Commit d30536b3 authored by Jean-Paul Smets's avatar Jean-Paul Smets

Do not use security for user lookup.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@13057 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 3372bcdb
...@@ -119,8 +119,8 @@ class ERP5GroupManager(BasePlugin): ...@@ -119,8 +119,8 @@ class ERP5GroupManager(BasePlugin):
else: else:
security_definition_list = mapping_method() security_definition_list = mapping_method()
# get the person from its reference # get the person from its reference - no security check needed
catalog_result = self.portal_catalog( catalog_result = self.portal_catalog.unrestrictedSearchResults(
portal_type="Person", reference=user_name) portal_type="Person", reference=user_name)
if len(catalog_result) != 1: # we won't proceed with groups if len(catalog_result) != 1: # we won't proceed with groups
if len(catalog_result) > 1: # configuration is screwed if len(catalog_result) > 1: # configuration is screwed
...@@ -133,8 +133,7 @@ class ERP5GroupManager(BasePlugin): ...@@ -133,8 +133,7 @@ class ERP5GroupManager(BasePlugin):
person_id = person_object.getId() person_id = person_object.getId()
# Fetch category values from defined scripts # Fetch category values from defined scripts
for (method_name, base_category_list) in \ for (method_name, base_category_list) in security_definition_list:
security_definition_list:
base_category_list = tuple(base_category_list) base_category_list = tuple(base_category_list)
method = getattr(self, method_name) method = getattr(self, method_name)
security_category_list = security_category_dict.setdefault( security_category_list = security_category_dict.setdefault(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment