[ckan-changes] commit/ckan: John Glover: [logic][xs] Bug fix for update_resource, correctly check auth against package dict
Bitbucket
commits-noreply at bitbucket.org
Tue Oct 4 16:46:03 UTC 2011
1 new changeset in ckan:
http://bitbucket.org/okfn/ckan/changeset/6dcaa3abe95d/
changeset: 6dcaa3abe95d
user: John Glover
date: 2011-10-04 18:45:41
summary: [logic][xs] Bug fix for update_resource, correctly check auth against package dict
affected #: 1 file (-1 bytes)
--- a/ckan/logic/action/update.py Tue Oct 04 13:14:14 2011 +0100
+++ b/ckan/logic/action/update.py Tue Oct 04 17:45:41 2011 +0100
@@ -148,7 +148,7 @@
model = context['model']
session = context['session']
user = context['user']
- id = context["id"]
+ id = data_dict["id"]
schema = context.get('schema') or default_update_resource_schema()
model.Session.remove()
@@ -157,8 +157,8 @@
if not resource:
raise NotFound(_('Resource was not found.'))
- context["id"] = resource.id
+ # check authentication against the resource package
# TODO: can check_access be used against a resource?
query = session.query(model.Package
).join(model.ResourceGroup
@@ -167,8 +167,7 @@
pkg = query.first()
if not pkg:
raise NotFound(_('No package found for this resource, cannot check auth.'))
-
- check_access('package_update', context, data_dict)
+ check_access('package_update', context, package_dictize(pkg, context))
data, errors = validate(data_dict, schema, context)
Repository URL: https://bitbucket.org/okfn/ckan/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
More information about the ckan-changes
mailing list