[gen] Security improvements.

2014-05-03 22:45:51 +02:00 · 2014-05-03 22:45:51 +02:00 · 5c6a7f0f97
commit 5c6a7f0f97
parent b2dbef2bc4
9 changed files with 146 additions and 120 deletions
--- a/fields/workflow.py
+++ b/fields/workflow.py
@ -397,7 +397,7 @@ class Transition:
        if not obj.isTemporary(): obj.reindex()
        # If we are viewing the object and if the logged user looses the
        # permission to view it, redirect the user to its home page.
-        if not obj.allows('read') and \
+        if not obj.mayView() and \
           (obj.absolute_url_path() in rq['HTTP_REFERER']):
            back = tool.getHomePage()
        else: