From d6fa83cd87052befbd47a4170118b12a9099f39b Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Fri, 19 Apr 2024 22:27:30 -0500
Subject: [PATCH] Fix permission checks for root user with pyramid 2.x

---
 tailbone/auth.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tailbone/auth.py b/tailbone/auth.py
index 66deeff0..0a5bd903 100644
--- a/tailbone/auth.py
+++ b/tailbone/auth.py
@@ -209,6 +209,10 @@ class TailboneSecurityPolicy:
         return self.session_helper.forget(request, **kw)
 
     def permits(self, request, context, permission):
+        # nb. root user can do anything
+        if request.is_root:
+            return True
+
         config = request.registry.settings.get('rattail_config')
         app = config.get_app()
         auth = app.get_auth_handler()