From: gmcm Date: Tue, 30 Jul 2002 20:43:18 +0000 (+0000) Subject: Oops, fix the permission check! X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=851050a8f85d6d5a2a9ea00e94832d5341e559f2;p=roundup.git Oops, fix the permission check! git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@936 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py index c7a41dc..a46fe16 100644 --- a/roundup/cgi_client.py +++ b/roundup/cgi_client.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: cgi_client.py,v 1.149 2002-07-30 20:04:38 gmcm Exp $ +# $Id: cgi_client.py,v 1.150 2002-07-30 20:43:18 gmcm Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -710,7 +710,7 @@ function help_window(helpurl, width, height) { if keys and not self.form.has_key('__login_name'): try: userid = self.db.user.lookup(self.user) - if not self.db.security.hasPermission('Edit', userid): + if not self.db.security.hasPermission('Edit', userid, cn): message = _('You do not have permission to edit %s' %cn) else: props = parsePropsFromForm(self.db, cl, self.form, self.nodeid) @@ -1695,6 +1695,10 @@ def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')): # # $Log: not supported by cvs2svn $ +# Revision 1.149 2002/07/30 20:04:38 gmcm +# Adapt metakit backend to new security scheme. +# Put some more permission checks in cgi_client. +# # Revision 1.148 2002/07/30 16:09:11 gmcm # Simple optimization. #