From: jlgijsbers <jlgijsbers@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Fri, 21 Nov 2003 21:59:05 +0000 (+0000)
Subject: Add 'return' after failed permission checks in search/editCSV actions.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=571a978e7dc44b5531c82cc40ca3acae274a950b;p=roundup.git

Add 'return' after failed permission checks in search/editCSV actions.


git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@2004 57a73879-2fb5-44c3-a270-3262357dd7e2
---

diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 874796f..8990d86 100644
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.146 2003-11-13 05:56:48 richard Exp $
+# $Id: client.py,v 1.147 2003-11-21 21:59:05 jlgijsbers Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -1125,7 +1125,8 @@ You should then receive another email with the new password.
         # this is per-class only
         if not self.editCSVPermission():
             self.error_message.append(
-                _('You do not have permission to edit %s' %self.classname))
+                 _('You do not have permission to edit %s' %self.classname))
+            return
 
         # get the CSV module
         if rcsv.error:
@@ -1237,6 +1238,7 @@ You should then receive another email with the new password.
         if not self.searchPermission():
             self.error_message.append(
                 _('You do not have permission to search %s' %self.classname))
+            return
 
         # add a faked :filter form variable for each filtering prop
         props = self.db.classes[self.classname].getprops()