Kaynağa Gözat

Fix bug in API now allowing delete or edit of pins

tags/v1.4.0
Isaac Bythewood 8 yıl önce
ebeveyn
işleme
5802167b72
1 değiştirilmiş dosya ile 3 ekleme ve 2 silme
  1. +3
    -2
      pinry/core/api.py

+ 3
- 2
pinry/core/api.py Dosyayı Görüntüle

@@ -20,7 +20,7 @@ class PinryAuthorization(DjangoAuthorization):
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")

permission = '%s.change_%s' % (klass._meta.app_label, klass._meta.module_name)
permission = '%s.change_%s' % (klass._meta.app_label, klass._meta.model_name)

if not bundle.request.user.has_perm(permission, bundle.obj):
raise Unauthorized("You are not allowed to access that resource.")
@@ -33,7 +33,8 @@ class PinryAuthorization(DjangoAuthorization):
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")

permission = '%s.delete_%s' % (klass._meta.app_label, klass._meta.module_name)
print dir(klass._meta)
permission = '%s.delete_%s' % (klass._meta.app_label, klass._meta.model_name)

if not bundle.request.user.has_perm(permission, bundle.obj):
raise Unauthorized("You are not allowed to access that resource.")


Yükleniyor…
İptal
Kaydet