[CMF-checkins] CVS: Products/CMFCore - CMFCatalogAware.py:1.15.12.3
CatalogTool.py:1.42.2.7
Florent Guillaume
fg at nuxeo.com
Fri Mar 25 12:30:11 EST 2005
Update of /cvs-repository/Products/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv12773/CMFCore
Modified Files:
Tag: CMF-1_4-branch
CMFCatalogAware.py CatalogTool.py
Log Message:
CMFCatalogAware: When reindexing security, all subobjects must be
reindexed even if they are not visible by the current user.
=== Products/CMFCore/CMFCatalogAware.py 1.15.12.2 => 1.15.12.3 ===
--- Products/CMFCore/CMFCatalogAware.py:1.15.12.2 Fri Apr 23 17:11:33 2004
+++ Products/CMFCore/CMFCatalogAware.py Fri Mar 25 12:30:11 2005
@@ -77,7 +77,7 @@
catalog = getToolByName(self, 'portal_catalog', None)
if catalog is not None:
path = '/'.join(self.getPhysicalPath())
- for brain in catalog.searchResults(path=path):
+ for brain in catalog.unrestrictedSearchResults(path=path):
ob = brain.getObject()
if ob is None:
# Ignore old references to deleted objects.
=== Products/CMFCore/CatalogTool.py 1.42.2.6 => 1.42.2.7 ===
--- Products/CMFCore/CatalogTool.py:1.42.2.6 Wed Mar 16 12:57:53 2005
+++ Products/CMFCore/CatalogTool.py Fri Mar 25 12:30:11 2005
@@ -267,6 +267,21 @@
__call__ = searchResults
+ security.declarePrivate('unrestrictedSearchResults')
+ def unrestrictedSearchResults(self, REQUEST=None, **kw):
+ """Calls ZCatalog.searchResults directly without restrictions.
+
+ This method returns every also not yet effective and already expired
+ objects regardless of the roles the caller has.
+
+ CAUTION: Care must be taken not to open security holes by
+ exposing the results of this method to non authorized callers!
+
+ If you're in doubt if you should use this method or
+ 'searchResults' use the latter.
+ """
+ return ZCatalog.searchResults(self, REQUEST, **kw)
+
def __url(self, ob):
return '/'.join( ob.getPhysicalPath() )
More information about the CMF-checkins
mailing list