--- a/roundup/cgi_client.py	Tue Jul 30 20:43:18 2002 +0000
+++ b/roundup/cgi_client.py	Tue Jul 30 21:37:43 2002 +0000
@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: cgi_client.py,v 1.150 2002-07-30 20:43:18 gmcm Exp $
+# $Id: cgi_client.py,v 1.151 2002-07-30 21:37:43 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -1182,8 +1182,9 @@
         ''' display a list of all the classes in the database
         '''
         userid = self.db.user.lookup(self.user)
-        raise Unauthorised, _("You do not have permission to access"\
-                    " %(action)s.")%{'action': 'all classes'}
+        if not self.db.security.hasPermission('Edit', userid):
+            raise Unauthorised, _("You do not have permission to access"\
+                        " %(action)s.")%{'action': 'all classes'}
 
         self.pagehead(_('Table of classes'), message)
         classnames = self.db.classes.keys()
@@ -1695,6 +1696,9 @@
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.150  2002/07/30 20:43:18  gmcm
+# Oops, fix the permission check!
+#
 # Revision 1.149  2002/07/30 20:04:38  gmcm
 # Adapt metakit backend to new security scheme.
 # Put some more permission checks in cgi_client.