Commit 36883480 authored by Nicolas Delaby's avatar Nicolas Delaby

* Propagate checked_permission parameter:

   This change avoid unauthorized if user can not view a related object through RelationField


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@23619 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 64229e91
...@@ -1201,7 +1201,10 @@ class Base( CopyContainer, ...@@ -1201,7 +1201,10 @@ class Base( CopyContainer,
#LOG("method",0,str(id)) #LOG("method",0,str(id))
method = getattr(self, id, None) method = getattr(self, id, None)
if callable(method): if callable(method):
result = method() try:
result = method(checked_permission=checked_permission)
except TypeError:
result = method()
if result not in null_value: if result not in null_value:
if is_list_type: if is_list_type:
if isinstance(result, (list, tuple)): if isinstance(result, (list, tuple)):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment