From 3688348057ef7d5fdf58ec0c8de6c37274960807 Mon Sep 17 00:00:00 2001
From: Nicolas Delaby <nicolas@nexedi.com>
Date: Mon, 15 Sep 2008 14:47:52 +0000
Subject: [PATCH]  * Propagate checked_permission parameter:    This change
 avoid unauthorized if user can not view a related object through
 RelationField

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@23619 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Type/Base.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/product/ERP5Type/Base.py b/product/ERP5Type/Base.py
index de87a58653..82877af188 100644
--- a/product/ERP5Type/Base.py
+++ b/product/ERP5Type/Base.py
@@ -1201,7 +1201,10 @@ class Base( CopyContainer,
             #LOG("method",0,str(id))
             method = getattr(self, id, None)
             if callable(method):
-              result = method()
+              try:
+                result = method(checked_permission=checked_permission)
+              except TypeError:
+                result = method()
               if result not in null_value:
                 if is_list_type:
                   if isinstance(result, (list, tuple)):
-- 
2.30.9