Fix ACL
This commit is contained in:
parent
c3caedea0e
commit
aed84e0f36
2 changed files with 4 additions and 3 deletions
|
|
@ -90,7 +90,7 @@ async def get_geojson(store_name,
|
||||||
model = registry.stores.loc[store_name].model
|
model = registry.stores.loc[store_name].model
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise HTTPException(status.HTTP_404_NOT_FOUND)
|
raise HTTPException(status.HTTP_404_NOT_FOUND)
|
||||||
if hasattr(model, 'viewable_role'):
|
if getattr(model, 'viewable_role', None):
|
||||||
if not(user and user.can_view(model)):
|
if not(user and user.can_view(model)):
|
||||||
username = user.username if user else "Anonymous"
|
username = user.username if user else "Anonymous"
|
||||||
logger.info(f'{username} tried to access {model}')
|
logger.info(f'{username} tried to access {model}')
|
||||||
|
|
|
||||||
|
|
@ -32,8 +32,9 @@ class User(UserBase, table=True):
|
||||||
password: str | None = None
|
password: str | None = None
|
||||||
|
|
||||||
def can_view(self, model) -> bool:
|
def can_view(self, model) -> bool:
|
||||||
if hasattr(model, 'viewable_role'):
|
viewable_role = getattr(model, 'viewable_role', None)
|
||||||
return model.viewable_role in (role.name for role in self.roles)
|
if viewable_role:
|
||||||
|
return viewable_role in (role.name for role in self.roles)
|
||||||
else:
|
else:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue