From 204d7644b26d5d25b10e4f453d118e70b1cd7af9 Mon Sep 17 00:00:00 2001 From: Gaetan Delannay Date: Fri, 13 Sep 2013 13:39:58 +0200 Subject: [PATCH] [gen] When bypassing security, conditions for workflow transitions are not checked at all. --- gen/__init__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gen/__init__.py b/gen/__init__.py index b519f3e..34760c3 100644 --- a/gen/__init__.py +++ b/gen/__init__.py @@ -205,12 +205,12 @@ class Transition: startFound = True break if not startFound: return False - # Check that the condition is met + # Check that the condition is met, excepted if noSecurity is True. + if noSecurity: return True user = obj.getTool().getUser() if isinstance(self.condition, Role): # Condition is a role. Transition may be triggered if the user has # this role. - if noSecurity: return True return user.has_role(self.condition.name, obj) elif type(self.condition) == types.FunctionType: return self.condition(wf, obj.appy()) @@ -223,7 +223,7 @@ class Transition: if isinstance(roleOrFunction, basestring): if hasRole == None: hasRole = False - if user.has_role(roleOrFunction, obj) or noSecurity: + if user.has_role(roleOrFunction, obj): hasRole = True elif type(roleOrFunction) == types.FunctionType: if not roleOrFunction(wf, obj.appy()):