Browse Source

Fix bug in API now allowing delete or edit of pins

tags/v1.4.0
Isaac Bythewood 8 years ago
parent
commit
5802167b72
1 changed files with 3 additions and 2 deletions
  1. +3
    -2
      pinry/core/api.py

+ 3
- 2
pinry/core/api.py View File

@@ -20,7 +20,7 @@ class PinryAuthorization(DjangoAuthorization):
if klass is False: if klass is False:
raise Unauthorized("You are not allowed to access that resource.") raise Unauthorized("You are not allowed to access that resource.")


permission = '%s.change_%s' % (klass._meta.app_label, klass._meta.module_name)
permission = '%s.change_%s' % (klass._meta.app_label, klass._meta.model_name)


if not bundle.request.user.has_perm(permission, bundle.obj): if not bundle.request.user.has_perm(permission, bundle.obj):
raise Unauthorized("You are not allowed to access that resource.") raise Unauthorized("You are not allowed to access that resource.")
@@ -33,7 +33,8 @@ class PinryAuthorization(DjangoAuthorization):
if klass is False: if klass is False:
raise Unauthorized("You are not allowed to access that resource.") raise Unauthorized("You are not allowed to access that resource.")


permission = '%s.delete_%s' % (klass._meta.app_label, klass._meta.module_name)
print dir(klass._meta)
permission = '%s.delete_%s' % (klass._meta.app_label, klass._meta.model_name)


if not bundle.request.user.has_perm(permission, bundle.obj): if not bundle.request.user.has_perm(permission, bundle.obj):
raise Unauthorized("You are not allowed to access that resource.") raise Unauthorized("You are not allowed to access that resource.")


Loading…
Cancel
Save