Mercurial Mercurial > comt / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix security pb (too restrictive): logged users should inherit anon roles (if no text role is defined)
authorraph
Thu, 11 Mar 2010 15:37:38 +0100
changeset 210 e4715ab65e2d
parent 209 912b4331a1ee
child 211 b20e65234803
fix security pb (too restrictive): logged users should inherit anon roles (if no text role is defined)
src/cm/security.py file | annotate | diff | comparison | revisions 
--- a/src/cm/security.py	Thu Mar 11 09:58:09 2010 +0100
+++ b/src/cm/security.py	Thu Mar 11 15:37:38 2010 +0100
@@ -53,7 +53,11 @@
         if UserRole.objects.filter(Q(user=user),Q(text=text),~Q(role=None)): # if non void local role
             return UserRole.objects.filter(user=user).filter(text=text).filter(Q(role__permissions__codename__exact=perm_name)).count() != 0
         else:
-            return UserRole.objects.filter(user=user).filter(text=None).filter(Q(role__permissions__codename__exact=perm_name)).count() != 0            
+            # local role for anon users
+            # OR global role for anon users
+            # OR global role for this user
+            return UserRole.objects.filter(Q(user=user) | Q(user=None)).filter(Q(text=None) | Q(text=text)).filter(Q(role__permissions__codename__exact=perm_name)).count() != 0            
+            #return UserRole.objects.filter(user=user).filter(text=None).filter(Q(role__permissions__codename__exact=perm_name)).count() != 0
         
 def has_own_perm(request, perm_name, text, comment):
comt