Commit ecf34af7 authored by Pablo Panero's avatar Pablo Panero
Browse files

Decoupled owner permission from list. List only needs the user to be...

Decoupled owner permission from list. List only needs the user to be authenticated, then the rest is the filter over the alias
parent 998792dd
......@@ -70,7 +70,7 @@ class RecordPermission(object):
"""Create a record permission."""
# Allow everything for testing
if action in cls.list_actions:
return cls(record, has_owner_permission, user)
return cls(record, has_list_permission, user)
elif action in cls.create_actions:
return cls(record, has_owner_permission, user)
elif action in cls.read_actions:
......@@ -106,6 +106,12 @@ def get_index_from_request(record=None):
current_app.config['INDEXER_DEFAULT_DOC_TYPE'])
def has_list_permission(user, record=None):
"""Check if user is authenticated and has create access"""
return user.is_authenticated
def has_update_permission(user, record):
"""Check if user is authenticated and has update access"""
if user.is_authenticated:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment