permissions method about group

Bug #727884 reported by Raimon Esteve (www.zikzakmedia.com) on 2011-03-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
RPC4Django
Undecided
davidfischer

Bug Description

If we design our method by permision, this method need login user. But permisson method don't chek group; check method permision if this user is "Superuser status"; not group.

Example of method:
@rpcmethod(name='rpc4django.secret', signature=['string'], permission='auth.add_group')
def secret():
    return "Successfully called a protected method"

Connection:
proxy = xmlrpclib.ServerProxy("http://prova:prova@localhost:8443/xmlrpc") #rpc4django

prova user, need Superuser status user; not check by group.

user.has_perm(method.permission) always return True if authorization are successfully

davidfischer (djfische) on 2011-03-03
Changed in rpc4django:
assignee: nobody → davidfischer (djfische)
davidfischer (djfische) wrote :

I am not able to reproduce this issue. I have a theory though.

If this is related to issue #727879 which you filed, then you may see the problem you are getting. The decorator checks permissions before the method is called. However, in the example you gave in ticket #727879, you are logging the user in as part of the method body. In this case, the @rpcmethod decorator will check permissions and fail because the user hasn't been logged in since that happens during method execution.

I think that once you setup your authentication properly as I suggested in #727879 that it will resolve your issues. Let me know.

davidfischer (djfische) on 2011-05-21
Changed in rpc4django:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers