Don't auto-include "Guest" role when finding roles w/ permission X

otherwise "all" roles are returned when checking for a perm which Guest role does have granted
2020-05-14 22:07:34 -05:00 · 2020-05-14 22:07:34 -05:00 · 2ac2a98727
parent 5f2dd31485
commit 2ac2a98727
1 changed files with 1 additions and 1 deletions
--- a/tailbone/views/roles.py
+++ b/tailbone/views/roles.py
@ -271,7 +271,7 @@ class RolesView(PrincipalMasterView):
                           .options(orm.joinedload(model.Role._permissions))
        roles = []
        for role in all_roles:
-            if has_permission(session, role, permission):
+            if has_permission(session, role, permission, include_guest=False):
                roles.append(role)
        return roles