Commit d6e5356e authored by wenjie.zheng's avatar wenjie.zheng

Transition.py: a more robust guard which avoid anonymous user doing whatever...

Transition.py: a more robust guard which avoid anonymous user doing whatever in URL. Now if guard is None, getGuard will give all roles except Anonymous to guard.
parent 9b33c55d
...@@ -88,18 +88,16 @@ class Transition(IdAsReferenceMixin("transition_", "prefix"), XMLObject): ...@@ -88,18 +88,16 @@ class Transition(IdAsReferenceMixin("transition_", "prefix"), XMLObject):
return res return res
def getGuard(self): def getGuard(self):
if self.getRoleList() is None and\ self.generateGuard()
self.getPermissionList() is None and\ if not self.guard.roles or self.guard.roles == []:
self.getGroupList() is None and\ reasonable_roles = self.getParent().getManagedRoleList()
self.getExpression() is None and\ reasonable_roles.remove('Anonymous')
self.guard is None: self.guard.roles = reasonable_roles
return Guard().__of__(self)
elif self.guard is None:
self.generateGuard()
return self.guard return self.guard
def generateGuard(self): def generateGuard(self):
self.guard = Guard() if self.guard is None:
self.guard = Guard()
if self.getRoleList() is not None: if self.getRoleList() is not None:
self.guard.roles = self.getRoleList() self.guard.roles = self.getRoleList()
if self.getPermissionList() is not None: if self.getPermissionList() is not None:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment