Mercurial > p > roundup > code
comparison roundup/security.py @ 8294:302c797756e6
fix: issue2550962. remove assert in Role::hasPermission
issue2550962 - Check uses of assert in roundup code.
An assert was used to make sure that a classname always accompoanied
an itemid in hasPermission. The Security::hasPErmission has an if
clause that does the same check and raises a ValueError.
Remove asserts because they ae removed when running python in
optimized mode.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 19 Jan 2025 19:29:17 -0500 |
| parents | e9af08743759 |
| children | 43899d99fc4d |
comparison
equal
deleted
inserted
replaced
| 8293:5d1f833801f9 | 8294:302c797756e6 |
|---|---|
| 265 continue | 265 continue |
| 266 yield p | 266 yield p |
| 267 | 267 |
| 268 def hasPermission (self, db, perm, uid, classname, property, itemid, chk): | 268 def hasPermission (self, db, perm, uid, classname, property, itemid, chk): |
| 269 # if itemid is given a classname must, too, checked in caller | 269 # if itemid is given a classname must, too, checked in caller |
| 270 assert not itemid or classname | 270 if itemid and classname is None: |
| 271 raise ValueError('classname must accompany itemid') | |
| 272 | |
| 271 perms = self._permissions | 273 perms = self._permissions |
| 272 if perm not in perms: | 274 if perm not in perms: |
| 273 return False | 275 return False |
| 274 # If we have a classname we also need to check permission with | 276 # If we have a classname we also need to check permission with |
| 275 # an empty classname (e.g. 'admin' has access on everything) | 277 # an empty classname (e.g. 'admin' has access on everything) |