ERP5Workflow: use Nexedi patched version of guard check

this will allow the use of proxy_roles fixes, among others, broken tests on packing list

ERP5Workflow: use Nexedi patched version of guard check
this will allow the use of proxy_roles fixes, among others, broken tests on packing list
ef25a671 · iv · 40f1a34a · ef25a671
Commit ef25a671 authored Sep 13, 2016 by iv
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 4 deletions

product/ERP5Workflow/mixin/guardable.py product/ERP5Workflow/mixin/guardable.py +15 -4

No files found.
--- a/product/ERP5Workflow/mixin/guardable.py
+++ b/product/ERP5Workflow/mixin/guardable.py
@@ -35,12 +35,24 @@ class GuardableMixin(object):
    self.guard_permission or self.guard_role

  def checkGuard(self, security_manager, workflow, current_object, check_roles=True, **kw):
-    """Checks conditions in this guard.
+    """
+    Checks conditions in this guard.
+    original source code from DCWorkflow (Nexedi patched version for use of
+    proxy_roles)
    """
    user_roles = None
+
+    def getRoles():
+      stack = security_manager._context.stack
+      if stack:
+        proxy_roles = getattr(stack[-1], '_proxy_roles', None)
+        if proxy_roles:
+          return proxy_roles
+      return security_manager.getUser().getRolesInContext(current_object)
+
    if workflow.manager_bypass:
      # Possibly bypass.
-      user_roles = security_manager.getUser().getRolesInContext(current_object)
+      user_roles = getRoles()
      if 'Manager' in user_roles:
        return True
    if self.guard_permission:
@@ -52,8 +64,7 @@ class GuardableMixin(object):
    if check_roles and self.guard_role:
      # Require at least one of the given roles.
      if user_roles is None:
-        user_roles = security_manager.getUser()\
-                       .getRolesInContext(current_object)
+        user_roles = getRoles()
      for role in self.guard_role:
        if role in user_roles:
          break