From 540dd288610119946512efbe32fbbb0f3cd334ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Tue, 27 Mar 2018 17:42:12 +0200
Subject: [PATCH] Short-circuit check_permissions() when logged in as CLI user

The CLI user should just be able to do anything.
---
 pillar/api/utils/authorization.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pillar/api/utils/authorization.py b/pillar/api/utils/authorization.py
index 569020e1..05307658 100644
--- a/pillar/api/utils/authorization.py
+++ b/pillar/api/utils/authorization.py
@@ -27,6 +27,12 @@ def check_permissions(collection_name, resource, method, append_allowed_methods=
     :param check_node_type: node type to check. Only valid when collection_name='projects'.
     :type check_node_type: str
     """
+    from pillar.auth import get_current_user
+    from .authentication import CLI_USER
+
+    if get_current_user() is CLI_USER:
+        log.debug('Short-circuiting check_permissions() for CLI user')
+        return
 
     if not has_permissions(collection_name, resource, method, append_allowed_methods,
                            check_node_type):