unauthenticated user should not provide a person ID
This commit is contained in:
parent
a78ce4f880
commit
cad21c5dc3
3 changed files with 7 additions and 4 deletions
|
|
@ -48,6 +48,7 @@ class SurveyView(ConceptView):
|
|||
|
||||
@Lazy
|
||||
def macro(self):
|
||||
self.registerDojo()
|
||||
return template.macros['survey']
|
||||
|
||||
def results(self):
|
||||
|
|
|
|||
|
|
@ -39,10 +39,9 @@ class Responses(BaseRecordManager):
|
|||
self.context = context
|
||||
|
||||
def save(self, data):
|
||||
if not self.personId:
|
||||
return
|
||||
self.storage.saveUserTrack(self.uid, 0, self.personId, data,
|
||||
update=True, overwrite=True)
|
||||
if self.personId:
|
||||
self.storage.saveUserTrack(self.uid, 0, self.personId, data,
|
||||
update=True, overwrite=True)
|
||||
|
||||
def load(self):
|
||||
if self.personId:
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
Base class(es) for track/record managers.
|
||||
"""
|
||||
|
||||
from zope.app.security.interfaces import IUnauthenticatedPrincipal
|
||||
from zope.cachedescriptors.property import Lazy
|
||||
|
||||
from cybertools.meta.interfaces import IOptions
|
||||
|
|
@ -65,6 +66,8 @@ class BaseRecordManager(object):
|
|||
else:
|
||||
principal = getPrincipalForUserId(userId, context=self.context)
|
||||
if principal is not None:
|
||||
if IUnauthenticatedPrincipal.providedBy(principal):
|
||||
return None
|
||||
person = getPersonForUser(self.context, principal=principal)
|
||||
if person is None:
|
||||
return principal.id
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue