Commit fc3ca9ff authored by Romain Courteaud's avatar Romain Courteaud

Catalog security is based on the permission on 'View' and not on 'Access...

Catalog security is based on the permission on 'View' and not on 'Access Content Permission', which was a major error.
Catalog is designed to be used with the user interface, and every object returned by portal_catalog should be viewable.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10394 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 3e452c78
......@@ -95,7 +95,7 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
withnuxgroups = getSecurityProduct(ob.acl_users)\
== SECURITY_USING_NUX_USER_GROUPS
allowed = {}
for r in rolesForPermissionOn('Access contents information', ob):
for r in rolesForPermissionOn('View', ob):
allowed[r] = 1
if withnuxgroups:
localroles = mergedLocalRoles(ob, withgroups=1)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment