From 7d5785da62df3d7c59fd32a4dcc8920f37e49174 Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Wed, 8 Nov 2017 23:56:02 +0100
Subject: [PATCH] Handle exception when users are not allowed to update
 nodes_latest

When editing a node, the user should not be required to have PUT permission on the project the node belongs to. The function project_update_nodes_list should not be called within edit, but should rather be implemented as hook for specific cases only.
---
 pillar/web/nodes/routes.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pillar/web/nodes/routes.py b/pillar/web/nodes/routes.py
index bf282a32..19ed2dfd 100644
--- a/pillar/web/nodes/routes.py
+++ b/pillar/web/nodes/routes.py
@@ -424,7 +424,12 @@ def edit(node_id):
             if node_type.name == 'post':
                 project_update_nodes_list(node, project_id=project._id, list_name='blog')
             else:
-                project_update_nodes_list(node, project_id=project._id)
+                try:
+                    project_update_nodes_list(node, project_id=project._id)
+                except ForbiddenAccess:
+                    # TODO (fsiddi): Implement this as a blender-cloud-only hook
+                    log.debug('User %s not allowed to update latest_nodes in %s' %
+                              (user_id, project._id))
             return redirect(url_for('nodes.view', node_id=node_id, embed=1,
                                     _external=True,
                                     _scheme=current_app.config['SCHEME']))