From: richard Date: Tue, 30 Jul 2002 21:37:43 +0000 (+0000) Subject: oops, thanks Duncan Booth for spotting this one X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=2cf1f35dce25a1741cc78a1f319a6df27fd9f02e;p=roundup.git oops, thanks Duncan Booth for spotting this one git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@937 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py index a46fe16..e59239a 100644 --- a/roundup/cgi_client.py +++ b/roundup/cgi_client.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: cgi_client.py,v 1.150 2002-07-30 20:43:18 gmcm Exp $ +# $Id: cgi_client.py,v 1.151 2002-07-30 21:37:43 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -1182,8 +1182,9 @@ function help_window(helpurl, width, height) { ''' display a list of all the classes in the database ''' userid = self.db.user.lookup(self.user) - raise Unauthorised, _("You do not have permission to access"\ - " %(action)s.")%{'action': 'all classes'} + if not self.db.security.hasPermission('Edit', userid): + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': 'all classes'} self.pagehead(_('Table of classes'), message) classnames = self.db.classes.keys() @@ -1695,6 +1696,9 @@ def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')): # # $Log: not supported by cvs2svn $ +# Revision 1.150 2002/07/30 20:43:18 gmcm +# Oops, fix the permission check! +# # Revision 1.149 2002/07/30 20:04:38 gmcm # Adapt metakit backend to new security scheme. # Put some more permission checks in cgi_client.