Commit 9ef32d8c authored by Sebastien Robin's avatar Sebastien Robin

2009-05-28 Seb

* We might think about usage of ERP5Accounting_getParams with people that can not see the account_module, so fix security error when getting currency precision

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@27227 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 50ed7c01
...@@ -103,8 +103,9 @@ if section_category:\n ...@@ -103,8 +103,9 @@ if section_category:\n
params[\'section_uid\'] = context.Base_getSectionUidListForSectionCategory(section_category)\n params[\'section_uid\'] = context.Base_getSectionUidListForSectionCategory(section_category)\n
currency = context.Base_getCurrencyForSection(section_category)\n currency = context.Base_getCurrencyForSection(section_category)\n
# getQuantityPrecisionFromResource is defined on Base, but the portal is not \n # getQuantityPrecisionFromResource is defined on Base, but the portal is not \n
# an instance of Base, so we call it on account_module.\n # an instance of Base, so we call it on portal_simulation because it is\n
params[\'precision\'] = context.account_module\\\n # accessible to everyone.\n
params[\'precision\'] = context.portal_simulation\\\n
.getQuantityPrecisionFromResource(currency)\n .getQuantityPrecisionFromResource(currency)\n
\n \n
# calculate the period_start_date for this section\n # calculate the period_start_date for this section\n
......
927 928
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment