From 28223159e78ab895b29c3eff7f23eb5f5f04eb50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 26 Oct 2016 10:53:47 +0200
Subject: [PATCH] Allow admin users to do everything.

This makes things more consistent (previously admins could create projects,
but not nodes in those projects).
---
 pillar/api/projects/hooks.py      | 10 ----------
 pillar/api/utils/authorization.py |  4 ++++
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/pillar/api/projects/hooks.py b/pillar/api/projects/hooks.py
index 0c0b028d..6f2be5b5 100644
--- a/pillar/api/projects/hooks.py
+++ b/pillar/api/projects/hooks.py
@@ -57,22 +57,12 @@ def before_inserting_override_is_private_field(projects):
 
 
 def before_edit_check_permissions(document, original):
-    # Allow admin users to do whatever they want.
-    # TODO: possibly move this into the check_permissions function.
-    if user_has_role(u'admin'):
-        return
-
     check_permissions('projects', original, request.method)
 
 
 def before_delete_project(document):
     """Checks permissions before we allow deletion"""
 
-    # Allow admin users to do whatever they want.
-    # TODO: possibly move this into the check_permissions function.
-    if user_has_role(u'admin'):
-        return
-
     check_permissions('projects', document, request.method)
 
 
diff --git a/pillar/api/utils/authorization.py b/pillar/api/utils/authorization.py
index 4b5a21ff..541a7838 100644
--- a/pillar/api/utils/authorization.py
+++ b/pillar/api/utils/authorization.py
@@ -28,6 +28,10 @@ def check_permissions(collection_name, resource, method, append_allowed_methods=
     :type check_node_type: str
     """
 
+    # Admins can do anything.
+    if user_has_role(u'admin'):
+        return
+
     if not has_permissions(collection_name, resource, method, append_allowed_methods,
                            check_node_type):
         abort(403)