access to backoffice only if user.can_go_in_backoffice (fix #1688)

2012-09-24 20:13:35 +02:00 · 2012-09-24 20:13:35 +02:00 · 69a9045b75
parent a33d025556
commit 69a9045b75
2 changed files with 3 additions and 1 deletions
--- a/wcs/qommon/backoffice/root.ptl
+++ b/wcs/qommon/backoffice/root.ptl
@ -49,7 +49,7 @@ class BackofficeRootDirectory(AccessControlled, Directory):
            raise errors.AccessUnauthorizedError(
                    public_msg = _('Access to backoffice is restricted to authorized persons only. '\
                                   'Please login.'))
-        if user and user.anonymous:
+        if user and not user.can_go_in_backoffice():
            raise errors.AccessForbiddenError()

        get_response().filter['in_backoffice'] = True
--- a/wcs/users.py
+++ b/wcs/users.py
@ -106,6 +106,8 @@ class User(StorableObject):
    def can_go_in_backoffice(self):
        if self.is_admin:
            return True
+        if self.anonymous:
+            return False
        from roles import Role
        for role_id in self.roles or []:
            try: