diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index c19849413aff73dc169ead6b0e6ba347f8996267..36dfee3707f96a02c0c12c0cd49c70f66c8f718c 100755 (executable)
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
if not self.hasPermission('Create', classname=classname):
return 0
- # Check Edit permission for each property, to avoid being able
+ # Check Create permission for each property, to avoid being able
# to set restricted ones on new item creation
for key in props:
- if not self.hasPermission('Edit', classname=classname,
+ if not self.hasPermission('Create', classname=classname,
property=key):
- # We restrict by default and special-case allowed properties
- if key == 'date' or key == 'content':
- continue
- elif key == 'author' and props[key] == self.userid:
- continue
return 0
return 1