incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject git commit: [#6712] Don't balloon ProjectRoles when checking for blocked users
Date Thu, 26 Sep 2013 19:03:44 GMT
Updated Branches:
  refs/heads/cj/6712 [created] 9012935a3


[#6712] Don't balloon ProjectRoles when checking for blocked users

Signed-off-by: Cory Johns <cjohns@slashdotmedia.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/9012935a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/9012935a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/9012935a

Branch: refs/heads/cj/6712
Commit: 9012935a33b62cddcf8a75ce4a651118b128afda
Parents: 46fffb6
Author: Cory Johns <cjohns@slashdotmedia.com>
Authored: Thu Sep 26 19:03:30 2013 +0000
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Thu Sep 26 19:03:30 2013 +0000

----------------------------------------------------------------------
 Allura/allura/lib/security.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/9012935a/Allura/allura/lib/security.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index a211ae2..4e917b6 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py
@@ -299,10 +299,11 @@ def has_access(obj, permission, user=None, project=None):
                     project = project.root_project
             roles = cred.user_roles(user_id=user._id, project_id=project._id).reaching_ids
         if user != M.User.anonymous():
-            user_role = user.project_role(project=project)
-            deny_user = M.ACE.deny(user_role._id, permission)
-            if M.ACL.contains(deny_user, obj.acl):
-                return False
+            user_role = M.ProjectRole.by_user(user, project)
+            if user_role:
+                deny_user = M.ACE.deny(user_role._id, permission)
+                if M.ACL.contains(deny_user, obj.acl):
+                    return False
         chainable_roles = []
         for rid in roles:
             for ace in obj.acl:


Mime
View raw message