Mercurial > p > roundup > code
changeset 8131:8e9181dfc9fa permission-performance
Fix searchable checks in roundup/security.py
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Tue, 22 Oct 2024 15:03:36 +0200 |
| parents | 9056b0c8fcd6 |
| children | 603aa730b067 |
| files | roundup/security.py |
| diffstat | 1 files changed, 18 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/roundup/security.py Tue Oct 22 12:57:32 2024 +0200 +++ b/roundup/security.py Tue Oct 22 15:03:36 2024 +0200 @@ -155,13 +155,18 @@ if self.klass is not None and self.klass != classname: return 0 + # Do not allow access if we have a check method + if self.check: + return 0 + + # Allow if we have access to *all* properties + if self.properties is None: + return 1 + # what about property? if not self._properties_dict[property]: return 0 - if self.check: - return 0 - return 1 def __repr__(self): @@ -276,11 +281,17 @@ # Only permissions without a check method if perm not in self._permissions: continue - if classname not in self._permissions[perm]: + p = self._permissions[perm] + if classname not in p and None not in p: continue - for p in self._permissions[perm][classname][False]: - if p.searchable(classname, propname): - return True + if None in p: + for p in p[None][False]: + if p.searchable(classname, propname): + return True + if classname in p: + for p in p[classname][False]: + if p.searchable(classname, propname): + return True class Security: