permissions method about group

Bug #727884 reported by Raimon Esteve (www.zikzakmedia.com)
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
RPC4Django
Won't Fix
Undecided
davidfischer

Bug Description

If we design our method by permision, this method need login user. But permisson method don't chek group; check method permision if this user is "Superuser status"; not group.

Example of method:
@rpcmethod(name='rpc4django.secret', signature=['string'], permission='auth.add_group')
def secret():
    return "Successfully called a protected method"

Connection:
proxy = xmlrpclib.ServerProxy("http://prova:prova@localhost:8443/xmlrpc") #rpc4django

prova user, need Superuser status user; not check by group.

user.has_perm(method.permission) always return True if authorization are successfully

davidfischer (djfische)
Changed in rpc4django:
assignee: nobody → davidfischer (djfische)
Revision history for this message
davidfischer (djfische) wrote :

I am not able to reproduce this issue. I have a theory though.

If this is related to issue #727879 which you filed, then you may see the problem you are getting. The decorator checks permissions before the method is called. However, in the example you gave in ticket #727879, you are logging the user in as part of the method body. In this case, the @rpcmethod decorator will check permissions and fail because the user hasn't been logged in since that happens during method execution.

I think that once you setup your authentication properly as I suggested in #727879 that it will resolve your issues. Let me know.

davidfischer (djfische)
Changed in rpc4django:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers