From 7107c39cce195ca4bea7b6103cace1c73eee7210 Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Tue, 20 Oct 2015 11:38:12 +0200
Subject: [PATCH] Extended permission check to node_types as well

---
 pillar/application/__init__.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/pillar/application/__init__.py b/pillar/application/__init__.py
index 454851c2..f36087ae 100644
--- a/pillar/application/__init__.py
+++ b/pillar/application/__init__.py
@@ -275,18 +275,19 @@ def check_permissions(resource, method, append_allowed_methods=False):
 
     return None
 
-def before_returning_node(response):
+def before_returning_item_permissions(response):
     # Run validation process, since GET on nodes entry point is public
     validate_token()
     if not check_permissions(response, 'GET', append_allowed_methods=True):
         return abort(403)
 
-def before_returning_nodes(response):
+def before_returning_resource_permissions(response):
     for item in response['_items']:
         validate_token()
         check_permissions(item, 'GET', append_allowed_methods=True)
 
 
+
 def before_replacing_node(item, original):
     check_permissions(original, 'PUT')
 
@@ -295,8 +296,10 @@ def before_inserting_nodes(items):
         check_permissions(item, 'POST')
 
 
-app.on_fetched_item_nodes += before_returning_node
-app.on_fetched_resource_nodes += before_returning_nodes
+app.on_fetched_item_nodes += before_returning_item_permissions
+app.on_fetched_resource_nodes += before_returning_resource_permissions
+app.on_fetched_item_node_types += before_returning_item_permissions
+app.on_fetched_resource_node_types += before_returning_resource_permissions
 app.on_replace_nodes += before_replacing_node
 app.on_insert_nodes += before_inserting_nodes