Allow admin users to do everything.

This makes things more consistent (previously admins could create projects, but not nodes in those projects).
2016-10-26 10:53:47 +02:00 · 2016-10-26 10:53:47 +02:00 · 28223159e7
commit 28223159e7
parent a38e053c1a
2 changed files with 4 additions and 10 deletions
--- a/pillar/api/projects/hooks.py
+++ b/pillar/api/projects/hooks.py
@ -57,22 +57,12 @@ def before_inserting_override_is_private_field(projects):


 def before_edit_check_permissions(document, original):
-    # Allow admin users to do whatever they want.
-    # TODO: possibly move this into the check_permissions function.
-    if user_has_role(u'admin'):
-        return
-
    check_permissions('projects', original, request.method)


 def before_delete_project(document):
    """Checks permissions before we allow deletion"""

-    # Allow admin users to do whatever they want.
-    # TODO: possibly move this into the check_permissions function.
-    if user_has_role(u'admin'):
-        return
-
    check_permissions('projects', document, request.method)


--- a/pillar/api/utils/authorization.py
+++ b/pillar/api/utils/authorization.py
@ -28,6 +28,10 @@ def check_permissions(collection_name, resource, method, append_allowed_methods=
    :type check_node_type: str
    """

+    # Admins can do anything.
+    if user_has_role(u'admin'):
+        return
+
    if not has_permissions(collection_name, resource, method, append_allowed_methods,
                           check_node_type):
        abort(403)