From 222b2e95e2cc168d930e1150f0945e2483d2a328 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Fri, 15 Apr 2016 14:28:44 +0200
Subject: [PATCH] Simplified effective permission computation.

---
 pillar/application/utils/authorization.py | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/pillar/application/utils/authorization.py b/pillar/application/utils/authorization.py
index 4af60d76..f160374c 100644
--- a/pillar/application/utils/authorization.py
+++ b/pillar/application/utils/authorization.py
@@ -24,7 +24,7 @@ def check_permissions(resource, method, append_allowed_methods=False):
         # matching permission originally set at node_type level)
         resource_permissions = resource['permissions']
     else:
-        resource_permissions = None
+        resource_permissions = {}
     if 'node_type' in resource:
         if type(resource['node_type']) is dict:
             # If the node_type is embedded in the document, extract permissions
@@ -47,14 +47,10 @@ def check_permissions(resource, method, append_allowed_methods=False):
                  and item['name'] == resource['node_type']), None)
             computed_permissions = node_type['permissions']
     else:
-        computed_permissions = None
+        computed_permissions = {}
 
     # Override computed_permissions if override is provided
-    if resource_permissions and computed_permissions:
-        for k, v in resource_permissions.iteritems():
-            computed_permissions[k] = v
-    elif resource_permissions and not computed_permissions:
-        computed_permissions = resource_permissions
+    computed_permissions.update(resource_permissions)
 
     if not computed_permissions:
         log.info('No permissions available to compute for %s on resource %r',