From 0051958d27755d39aaba10c988fae1403870b35c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Fri, 11 Jul 2008 15:35:23 +0000
Subject: [PATCH] only allow this for manager

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@22459 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5/Extensions/Grep.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/product/ERP5/Extensions/Grep.py b/product/ERP5/Extensions/Grep.py
index ac48072a30..4b022f3632 100644
--- a/product/ERP5/Extensions/Grep.py
+++ b/product/ERP5/Extensions/Grep.py
@@ -1,6 +1,9 @@
 import re
 import cgi
 from Acquisition import aq_base
+from AccessControl import Unauthorized
+from Products.CMFCore.utils import _checkPermission
+from Products.ERP5Type import Permissions
 
 try:
   from Products import ExternalEditor
@@ -32,6 +35,8 @@ def traverse(ob, r, result, command_line_arguments):
         break
 
 def grep(self, pattern, A=0, B=0, r=1, i=0):
+  if not _checkPermission(Permissions.ManagePortal, self):
+    raise Unauthorized(self)
   command_line_arguments = {} # emulate grep command line args
   command_line_arguments['A'] = int(A)
   command_line_arguments['B'] = int(B)
-- 
2.30.9