[Openflow-dev] Security patch

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

to apply to workflow.py:
It Allows to limit the access to the creation of tokens to the roles with
the "Add Tokens" permission.

*** workflow.py.original        Thu Sep 27 11:20:26 2001
--- workflow.py Thu Sep 27 11:22:01 2001
***************
*** 70,75 ****
--- 70,77 ----
          return getattr(process, token_id)

+     security.declareProtected('Add Tokens', 'generateToken')
+
      def generateToken(self, process_id, customer, title=None,comments=''):
          """ creates a new token in the process """
          process = getattr(self, process_id)