[gen] When bypassing security, conditions for workflow transitions are not checked at all.
This commit is contained in:
Gaetan Delannay
parent
383af4a687
commit
204d7644b2
|
|
@ -205,12 +205,12 @@ class Transition:
|
||||||
startFound = True
|
startFound = True
|
||||||
break
|
break
|
||||||
if not startFound: return False
|
if not startFound: return False
|
||||||
# Check that the condition is met
|
# Check that the condition is met, excepted if noSecurity is True.
|
||||||
|
if noSecurity: return True
|
||||||
user = obj.getTool().getUser()
|
user = obj.getTool().getUser()
|
||||||
if isinstance(self.condition, Role):
|
if isinstance(self.condition, Role):
|
||||||
# Condition is a role. Transition may be triggered if the user has
|
# Condition is a role. Transition may be triggered if the user has
|
||||||
# this role.
|
# this role.
|
||||||
if noSecurity: return True
|
|
||||||
return user.has_role(self.condition.name, obj)
|
return user.has_role(self.condition.name, obj)
|
||||||
elif type(self.condition) == types.FunctionType:
|
elif type(self.condition) == types.FunctionType:
|
||||||
return self.condition(wf, obj.appy())
|
return self.condition(wf, obj.appy())
|
||||||
|
|
@ -223,7 +223,7 @@ class Transition:
|
||||||
if isinstance(roleOrFunction, basestring):
|
if isinstance(roleOrFunction, basestring):
|
||||||
if hasRole == None:
|
if hasRole == None:
|
||||||
hasRole = False
|
hasRole = False
|
||||||
if user.has_role(roleOrFunction, obj) or noSecurity:
|
if user.has_role(roleOrFunction, obj):
|
||||||
hasRole = True
|
hasRole = True
|
||||||
elif type(roleOrFunction) == types.FunctionType:
|
elif type(roleOrFunction) == types.FunctionType:
|
||||||
if not roleOrFunction(wf, obj.appy()):
|
if not roleOrFunction(wf, obj.appy()):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue