diff --git a/roundup/xmlrpc.py b/roundup/xmlrpc.py
index 9dda5f8aae55899b2f717baa7d8c0af6e704cff0..0b85ab9d07e59347ee772105f8050f689d3227ef 100644 (file)
--- a/roundup/xmlrpc.py
+++ b/roundup/xmlrpc.py
x = [id for id in result if check('View', uid, classname, itemid=id)]
return x
+ def lookup(self, classname, key):
+ cl = self.db.getclass(classname)
+ uid = self.db.getuid()
+ prop = cl.getkey()
+ check = self.db.security.hasSearchPermission
+ if not check(uid, classname, 'id') or not check(uid, classname, prop):
+ raise Unauthorised('Permission to search %s denied'%classname)
+ return cl.lookup(key)
+
def display(self, designator, *properties):
classname, itemid = hyperdb.splitDesignator(designator)
cl = self.db.getclass(classname)