# HG changeset patch # User Sylvain Thénault # Date 1453827840 -3600 # Node ID ebb6809659a40f3a30bbc3ef798d13afebbf27a5 # Parent 45f738a634e560054519accfb0355b70be9973f6 [notification] avoid using InternalManager when we've got a CWUser This will avoid potential information leak due to missed security restriction and is more compatible with legacy code (pb encountered in some client code). Closes #10294761 diff -r 45f738a634e5 -r ebb6809659a4 cubicweb/sobjects/notification.py --- a/cubicweb/sobjects/notification.py Wed Jan 27 08:35:51 2016 +0100 +++ b/cubicweb/sobjects/notification.py Tue Jan 26 18:04:00 2016 +0100 @@ -50,9 +50,7 @@ mode = self._cw.vreg.config['default-recipients-mode'] if mode == 'users': execute = self._cw.execute - dests = [(u.cw_adapt_to('IEmailable').get_email(), - u.property_value('ui.language')) - for u in execute(self.user_rql, build_descr=True).entities()] + dests = list(execute(self.user_rql, build_descr=True).entities()) elif mode == 'default-dest-addrs': lang = self._cw.vreg.property_value('ui.language') dests = zip(self._cw.vreg.config['default-dest-addrs'], repeat(lang)) diff -r 45f738a634e5 -r ebb6809659a4 cubicweb/sobjects/test/unittest_notification.py --- a/cubicweb/sobjects/test/unittest_notification.py Wed Jan 27 08:35:51 2016 +0100 +++ b/cubicweb/sobjects/test/unittest_notification.py Tue Jan 26 18:04:00 2016 +0100 @@ -35,7 +35,7 @@ self.set_option('default-recipients-mode', 'none') self.assertEqual(finder.recipients(), []) self.set_option('default-recipients-mode', 'users') - self.assertEqual(finder.recipients(), [(u'admin@logilab.fr', 'fr')]) + self.assertEqual(finder.recipients(), [req.user]) self.set_option('default-recipients-mode', 'default-dest-addrs') self.set_option('default-dest-addrs', 'abcd@logilab.fr, efgh@logilab.fr') self.assertEqual(list(finder.recipients()),