ERP5 Activity Tool: Donot change the user while calling method

product/CMFActivity/ActivityTool.py

@@ -54,7 +54,6 @@ from zExceptions import ExceptionFormatter
 from BTrees.OIBTree import OIBTree
 from Zope2 import app
 from Products.ERP5Type.UnrestrictedMethod import PrivilegedUser
-from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod
 from zope.site.hooks import setSite
 import transaction
 from App.config import getConfiguration
@@ -301,7 +300,7 @@ class Message(BaseMessage):
         try:
           # Change user if required (TO BE DONE)
           # We will change the user only in order to execute this method
-          self.changeUser(self.user_name, activity_tool)
+          #self.changeUser(self.user_name, activity_tool)
           # XXX: There is no check to see if user is allowed to access
           #      that method !
           method = getattr(obj, self.method_id)
@@ -994,7 +993,6 @@ class ActivityTool (Folder, UniqueObject):
           LOG('CMFActivity', INFO, "Shutdown: Activities finished.")
 
     security.declareProtected(CMFCorePermissions.ManagePortal, 'process_timer')
-    @UnrestrictedMethod
     def process_timer(self, tick, interval, prev="", next=""):
       """
       Call distribute() if we are the Distributing Node and call tic()
@@ -1013,6 +1011,11 @@ class ActivityTool (Folder, UniqueObject):
           self.setupCurrentSkin(self.REQUEST)
           old_sm = getSecurityManager()
           try:
+            # get owner of portal_catalog, so normally we should be able to
+            # have the permission to invoke all activities
+            user = self.portal_catalog.getWrappedOwner()
+            newSecurityManager(self.REQUEST, user)
+
             currentNode = self.getCurrentNode()
             self.registerNode(currentNode)
             processing_node_list = self.getNodeList(role=ROLE_PROCESSING)