From d9b56f485b6406985b53626778f2af2fe9cba294 Mon Sep 17 00:00:00 2001
From: Francesco Siddi <francesco.siddi@gmail.com>
Date: Wed, 30 Nov 2016 23:50:19 +0100
Subject: [PATCH] Extend CHECK_PERMISSIONS_IMPLEMENTED_FOR

We support flamenco.jobs. This is a temporary workaround until we
implement check permissions in a way that can be extended by extensions.
---
 pillar/api/utils/authorization.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pillar/api/utils/authorization.py b/pillar/api/utils/authorization.py
index b2e64f33..a3563e65 100644
--- a/pillar/api/utils/authorization.py
+++ b/pillar/api/utils/authorization.py
@@ -7,7 +7,7 @@ from flask import abort
 from flask import current_app
 from werkzeug.exceptions import Forbidden
 
-CHECK_PERMISSIONS_IMPLEMENTED_FOR = {'projects', 'nodes'}
+CHECK_PERMISSIONS_IMPLEMENTED_FOR = {'projects', 'nodes', 'flamenco.jobs'}
 
 log = logging.getLogger(__name__)
 
@@ -135,6 +135,14 @@ def compute_aggr_permissions(collection_name, resource, check_node_type=None):
         if check_node_type is None:
             return project['permissions']
         node_type_name = check_node_type
+    elif 'node_type' not in resource:
+        # Neither a project, nor a node, therefore is another collection
+        projects_collection = current_app.data.driver.db['projects']
+        project = projects_collection.find_one(
+            ObjectId(resource['project']),
+            {'permissions': 1})
+        return project['permissions']
+
     else:
         # Not a project, so it's a node.
         assert 'project' in resource