0003-api-move-check_access-out-of-ApiFormPage.__init__-91.patch
wcs/api.py | ||
---|---|---|
163 | 163 |
self.formdef = FormDef.get_by_urlname(component) |
164 | 164 |
except KeyError: |
165 | 165 |
raise TraversalError() |
166 |
# check access for all paths, to block access to formdata that would |
|
167 |
# otherwise be accessible if the user is the submitter. |
|
168 |
self.check_access() |
|
169 | 166 | |
170 | 167 |
def check_access(self): |
171 | 168 |
api_user = get_user_from_api_query_string() |
... | ... | |
177 | 174 |
raise AccessForbiddenError('unsufficient roles') |
178 | 175 | |
179 | 176 |
def _q_lookup(self, component): |
177 |
# check access for all paths, to block access to formdata that would |
|
178 |
# otherwise be accessible if the user is the submitter. |
|
179 |
self.check_access() |
|
180 | 180 |
try: |
181 | 181 |
formdata = self.formdef.data_class().get(component) |
182 | 182 |
except KeyError: |
183 |
- |