archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Handle exception when users are not allowed to update nodes_latest

Browse Source 
When editing a node, the user should not be required to have PUT permission on the project the node belongs to. The function project_update_nodes_list should not be called within edit, but should rather be implemented as hook for specific cases only.
This commit is contained in:
Francesco Siddi
2017-11-08 23:56:02 +01:00
parent ac9aa59924
commit 7d5785da62
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pillar/web/nodes/routes.py
View File

@@ -424,7 +424,12 @@ def edit(node_id):
if node_type.name == 'post': if node_type.name == 'post':
project_update_nodes_list(node, project_id=project._id, list_name='blog') project_update_nodes_list(node, project_id=project._id, list_name='blog')
else: else:
try:
project_update_nodes_list(node, project_id=project._id) project_update_nodes_list(node, project_id=project._id)
except ForbiddenAccess:
# TODO (fsiddi): Implement this as a blender-cloud-only hook
log.debug('User %s not allowed to update latest_nodes in %s' %
(user_id, project._id))
return redirect(url_for('nodes.view', node_id=node_id, embed=1, return redirect(url_for('nodes.view', node_id=node_id, embed=1,
_external=True, _external=True,
_scheme=current_app.config['SCHEME'])) _scheme=current_app.config['SCHEME']))