Check permissions on node items

2015-10-19 19:09:32 +02:00 · 2015-10-19 19:09:32 +02:00 · d30de30bb9
commit d30de30bb9
parent 2f51d20ee7
1 changed files with 5 additions and 11 deletions
--- a/pillar/application/init.py
+++ b/pillar/application/init.py
@ -140,12 +140,6 @@ class NewAuth(TokenAuth):
        if not token:
            return False
        else:
-            # print '---'
-            # print 'validating'
-            # print token
-            # print resource
-            # print method
-            # print '---'
            validate_token()

        return True
@ -279,17 +273,19 @@ def check_permissions(resource, method, append_allowed_methods=False):
        resource['allowed_methods'] = list(set(allowed_methods))
        return resource

-    abort(403)
+    return None

 def before_returning_node(response):
    # Run validation process, since GET on nodes entry point is public
    validate_token()
-    check_permissions(response, 'GET', append_allowed_methods=True)
+    if not check_permissions(response, 'GET', append_allowed_methods=True):
+        return abort(403)

 def before_returning_nodes(response):
    for item in response['_items']:
        validate_token()
-        item = check_permissions(item, 'GET', append_allowed_methods=True)
+        check_permissions(item, 'GET', append_allowed_methods=True)
+

 def before_replacing_node(item, original):
    check_permissions(original, 'PUT')
@ -324,8 +320,6 @@ def post_POST_files(request, payload):
    """
    process_file(request.get_json())

-
-#app.on_pre_POST_files += pre_POST_files
 app.on_post_POST_files += post_POST_files

 from utils.cdn import hash_file_path