Commit 77259dea authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_web_renderjs_ui: user can login even has no access permission on it's person document

parent 87584248
...@@ -917,7 +917,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None, ...@@ -917,7 +917,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
# Handle also other kind of users: instance, computer, master # Handle also other kind of users: instance, computer, master
person = portal.portal_membership.getAuthenticatedMember().getUserValue() person = portal.portal_membership.getAuthenticatedMember().getUserValue()
if person is not None: if person is not None and portal.portal_membership.checkPermission('View', person):
result_dict['_links']['me'] = { result_dict['_links']['me'] = {
"href": default_document_uri_template % { "href": default_document_uri_template % {
"root_url": site_root.absolute_url(), "root_url": site_root.absolute_url(),
......
...@@ -40,7 +40,7 @@ else: ...@@ -40,7 +40,7 @@ else:
person = portal.portal_membership.getAuthenticatedMember().getUserValue() person = portal.portal_membership.getAuthenticatedMember().getUserValue()
url_parameter = "n.me" url_parameter = "n.me"
pattern = '{[&|?]%s}' % url_parameter pattern = '{[&|?]%s}' % url_parameter
if (person is None): if (person is None or not portal.portal_membership.checkPermission('View', person)):
came_from = re.sub(pattern, '', came_from) came_from = re.sub(pattern, '', came_from)
else: else:
prefix = "&" if "&%s" % url_parameter in came_from else "?" prefix = "&" if "&%s" % url_parameter in came_from else "?"
......
...@@ -227,12 +227,18 @@ ...@@ -227,12 +227,18 @@
<td>//input[@value='Login']</td> <td>//input[@value='Login']</td>
<td></td> <td></td>
</tr> </tr>
<!--As the user don't have access to anything(no assignment), he come back to login page --> <!--User can access even has no access to it's person document -->
<tr> <tr>
<td>waitForElementPresent</td> <td>waitForElementNotPresent</td>
<td>//input[@name='__ac_name']</td> <td>//input[@name='__ac_name']</td>
<td></td> <td></td>
</tr> </tr>
<tr>
<td>waitForElementPresent</td>
<td>//span[@data-i18n='Worklist']</td>
<td></td>
</tr>
</tbody></table> </tbody></table>
</body> </body>
</html> </html>
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment