Mercurial > p > roundup > code
changeset 6088:00a24243887c
Remove redundant permission check
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Wed, 12 Feb 2020 16:00:59 +0100 |
| parents | c172bd18fa94 |
| children | 15d1ce536c73 |
| files | roundup/rest.py |
| diffstat | 1 files changed, 5 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/roundup/rest.py Wed Feb 12 12:35:33 2020 +0100 +++ b/roundup/rest.py Wed Feb 12 16:00:59 2020 +0100 @@ -697,7 +697,7 @@ ): sort.append((ss, pn)) else : - raise (Unauthorised ( + raise (Unauthorised( 'User does not have search permission on "%s.%s"' % (class_name, pn))) elif key.startswith("@"): @@ -725,7 +725,7 @@ if not self.db.security.hasSearchPermission( uid, class_name, key ): - raise (Unauthorised ( + raise (Unauthorised( 'User does not have search permission on "%s.%s"' % (class_name, key))) @@ -793,12 +793,9 @@ ): r = {'id': item_id, 'link': class_path + item_id} if display_props: - for p in display_props: - if self.db.security.hasPermission( - 'View', uid, class_name, itemid=item_id, property=p - ): - r.update(self.format_item(class_obj.getnode(item_id), - item_id, props=display_props, verbose=verbose)) + # format_item does the permission checks + r.update(self.format_item(class_obj.getnode(item_id), + item_id, props=display_props, verbose=verbose)) if r: result['collection'].append(r)