From 97091457a8e96803f17216f93de6c921a848fbff Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Wed, 14 Mar 2018 22:04:57 +0100
Subject: [PATCH] Check for capabilites instead of roles in allow_link

---
 pillar/web/nodes/routes.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/pillar/web/nodes/routes.py b/pillar/web/nodes/routes.py
index 3996b6b5..9f296f07 100644
--- a/pillar/web/nodes/routes.py
+++ b/pillar/web/nodes/routes.py
@@ -126,11 +126,7 @@ def view(node_id, extra_template_args: dict=None):
         if node.permissions and node.permissions.world:
             return 'GET' in node.permissions.world
 
-        if current_user.is_authenticated:
-            allowed_roles = {'subscriber', 'demo', 'admin'}
-            return bool(allowed_roles.intersection(current_user.roles or ()))
-
-        return False
+        return current_user.has_cap('subscriber')
 
     link_allowed = allow_link()