Fix access bug in organization
authorSverre Rabbelier <srabbelier@gmail.com>
Sat, 21 Feb 2009 16:40:59 +0000
changeset 1436 b356b2d7653c
parent 1435 e9a2b1e87b1a
child 1437 eec60d5bbe95
Fix access bug in organization Patch by: Sverre Rabbelier
app/soc/views/models/organization.py
--- a/app/soc/views/models/organization.py	Sat Feb 21 16:40:22 2009 +0000
+++ b/app/soc/views/models/organization.py	Sat Feb 21 16:40:59 2009 +0000
@@ -55,21 +55,23 @@
       original_params: a dict with params for this View
     """
 
+    all = "%(scope_path)s/%(link_id)s"
+
     rights = access.Checker(params)
     rights['any_access'] = ['allow']
     rights['show'] = ['allow']
     rights['create'] = ['checkIsDeveloper']
-    rights['edit'] = [('checkHasActiveRoleForScope', 
-                           [org_admin_logic.logic, 'link_id']),
+    rights['edit'] = [('checkHasActiveRoleForScope',
+                           [org_admin_logic.logic, all]),
                       ('checkIsActive', [org_logic.logic, None])]
     rights['delete'] = ['checkIsDeveloper']
     rights['home'] = ['allow']
     rights['public_list'] = ['allow']
     rights['apply_mentor'] = ['checkIsUser']
     rights['list_requests'] = [('checkHasActiveRoleForScope', 
-                                [org_admin_logic.logic, 'link_id'])]
+                                [org_admin_logic.logic, all])]
     rights['list_roles'] = [('checkHasActiveRoleForScope', 
-                             [org_admin_logic.logic, 'link_id'])]
+                             [org_admin_logic.logic, all])]
     rights['applicant'] = [('checkIsApplicationAccepted',
                             org_app_logic.logic)]