Mercurial > p > roundup > code

diff roundup/cgi/actions.py @ 3073:7fefb1e29ed0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix permission lookup in query editing
author Richard Jones <richard@users.sourceforge.net>
date Wed, 05 Jan 2005 22:10:28 +0000
parents 6dbe3798a4c4
children 7308c3c5a943
line wrap: on
line diff
--- a/roundup/cgi/actions.py	Wed Jan 05 22:00:39 2005 +0000
+++ b/roundup/cgi/actions.py	Wed Jan 05 22:10:28 2005 +0000
@@ -1,4 +1,4 @@
-#$Id: actions.py,v 1.41 2004-12-15 00:00:52 richard Exp $
+#$Id: actions.py,v 1.42 2005-01-05 22:10:28 richard Exp $
 
 import re, cgi, StringIO, urllib, Cookie, time, random
 
@@ -158,14 +158,13 @@
                 # edit the old way, only one query per name
                 try:
                     qid = self.db.query.lookup(queryname)
-                    if not self.hasPermission('Edit', self.classname,
-                            itemid=qid):
+                    if not self.hasPermission('Edit', 'query', itemid=qid):
                         raise exceptions.Unauthorised, self._(
                             "You do not have permission to edit queries")
                     self.db.query.set(qid, klass=self.classname, url=url)
                 except KeyError:
                     # create a query
-                    if not self.hasPermission('Create', self.classname):
+                    if not self.hasPermission('Create', 'query'):
                         raise exceptions.Unauthorised, self._(
                             "You do not have permission to store queries")
                     qid = self.db.query.create(name=queryname,
@@ -187,14 +186,13 @@
                     for qid in qids:
                         if queryname != self.db.query.get(qid, 'name'):
                             continue
-                        if not self.hasPermission('Edit', self.classname,
-                                itemid=qid):
+                        if not self.hasPermission('Edit', 'query', itemid=qid):
                             raise exceptions.Unauthorised, self._(
                             "You do not have permission to edit queries")
                         self.db.query.set(qid, klass=self.classname, url=url)
                 else:
                     # create a query
-                    if not self.hasPermission('Create', self.classname):
+                    if not self.hasPermission('Create', 'query'):
                         raise exceptions.Unauthorised, self._(
                             "You do not have permission to store queries")
                     qid = self.db.query.create(name=queryname,
@@ -492,7 +490,7 @@
         Base behaviour is to check the user can edit this class. No additional
         property checks are made.
         """
-        return self.hasPermission('Create', self.classname)
+        return self.hasPermission('Create')
 
 class EditItemAction(EditCommon):
     def lastUserActivity(self):
Roundup Issue Tracker: http://roundup-tracker.org/