Projet

Général

Profil

0001-api-admin-can-access-all-formdatas-9005.patch

Benjamin Dauvergne, 17 novembre 2015 11:35

Télécharger (1,18 ko)

Voir les différences: 

Subject: [PATCH] api: admin can access all formdatas (#9005)


 wcs/api.py | 4 ++++
 1 file changed, 4 insertions(+)
wcs/api.py
149 149 
            if get_request().user and get_request().user.is_admin:
150 150 
                return # grant access to admins, to ease debug
151 151 
            raise AccessForbiddenError()
152 
        if api_user.is_admin:
153 
            return
152 154 
        if not self.formdef.is_user_allowed_read_status_and_history(api_user, self.filled):
153 155 
            raise AccessForbiddenError()
154 156 

  		




  ......




  171
  173
  
    
            if get_request().user and get_request().user.is_admin:

  		




  172
  174
  
    
                return # grant access to admins, to ease debug

  		




  173
  175
  
    
            raise AccessForbiddenError()

  		




  
  176
  
    
        if api_user.is_admin:

  		




  
  177
  
    
            return

  		




  174
  178
  
    
        if not self.formdef.is_of_concern_for_user(api_user):

  		




  175
  179
  
    
            raise AccessForbiddenError()

  		




  176
  180
  
    

  		




  177
  
  
    
-