bartek
2008-07-08 09:35:32 UTC
Hello,
About five months ago I found something that I think classifies as a
bug: if a form contains a relation field relating to an object a user is
not authorized to view, then an attempt to view the form raises
Unauthorized, so in effect the object becomes inaccessible.
I wrote a test for it, which shows the problem - it is in core test
suite (ERP5Form/tests/testGUIwithSecurity.py). It has been there since
March, and it used to be run by the test runner, but since mid-May it is
not executed anymore, for reasons I don't know.
There is also a proposed patch for it, in the experimental repo - it is
open for discussion if the Unauthorized errors should be handled by the
fields or by the accessors.
Bartek
About five months ago I found something that I think classifies as a
bug: if a form contains a relation field relating to an object a user is
not authorized to view, then an attempt to view the form raises
Unauthorized, so in effect the object becomes inaccessible.
I wrote a test for it, which shows the problem - it is in core test
suite (ERP5Form/tests/testGUIwithSecurity.py). It has been there since
March, and it used to be run by the test runner, but since mid-May it is
not executed anymore, for reasons I don't know.
There is also a proposed patch for it, in the experimental repo - it is
open for discussion if the Unauthorized errors should be handled by the
fields or by the accessors.
Bartek
--
"feelings affect productivity. (...) unhappy people write worse
software, and less of it."
Karl Fogel, "Producing Open Source Software"
"feelings affect productivity. (...) unhappy people write worse
software, and less of it."
Karl Fogel, "Producing Open Source Software"