Fix authorization policy bug.

This was really an edge case, but in any event the problem would occur when a
user was logged in, and then that user account was deleted.
This commit is contained in:
Lance Edgar 2013-09-06 04:12:21 -07:00
parent 9a956e66f5
commit 0d0445592e

View file

@ -42,7 +42,7 @@ class TailboneAuthorizationPolicy(object):
for userid in principals: for userid in principals:
if userid not in (Everyone, Authenticated): if userid not in (Everyone, Authenticated):
user = Session.query(User).get(userid) user = Session.query(User).get(userid)
assert user if user:
return has_permission(Session(), user, permission) return has_permission(Session(), user, permission)
if Everyone in principals: if Everyone in principals:
return has_permission(Session(), None, permission) return has_permission(Session(), None, permission)