From 851050a8f85d6d5a2a9ea00e94832d5341e559f2 Mon Sep 17 00:00:00 2001
From: gmcm <gmcm@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Tue, 30 Jul 2002 20:43:18 +0000
Subject: [PATCH] Oops, fix the permission check!

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@936 57a73879-2fb5-44c3-a270-3262357dd7e2
---
 roundup/cgi_client.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py
index c7a41dc..a46fe16 100644
--- a/roundup/cgi_client.py
+++ b/roundup/cgi_client.py
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: cgi_client.py,v 1.149 2002-07-30 20:04:38 gmcm Exp $
+# $Id: cgi_client.py,v 1.150 2002-07-30 20:43:18 gmcm Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -710,7 +710,7 @@ function help_window(helpurl, width, height) {
         if keys and not self.form.has_key('__login_name'):
             try:
                 userid = self.db.user.lookup(self.user)
-                if not self.db.security.hasPermission('Edit', userid):
+                if not self.db.security.hasPermission('Edit', userid, cn):
                     message = _('You do not have permission to edit %s' %cn)
                 else:
                     props = parsePropsFromForm(self.db, cl, self.form, self.nodeid)
@@ -1695,6 +1695,10 @@ def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')):
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.149  2002/07/30 20:04:38  gmcm
+# Adapt metakit backend to new security scheme.
+# Put some more permission checks in cgi_client.
+#
 # Revision 1.148  2002/07/30 16:09:11  gmcm
 # Simple optimization.
 #
-- 
2.30.2