From: schlatterbeck Date: Mon, 21 Dec 2009 21:03:24 +0000 (+0000) Subject: - fix create permission for xmlrpc, too X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3a3579a1b675887a9230931d4707563013251b9e;p=roundup.git - fix create permission for xmlrpc, too git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4415 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/CHANGES.txt b/CHANGES.txt index 0da596d..082f072 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -5,8 +5,8 @@ are given with the most recent entry first. Fixes: - Proper handling of 'Create' permissions in both mail gateway (earlier - commit r4405 by Richard) and web interface, this used to check 'Edit' - permission previously. See + commit r4405 by Richard), web interface, and xmlrpc. This used to + check 'Edit' permission previously. See http://thread.gmane.org/gmane.comp.bug-tracking.roundup.devel/5133 Add regression tests for proper handling of 'Create' and 'Edit' permissions. diff --git a/roundup/xmlrpc.py b/roundup/xmlrpc.py index 86c8f99..b0495d0 100644 --- a/roundup/xmlrpc.py +++ b/roundup/xmlrpc.py @@ -113,9 +113,9 @@ class RoundupInstance: raise UsageError, 'you must provide the "%s" property.'%key for key in props: - if not self.db.security.hasPermission('Edit', self.db.getuid(), classname, - property=key): - raise Unauthorised('Permission to set %s.%s denied'%(classname, key)) + if not self.db.security.hasPermission('Create', self.db.getuid(), + classname, property=key): + raise Unauthorised('Permission to create %s.%s denied'%(classname, key)) # do the actual create try: