Skip to content

Commit 81a2af8

Browse files
author
Richard Jones
committed
merge from HEAD
1 parent e5b3f23 commit 81a2af8

File tree

2 files changed

+7
-8
lines changed

2 files changed

+7
-8
lines changed

CHANGES.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ Fixed:
6464
Fixed:
6565
- index args URL generation broken in .10 (sf bug 1096027)
6666
- handle NotModified for non-static files (sf patch 1095790)
67+
- fix permission lookup in query editing
6768

6869

6970
2004-10-04 0.7.10

roundup/cgi/actions.py

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
#$Id: actions.py,v 1.40.2.1 2004-12-15 00:03:36 richard Exp $
1+
#$Id: actions.py,v 1.40.2.2 2005-01-05 22:13:28 richard Exp $
22

33
import re, cgi, StringIO, urllib, Cookie, time, random
44

@@ -158,14 +158,13 @@ def handle(self):
158158
# edit the old way, only one query per name
159159
try:
160160
qid = self.db.query.lookup(queryname)
161-
if not self.hasPermission('Edit', self.classname,
162-
itemid=qid):
161+
if not self.hasPermission('Edit', 'query', itemid=qid):
163162
raise exceptions.Unauthorised, self._(
164163
"You do not have permission to edit queries")
165164
self.db.query.set(qid, klass=self.classname, url=url)
166165
except KeyError:
167166
# create a query
168-
if not self.hasPermission('Create', self.classname):
167+
if not self.hasPermission('Create', 'query'):
169168
raise exceptions.Unauthorised, self._(
170169
"You do not have permission to store queries")
171170
qid = self.db.query.create(name=queryname,
@@ -187,14 +186,13 @@ def handle(self):
187186
for qid in qids:
188187
if queryname != self.db.query.get(qid, 'name'):
189188
continue
190-
if not self.hasPermission('Edit', self.classname,
191-
itemid=qid):
189+
if not self.hasPermission('Edit', 'query', itemid=qid):
192190
raise exceptions.Unauthorised, self._(
193191
"You do not have permission to edit queries")
194192
self.db.query.set(qid, klass=self.classname, url=url)
195193
else:
196194
# create a query
197-
if not self.hasPermission('Create', self.classname):
195+
if not self.hasPermission('Create', 'query'):
198196
raise exceptions.Unauthorised, self._(
199197
"You do not have permission to store queries")
200198
qid = self.db.query.create(name=queryname,
@@ -492,7 +490,7 @@ def newItemPermission(self, props):
492490
Base behaviour is to check the user can edit this class. No additional
493491
property checks are made.
494492
"""
495-
return self.hasPermission('Create', self.classname)
493+
return self.hasPermission('Create')
496494

497495
class EditItemAction(EditCommon):
498496
def lastUserActivity(self):

0 commit comments

Comments
 (0)