0001-api-admin-can-access-all-formdatas-9005.patch
wcs/api.py | ||
---|---|---|
149 | 149 |
if get_request().user and get_request().user.is_admin: |
150 | 150 |
return # grant access to admins, to ease debug |
151 | 151 |
raise AccessForbiddenError() |
152 |
if api_user.is_admin: |
|
153 |
return |
|
152 | 154 |
if not self.formdef.is_user_allowed_read_status_and_history(api_user, self.filled): |
153 | 155 |
raise AccessForbiddenError() |
154 | 156 | |
... | ... | |
171 | 173 |
if get_request().user and get_request().user.is_admin: |
172 | 174 |
return # grant access to admins, to ease debug |
173 | 175 |
raise AccessForbiddenError() |
176 |
if api_user.is_admin: |
|
177 |
return |
|
174 | 178 |
if not self.formdef.is_of_concern_for_user(api_user): |
175 | 179 |
raise AccessForbiddenError() |
176 | 180 | |
177 |
- |