rattail/rattail
2
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity Actions

Stop granting all perms to 'admin' role

Browse source 
Now in Tailbone a user with 'admin' role can elevate to root, and that
will give them all perms.  But let the 'admin' role have perms of its
own during normal operation.
This commit is contained in:
Lance Edgar 2016-10-18 16:54:03 -05:00
parent 8010847e23
commit 09279c4198
1 changed files with 0 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
rattail/db/auth.py
View file

@ -142,11 +142,6 @@ def has_permission(session, principal, permission, include_guest=True, include_a
else: else:
roles = [] roles = []
# Admin always has permission.
admin = administrator_role(session)
if admin in roles:
return True
if include_guest: if include_guest:
roles.append(guest_role(session)) roles.append(guest_role(session))
for role in roles: for role in roles: