changeset 6ed96b847340 in trytond:default
details: https://hg.tryton.org/trytond?cmd=changeset;node=6ed96b847340
description:
Enable check_access context when checking wizard access
issue9108
review261041002
diffstat:
CHANGELOG | 1 +
trytond/wizard/wizard.py | 25 +++++++++++++------------
2 files changed, 14 insertions(+), 12 deletions(-)
diffs (43 lines):
diff -r d62ef9d3c1c3 -r 6ed96b847340 CHANGELOG
--- a/CHANGELOG Fri Mar 06 23:20:35 2020 +0100
+++ b/CHANGELOG Mon Mar 09 18:24:23 2020 +0100
@@ -1,3 +1,4 @@
+* Enable check_access context when checking wizard access (issue9108)
* Add editable on calendar view
* Add xalign and yalign to group
* Add MultiSelection entry to Dict field
diff -r d62ef9d3c1c3 -r 6ed96b847340 trytond/wizard/wizard.py
--- a/trytond/wizard/wizard.py Fri Mar 06 23:20:35 2020 +0100
+++ b/trytond/wizard/wizard.py Mon Mar 09 18:24:23 2020 +0100
@@ -230,18 +230,19 @@
if Transaction().user == 0:
return
- model = context.get('active_model')
- if model:
- ModelAccess.check(model, 'read')
- groups = set(User.get_groups())
- wizard_groups = ActionWizard.get_groups(cls.__name__,
- action_id=context.get('action_id'))
- if wizard_groups:
- if not groups & wizard_groups:
- raise UserError('Calling wizard %s is not allowed!'
- % cls.__name__)
- elif model:
- ModelAccess.check(model, 'write')
+ with Transaction().set_context(_check_access=True):
+ model = context.get('active_model')
+ if model:
+ ModelAccess.check(model, 'read')
+ groups = set(User.get_groups())
+ wizard_groups = ActionWizard.get_groups(cls.__name__,
+ action_id=context.get('action_id'))
+ if wizard_groups:
+ if not groups & wizard_groups:
+ raise UserError('Calling wizard %s is not allowed!'
+ % cls.__name__)
+ elif model:
+ ModelAccess.check(model, 'write')
@classmethod
def create(cls):
