- fix create permission for xmlrpc, too

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4415 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/CHANGES.txt b/CHANGES.txt
index 0da596de9446ec2ecd5e9f83e1cc072f4c1706c6..082f0728f0f6e7f3e291969d0de519ea0bf09385 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -5,8 +5,8 @@ are given with the most recent entry first.
 
 Fixes:
 - Proper handling of 'Create' permissions in both mail gateway (earlier
-  commit r4405 by Richard) and web interface, this used to check 'Edit'
-  permission previously. See
+  commit r4405 by Richard), web interface, and xmlrpc. This used to
+  check 'Edit' permission previously. See
   http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5133
   Add regression tests for proper handling of 'Create' and 'Edit'
   permissions.

diff --git a/roundup/xmlrpc.py b/roundup/xmlrpc.py
index 86c8f992b207e443bacbd101311b16c3b209bae2..b0495d07018aad4def9a220a9abac6f5e15f1b09 100644 (file)
--- a/roundup/xmlrpc.py
+++ b/roundup/xmlrpc.py
@@ -113,9 +113,9 @@ class RoundupInstance:
             raise UsageError, 'you must provide the "%s" property.'%key
 
         for key in props:
-            if not self.db.security.hasPermission('Edit', self.db.getuid(), classname,
-                                                  property=key):
-                raise Unauthorised('Permission to set %s.%s denied'%(classname, key))
+            if not self.db.security.hasPermission('Create', self.db.getuid(),
+                classname, property=key):
+                raise Unauthorised('Permission to create %s.%s denied'%(classname, key))
 
         # do the actual create
         try: