager')
else:
continue
permission_function = lambda self: ('Developer',)
setattr(cls, pname(permission_name), property(permission_function))
......
......@@ -1802,6 +1802,12 @@ def bar(*args, **kwargs):
self.tic()
# Anonymous should not even be able to view/access Component Tool
self.failIfUserCanViewDocument(None, self._component_tool)
self.failIfUserCanAccessDocument(None, self._component_tool)
self.failIfUserCanViewDocument(None, component)
self.failIfUserCanAccessDocument(None, component)
user_id = 'ERP5TypeTestCase'
self.assertUserCanChangeLocalRoles(user_id, self._component_tool)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment