[ckan-changes] commit/ckan: John Glover: [logic][xs] Bug fix for update_resource, correctly check auth against package dict

[Bitbucket]

1 new changeset in ckan:

http://bitbucket.org/okfn/ckan/changeset/6dcaa3abe95d/
changeset:   6dcaa3abe95d
user:        John Glover
date:        2011-10-04 18:45:41
summary:     [logic][xs] Bug fix for update_resource, correctly check auth against package dict
affected #:  1 file (-1 bytes)

--- a/ckan/logic/action/update.py	Tue Oct 04 13:14:14 2011 +0100
+++ b/ckan/logic/action/update.py	Tue Oct 04 17:45:41 2011 +0100
@@ -148,7 +148,7 @@
     model = context['model']
     session = context['session']
     user = context['user']
-    id = context["id"]
+    id = data_dict["id"]
     schema = context.get('schema') or default_update_resource_schema()
     model.Session.remove()
 
@@ -157,8 +157,8 @@
 
     if not resource:
         raise NotFound(_('Resource was not found.'))
-    context["id"] = resource.id
 
+    # check authentication against the resource package
     # TODO: can check_access be used against a resource?
     query = session.query(model.Package
     ).join(model.ResourceGroup
@@ -167,8 +167,7 @@
     pkg = query.first()
     if not pkg:
         raise NotFound(_('No package found for this resource, cannot check auth.'))
-
-    check_access('package_update', context, data_dict)
+    check_access('package_update', context, package_dictize(pkg, context))
 
     data, errors = validate(data_dict, schema, context)

Repository URL: https://bitbucket.org/okfn/ckan/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.