diff --git a/product/ERP5/Document/RoleDefinition.py b/product/ERP5/Document/RoleDefinition.py index 0d181d9aea52123b2a3279ed6ef9a0f9bf707e97..42734efc58bde0a18a115b261a2a9cbcc09f6ed3 100644 --- a/product/ERP5/Document/RoleDefinition.py +++ b/product/ERP5/Document/RoleDefinition.py @@ -26,8 +26,11 @@ ############################################################################## from AccessControl import ClassSecurityInfo +from Acquisition import aq_parent +from Acquisition import aq_inner from Products.CMFCore.utils import getToolByName from Products.CMFCore.WorkflowCore import WorkflowMethod + from Products.ERP5Type import Permissions, PropertySheet, Constraint, Interface from Products.ERP5Type.XMLObject import XMLObject @@ -48,4 +51,14 @@ class RoleDefinition(XMLObject): , PropertySheet.CategoryCore , PropertySheet.DublinCore , PropertySheet.RoleDefinition - ) \ No newline at end of file + ) + + security.declareProtected(Permissions.ModifyPortalContent, + 'assignRoleToSecurityGroupOnParent') + def assignRoleToSecurityGroupOnParent(self, **kw): + """Assign roles to security group on the parent. + + We redefine this method here, because we want the security check to be + performed on the role definition object itself, and not the parent. """ + aq_parent(aq_inner(self)).assignRoleToSecurityGroup(**kw) +