django-arctic User role not added to roles raises error on checking permission

User role not added to roles raises error on checking permission

Open VolodiaKhl opened this issue 6 years ago • 2 comments

In class RoleAuthentication there is a method called check_permission. In case the role of user is not defined in roles.py, it raises KeyError. I'd suggest to change method to:

    @classmethod
    def check_permission(cls, role, permission):
        """
        Check if role contains permission
        """
        result = permission in settings.ARCTIC_ROLES.get(role, [])
        # will try to call a method with the same name as the permission
        # to enable an object level permission check.
        if result:
            try:
                return getattr(cls, permission)(role)
            except AttributeError:
                pass
        return result

Jan 25 '19 16:01 VolodiaKhl

Is this still an issue? @VolodiaKhl

Feb 14 '19 12:02 mmarcos

I can confirm this issue. I ran unittests with an admin user, calling if self.check_permission(self.request.user.urole.role.name, 'dashboard_widgets'):. Admin is not existing in the ARCTIC_ROLES, so it breaks.

Apr 19 '19 09:04 jmijn

django-arctic django-arctic copied to clipboard

User role not added to roles raises error on checking permission

django-arctic
django-arctic copied to clipboard