Mercurial > p > roundup > code

diff roundup/mailgw.py @ 3583:338f204ea2a5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix security check in mailgw [SF#1442145]
author Richard Jones <richard@users.sourceforge.net>
date Fri, 03 Mar 2006 00:13:20 +0000
parents 7f1e2d650486
children 1113e1456093
line wrap: on
line diff
--- a/roundup/mailgw.py	Fri Mar 03 00:11:31 2006 +0000
+++ b/roundup/mailgw.py	Fri Mar 03 00:13:20 2006 +0000
@@ -72,7 +72,7 @@
 an exception, the original message is bounced back to the sender with the
 explanatory message given in the exception.
 
-$Id: mailgw.py,v 1.173 2006-03-02 23:45:22 richard Exp $
+$Id: mailgw.py,v 1.174 2006-03-03 00:13:20 richard Exp $
 """
 __docformat__ = 'restructuredtext'
 
@@ -851,7 +851,8 @@
 
         # make sure they're allowed to edit or create this class of information
         if nodeid:
-            if not self.db.security.hasPermission('Edit', author, classname):
+            if not self.db.security.hasPermission('Edit', author, classname,
+                    itemid=nodeid):
                 raise Unauthorized, 'You are not permitted to '\
                     'edit %s.'%classname
         else:
Roundup Issue Tracker: http://roundup-tracker.org/