Fix ACL

2024-01-07 23:09:39 +05:30 · 2024-01-07 23:09:39 +05:30 · aed84e0f36
commit aed84e0f36
parent c3caedea0e
2 changed files with 4 additions and 3 deletions
--- a/src/gisaf/geoapi.py
+++ b/src/gisaf/geoapi.py
@ -90,7 +90,7 @@ async def get_geojson(store_name,
        model = registry.stores.loc[store_name].model
    except KeyError:
        raise HTTPException(status.HTTP_404_NOT_FOUND)
-    if hasattr(model, 'viewable_role'):
+    if getattr(model, 'viewable_role', None):
        if not(user and user.can_view(model)):
            username = user.username if user else "Anonymous"
            logger.info(f'{username} tried to access {model}')
--- a/src/gisaf/models/authentication.py
+++ b/src/gisaf/models/authentication.py
@ -32,8 +32,9 @@ class User(UserBase, table=True):
    password: str | None = None

    def can_view(self, model) -> bool:
-        if hasattr(model, 'viewable_role'):
-            return model.viewable_role in (role.name for role in self.roles)
+        viewable_role = getattr(model, 'viewable_role', None)
+        if viewable_role:
+            return viewable_role in (role.name for role in self.roles)
        else:
            return True