ERP5 SUPER_USER is always allowed (still it is never allowed to login -i.e. authenticated

as it is used in some special cases like security calculation when no restrictions should exists).

ERP5 SUPER_USER is always allowed (still it is never allowed to login -i.e. authenticated
as it is used in some special cases like security calculation when no restrictions should exists).
5348b48f · Ivan Tyagov · 4ef1a976 · 5348b48f
Commit 5348b48f authored Jan 27, 2012 by Ivan Tyagov
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

product/ERP5Security/ERP5UserFactory.py product/ERP5Security/ERP5UserFactory.py +5 -0

No files found.
--- a/product/ERP5Security/ERP5UserFactory.py
+++ b/product/ERP5Security/ERP5UserFactory.py
@@ -26,6 +26,7 @@ from Products.PluggableAuthService.interfaces.plugins import IUserFactoryPlugin
 from Products.PluggableAuthService.PropertiedUser import PropertiedUser
 from Products.PluggableAuthService.PropertiedUser import \
                                            _what_not_even_god_should_do
+from Products.ERP5Security.ERP5UserManager import SUPER_USER

 manage_addERP5UserFactoryForm = PageTemplateFile(
    'www/ERP5Security_addERP5UserFactory', globals(),
@@ -99,6 +100,10 @@ class ERP5User(PropertiedUser):
      As for getRolesInContext, we take into account _getAcquireLocalRoles for
      ERP5.
      """
+      if self.getUserName() == SUPER_USER:
+        # super user is allowed to any object
+        return 1
+
      if object_roles is _what_not_even_god_should_do:
        return 0