myexperiment-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[myexperiment-hackers] [3240] branches/components/lib/rest.rb: Added aut

From: noreply
Subject: [myexperiment-hackers] [3240] branches/components/lib/rest.rb: Added auth check for pack snapshotting
Date: Thu, 6 Dec 2012 14:33:00 +0000 (UTC)
Revision
3240
Author
fbacall
Date
2012-12-06 14:33:00 +0000 (Thu, 06 Dec 2012)

Log Message

Added auth check for pack snapshotting

Modified Paths

Diff

Modified: branches/components/lib/rest.rb (3239 => 3240)


--- branches/components/lib/rest.rb	2012-12-06 14:02:04 UTC (rev 3239)
+++ branches/components/lib/rest.rb	2012-12-06 14:33:00 UTC (rev 3240)
@@ -1325,8 +1325,12 @@
         if ob.nil?
           return rest_response(404, :reason => "Couldn't find a Pack with id #{id}")
         else
-          ob.snapshot!
-          return rest_get_request(ob, opts[:user], { "id" => ob.id.to_s })
+          if Authorization.check('edit', ob, opts[:user])
+            ob.snapshot!
+            return rest_get_request(ob, opts[:user], { "id" => ob.id.to_s })
+          else
+            return rest_response(401, :reason => "Not authorised to snapshot pack #{id}")
+          end
         end
       else
         ob = Pack.new(:contributor => opts[:user])
reply via email to
[Prev in Thread] Current Thread [Next in Thread]