changeset dcf965ab95eb in trytond:5.2
details: https://hg.tryton.org/trytond?cmd=changeset;node=dcf965ab95eb
description:
Enable check_access context when checking wizard access
issue9108
review261041002
(grafted from 6ed96b847340dbb7ab8606170a112a0b840f4728)
diffstat:
CHANGELOG | 2 ++
trytond/wizard/wizard.py | 25 +++++++++++++------------
2 files changed, 15 insertions(+), 12 deletions(-)
diffs (44 lines):
diff -r 2fb1a7b87e7a -r dcf965ab95eb CHANGELOG
--- a/CHANGELOG Sun Mar 01 21:03:32 2020 +0100
+++ b/CHANGELOG Mon Mar 09 18:24:23 2020 +0100
@@ -1,3 +1,5 @@
+* Enable check_access context when checking wizard access (issue9108)
+
Version 5.2.12 - 2020-02-02
* Bug fixes (see mercurial logs for details)
diff -r 2fb1a7b87e7a -r dcf965ab95eb trytond/wizard/wizard.py
--- a/trytond/wizard/wizard.py Sun Mar 01 21:03:32 2020 +0100
+++ b/trytond/wizard/wizard.py Mon Mar 09 18:24:23 2020 +0100
@@ -224,18 +224,19 @@
if Transaction().user == 0:
return
- model = context.get('active_model')
- if model:
- ModelAccess.check(model, 'read')
- groups = set(User.get_groups())
- wizard_groups = ActionWizard.get_groups(cls.__name__,
- action_id=context.get('action_id'))
- if wizard_groups:
- if not groups & wizard_groups:
- raise UserError('Calling wizard %s is not allowed!'
- % cls.__name__)
- elif model:
- ModelAccess.check(model, 'write')
+ with Transaction().set_context(_check_access=True):
+ model = context.get('active_model')
+ if model:
+ ModelAccess.check(model, 'read')
+ groups = set(User.get_groups())
+ wizard_groups = ActionWizard.get_groups(cls.__name__,
+ action_id=context.get('action_id'))
+ if wizard_groups:
+ if not groups & wizard_groups:
+ raise UserError('Calling wizard %s is not allowed!'
+ % cls.__name__)
+ elif model:
+ ModelAccess.check(model, 'write')
@classmethod
def create(cls):
