Fix permission checks for root user with pyramid 2.x

2024-04-19 22:27:30 -05:00 · 2024-04-19 22:27:30 -05:00 · d6fa83cd87
parent 8781e34c98
commit d6fa83cd87
1 changed files with 4 additions and 0 deletions
--- a/tailbone/auth.py
+++ b/tailbone/auth.py
@ -209,6 +209,10 @@ class TailboneSecurityPolicy:
        return self.session_helper.forget(request, **kw)

    def permits(self, request, context, permission):
+        # nb. root user can do anything
+        if request.is_root:
+            return True
+
        config = request.registry.settings.get('rattail_config')
        app = config.get_app()
        auth = app.get_auth_handler()