Allow admin users to do everything.

This makes things more consistent (previously admins could create projects,
but not nodes in those projects).

pillar/api/projects/hooks.py

@@ -57,22 +57,12 @@ def before_inserting_override_is_private_field(projects):
 
 
 def before_edit_check_permissions(document, original):
-    # Allow admin users to do whatever they want.
-    # TODO: possibly move this into the check_permissions function.
-    if user_has_role(u'admin'):
-        return
-
     check_permissions('projects', original, request.method)
 
 
 def before_delete_project(document):
     """Checks permissions before we allow deletion"""
 
-    # Allow admin users to do whatever they want.
-    # TODO: possibly move this into the check_permissions function.
-    if user_has_role(u'admin'):
-        return
-
     check_permissions('projects', document, request.method)
 
 

pillar/api/utils/authorization.py

@@ -28,6 +28,10 @@ def check_permissions(collection_name, resource, method, append_allowed_methods=
     :type check_node_type: str
     """
 
+    # Admins can do anything.
+    if user_has_role(u'admin'):
+        return
+
     if not has_permissions(collection_name, resource, method, append_allowed_methods,
                            check_node_type):
         abort(403)