Mercurial > p > roundup > code
comparison roundup/rest.py @ 6088:00a24243887c
Remove redundant permission check
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Wed, 12 Feb 2020 16:00:59 +0100 |
| parents | c172bd18fa94 |
| children | e097ff5064b8 |
comparison
equal
deleted
inserted
replaced
| 6086:c172bd18fa94 | 6088:00a24243887c |
|---|---|
| 695 if self.db.security.hasSearchPermission( | 695 if self.db.security.hasSearchPermission( |
| 696 uid, class_name, pn | 696 uid, class_name, pn |
| 697 ): | 697 ): |
| 698 sort.append((ss, pn)) | 698 sort.append((ss, pn)) |
| 699 else : | 699 else : |
| 700 raise (Unauthorised ( | 700 raise (Unauthorised( |
| 701 'User does not have search permission on "%s.%s"' | 701 'User does not have search permission on "%s.%s"' |
| 702 % (class_name, pn))) | 702 % (class_name, pn))) |
| 703 elif key.startswith("@"): | 703 elif key.startswith("@"): |
| 704 # ignore any unsupported/previously handled control key | 704 # ignore any unsupported/previously handled control key |
| 705 # like @apiver | 705 # like @apiver |
| 723 # Note that hasSearchPermission already returns 0 for | 723 # Note that hasSearchPermission already returns 0 for |
| 724 # non-existing properties. | 724 # non-existing properties. |
| 725 if not self.db.security.hasSearchPermission( | 725 if not self.db.security.hasSearchPermission( |
| 726 uid, class_name, key | 726 uid, class_name, key |
| 727 ): | 727 ): |
| 728 raise (Unauthorised ( | 728 raise (Unauthorised( |
| 729 'User does not have search permission on "%s.%s"' | 729 'User does not have search permission on "%s.%s"' |
| 730 % (class_name, key))) | 730 % (class_name, key))) |
| 731 | 731 |
| 732 linkcls = class_obj | 732 linkcls = class_obj |
| 733 for p in key.split('.'): | 733 for p in key.split('.'): |
| 791 if self.db.security.hasPermission( | 791 if self.db.security.hasPermission( |
| 792 'View', uid, class_name, itemid=item_id, property='id' | 792 'View', uid, class_name, itemid=item_id, property='id' |
| 793 ): | 793 ): |
| 794 r = {'id': item_id, 'link': class_path + item_id} | 794 r = {'id': item_id, 'link': class_path + item_id} |
| 795 if display_props: | 795 if display_props: |
| 796 for p in display_props: | 796 # format_item does the permission checks |
| 797 if self.db.security.hasPermission( | 797 r.update(self.format_item(class_obj.getnode(item_id), |
| 798 'View', uid, class_name, itemid=item_id, property=p | 798 item_id, props=display_props, verbose=verbose)) |
| 799 ): | |
| 800 r.update(self.format_item(class_obj.getnode(item_id), | |
| 801 item_id, props=display_props, verbose=verbose)) | |
| 802 if r: | 799 if r: |
| 803 result['collection'].append(r) | 800 result['collection'].append(r) |
| 804 | 801 |
| 805 result_len = len(result['collection']) | 802 result_len = len(result['collection']) |
| 806 | 803 |