Commit ee798f9

committed

When role is UNKNOWN, don't invoke has_role, so don't need to be dependent on rbac in this case

1 parent 2c84647 commit ee798f9Copy full SHA for ee798f9

File tree

1 file changed

+18

-3

lines changed

uliweb_apijson/apijson
- views.py

1 file changed

+18

-3

lines changed

`‎uliweb_apijson/apijson/views.py‎`

Lines changed: 18 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,9 @@ def _get_one(self,key):`
`69`	`69`	`params_role = "UNKNOWN"`
`70`	`70`	`if params_role not in roles:`
`71`	`71`	`return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`72`		`- if functions.has_role(request.user,params_role):`
	`72`	`+ if params_role == "UNKNOWN":`
	`73`	`+ permission_check_ok = True`
	`74`	`+ elif functions.has_role(request.user,params_role):`
`73`	`75`	`permission_check_ok = True`
`74`	`76`	`else:`
`75`	`77`	`return json({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})`
`@@ -178,7 +180,9 @@ def _get_array(self,key):`
`178`	`180`	`params_role = "UNKNOWN"`
`179`	`181`	`if params_role not in roles:`
`180`	`182`	`return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`181`		`- if functions.has_role(request.user,params_role):`
	`183`	`+ if params_role == "UNKNOWN":`
	`184`	`+ permission_check_ok = True`
	`185`	`+ elif functions.has_role(request.user,params_role):`
`182`	`186`	`permission_check_ok = True`
`183`	`187`	`else:`
`184`	`188`	`return json({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})`
`@@ -273,7 +277,9 @@ def _head(self,key):`
`273`	`277`	`params_role = "UNKNOWN"`
`274`	`278`	`if params_role not in roles:`
`275`	`279`	`return json({"code":400,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)})`
`276`		`- if functions.has_role(request.user,params_role):`
	`280`	`+ if params_role == "UNKNOWN":`
	`281`	`+ permission_check_ok = True`
	`282`	`+ elif functions.has_role(request.user,params_role):`
`277`	`283`	`permission_check_ok = True`
`278`	`284`	`else:`
`279`	`285`	`return json({"code":400,"msg":"user doesn't have role '%s'"%(params_role)})`
`@@ -358,6 +364,9 @@ def _post_one(self,key,tag):`
`358`	`364`	`#need OWNER, but don't know how to set user id`
`359`	`365`	`return json({"code":400,"msg":"no permission"})`
`360`	`366`	`break`
	`367`	`+ elif role == "UNKNOWN":`
	`368`	`+ permission_check_ok = True`
	`369`	`+ break`
`361`	`370`	`else:`
`362`	`371`	`if functions.has_role(request.user,role):`
`363`	`372`	`permission_check_ok = True`
`@@ -466,6 +475,9 @@ def _put_one(self,key,tag):`
`466`	`475`	`break`
`467`	`476`	`else:`
`468`	`477`	`return json({"code":400,"msg":"need login user"})`
	`478`	`+ elif role == "UNKNOWN":`
	`479`	`+ permission_check_ok = True`
	`480`	`+ break`
`469`	`481`	`else:`
`470`	`482`	`if functions.has_role(request.user,role):`
`471`	`483`	`permission_check_ok = True`
`@@ -564,6 +576,9 @@ def _delete_one(self,key,tag):`
`564`	`576`	`break`
`565`	`577`	`else:`
`566`	`578`	`return json({"code":400,"msg":"need login user"})`
	`579`	`+ elif role == "UNKNOWN":`
	`580`	`+ permission_check_ok = True`
	`581`	`+ break`
`567`	`582`	`else:`
`568`	`583`	`if functions.has_role(request.user,role):`
`569`	`584`	`permission_check_ok = True`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ee798f9

File tree

1 file changed

1 file changed

`‎uliweb_apijson/apijson/views.py‎`

0 commit comments