From 2ac2a98727225049f30d0212fddad633fbe83df8 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Thu, 14 May 2020 22:07:34 -0500
Subject: [PATCH] Don't auto-include "Guest" role when finding roles w/
 permission X

otherwise "all" roles are returned when checking for a perm which Guest role
does have granted
---
 tailbone/views/roles.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tailbone/views/roles.py b/tailbone/views/roles.py
index 48ef827c..adac7fb5 100644
--- a/tailbone/views/roles.py
+++ b/tailbone/views/roles.py
@@ -271,7 +271,7 @@ class RolesView(PrincipalMasterView):
                            .options(orm.joinedload(model.Role._permissions))
         roles = []
         for role in all_roles:
-            if has_permission(session, role, permission):
+            if has_permission(session, role, permission, include_guest=False):
                 roles.append(role)
         return roles