Mercurial > p > roundup > code

diff roundup/cgi/client.py @ 1936:e84e5bb90ccc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 'return' after failed permission checks in search/editCSV actions.
author Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
date Fri, 21 Nov 2003 21:59:05 +0000
parents 0798ce090450
children 4c850112895b
line wrap: on
line diff
--- a/roundup/cgi/client.py	Fri Nov 21 21:41:19 2003 +0000
+++ b/roundup/cgi/client.py	Fri Nov 21 21:59:05 2003 +0000
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.146 2003-11-13 05:56:48 richard Exp $
+# $Id: client.py,v 1.147 2003-11-21 21:59:05 jlgijsbers Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -1125,7 +1125,8 @@
         # this is per-class only
         if not self.editCSVPermission():
             self.error_message.append(
-                _('You do not have permission to edit %s' %self.classname))
+                 _('You do not have permission to edit %s' %self.classname))
+            return
 
         # get the CSV module
         if rcsv.error:
@@ -1237,6 +1238,7 @@
         if not self.searchPermission():
             self.error_message.append(
                 _('You do not have permission to search %s' %self.classname))
+            return
 
         # add a faked :filter form variable for each filtering prop
         props = self.db.classes[self.classname].getprops()
Roundup Issue Tracker: http://roundup-tracker.org/