Mercurial > p > roundup > code
diff roundup/cgi/actions.py @ 3014:fa49f3fe6afa maint-0.7
merge from HEAD
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 15 Dec 2004 00:07:58 +0000 |
| parents | 3e55ba70f0b7 |
| children | a64ca23531d1 |
line wrap: on
line diff
--- a/roundup/cgi/actions.py Tue Dec 14 22:59:53 2004 +0000 +++ b/roundup/cgi/actions.py Wed Dec 15 00:07:58 2004 +0000 @@ -1,4 +1,4 @@ -#$Id: actions.py,v 1.27.2.7 2004-12-07 23:31:00 richard Exp $ +#$Id: actions.py,v 1.27.2.8 2004-12-15 00:07:58 richard Exp $ import re, cgi, StringIO, urllib, Cookie, time, random @@ -127,6 +127,8 @@ # handle saving the query params if queryname: + if not self.hasPermission('Edit', 'query'): + raise Unauthorised, _("You do not have permission to edit queries") # parse the environment and figure what the query _is_ req = templating.HTMLRequest(self.client)