Projet

Général

Profil

0003-api-move-check_access-out-of-ApiFormPage.__init__-91.patch

Benjamin Dauvergne, 06 décembre 2015 15:23

Télécharger (1,41 ko)

Voir les différences: 

Subject: [PATCH 3/4] api: move check_access() out of ApiFormPage.__init__
 (#9146)

check_access() is alrady called on entry to FormPage.json() so to cover
the same paths as before we just need to add it to _q_lookup.

 wcs/api.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
wcs/api.py
163 163 
            self.formdef = FormDef.get_by_urlname(component)
164 164 
        except KeyError:
165 165 
            raise TraversalError()
166 
        # check access for all paths, to block access to formdata that would
167 
        # otherwise be accessible if the user is the submitter.
168 
        self.check_access()
169 166 

  		




  170
  167
  
    
    def check_access(self):

  		




  171
  168
  
    
        api_user = get_user_from_api_query_string()

  		




  ......




  177
  174
  
    
            raise AccessForbiddenError('unsufficient roles')

  		




  178
  175
  
    

  		




  179
  176
  
    
    def _q_lookup(self, component):

  		




  
  177
  
    
        # check access for all paths, to block access to formdata that would

  		




  
  178
  
    
        # otherwise be accessible if the user is the submitter.

  		




  
  179
  
    
        self.check_access()

  		




  180
  180
  
    
        try:

  		




  181
  181
  
    
            formdata = self.formdef.data_class().get(component)

  		




  182
  182
  
    
        except KeyError:

  		




  183
  
  
    
-