ERP5Workflow: security declarations on getDestinationValue and getSourceValue

product/ERP5Workflow/Document/Transition.py

@@ -140,6 +140,8 @@ class Transition(IdAsReferenceMixin("transition_", "prefix"), XMLObject,
     return [parent._getOb(transition_id) for transition_id
             in self.getAfterScriptIdList()]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getDestinationValue')
   def getDestinationValue(self):
     """
     returns the destination object

product/ERP5Workflow/Document/Workflow.py

@@ -1212,6 +1212,8 @@ class Workflow(IdAsReferenceMixin("", "prefix"), XMLObject):
       for permission in permission_to_delete:
         del state.state_permission_roles_dict[permission]
 
+  security.declareProtected(Permissions.AccessContentsInformation,
+                            'getSourceValue')
   def getSourceValue(self):
     """
     returns the source object