[gen] Security improvements.

2014-05-03 22:45:51 +02:00 · 2014-05-03 22:45:51 +02:00 · 5c6a7f0f97
commit 5c6a7f0f97
parent b2dbef2bc4
9 changed files with 146 additions and 120 deletions
--- a/fields/pod.py
+++ b/fields/pod.py
@ -468,7 +468,7 @@ class Pod(Field):
        # What is the action to perform?
        action = rq.get('action', 'generate')
        # Security check.
-        obj.o.allows('read', raiseError=True)
+        obj.o.mayView(self.readPermission, raiseError=True)
        # Perform the requested action.
        tool = obj.tool.o
        template = rq.get('template')
@ -486,7 +486,7 @@ class Pod(Field):
            res.writeResponse(rq.RESPONSE)
            return
        # Performing any other action requires write access to p_obj.
-        obj.o.allows('write', raiseError=True)
+        obj.o.mayEdit(self.writePermission, raiseError=True)
        msg = 'action_done'
        if action == 'freeze':
            # (Re-)freeze a document in the database.