permissions method about group
Bug #727884 reported by
Raimon Esteve (www.zikzakmedia.com)
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
RPC4Django |
Won't Fix
|
Undecided
|
davidfischer |
Bug Description
If we design our method by permision, this method need login user. But permisson method don't chek group; check method permision if this user is "Superuser status"; not group.
Example of method:
@rpcmethod(
def secret():
return "Successfully called a protected method"
Connection:
proxy = xmlrpclib.
prova user, need Superuser status user; not check by group.
user.has_
Changed in rpc4django: | |
assignee: | nobody → davidfischer (djfische) |
Changed in rpc4django: | |
status: | New → Won't Fix |
To post a comment you must log in.
I am not able to reproduce this issue. I have a theory though.
If this is related to issue #727879 which you filed, then you may see the problem you are getting. The decorator checks permissions before the method is called. However, in the example you gave in ticket #727879, you are logging the user in as part of the method body. In this case, the @rpcmethod decorator will check permissions and fail because the user hasn't been logged in since that happens during method execution.
I think that once you setup your authentication properly as I suggested in #727879 that it will resolve your issues. Let me know.