fix guest bug in role perms editing

edbob/db/auth.py

@@ -105,7 +105,7 @@ def grant_permission(role, permission, session=None):
         role.permissions.append(permission)
 
 
-def has_permission(obj, perm, session=None):
+def has_permission(obj, perm, include_guest=True, session=None):
     """
     Checks the given ``obj`` (which may be either a :class:`edbob.User`` or
     :class:`edbob.Role` instance), and returns a boolean indicating whether or
@@ -124,8 +124,9 @@ def has_permission(obj, perm, session=None):
     if not session:
         session = object_session(obj)
         assert session
+    if include_guest:
+        roles.append(guest_role(session))
     admin = administrator_role(session)
-    roles.append(guest_role(session))
     for role in roles:
         if role is admin:
             return True

edbob/pyramid/views/roles.py

@@ -139,12 +139,12 @@ def PermissionsFieldRenderer(permissions, *args, **kwargs):
                 for group, perms in self.permissions:
                     inner = HTML.tag('p', c=group)
                     for perm, title in perms:
-                        checked = auth.has_permission(role, perm, Session())
+                        checked = auth.has_permission(
+                            role, perm, include_guest=False, session=Session())
                         if readonly:
                             span = HTML.tag('span', c="[X]" if checked else "[ ]")
                             inner += HTML.tag('p', class_='perm', c=span + ' ' + title)
                         else:
-                            checked = auth.has_permission(role, perm, Session())
                             inner += tags.checkbox(self.name + '-' + perm,
                                                    checked=checked, label=title)
                     html += HTML.tag('div', class_='group', c=inner)