Changeset 78af3d1 in OpenWorkouts-current for ow/models/user.py

Timestamp:

Feb 9, 2019, 9:42:52 PM (5 years ago)

Author:

Borja Lopez <borja@…>

Branches:

current, feature/docs, master

Children:

56caf3d

Parents:

55470f9

Message:

Fix permissions. From now on users can see (and edit, delete, etc) their own data

File:

• ow/models/user.py (modified) (2 diffs)

ow/models/user.py

@@ -6 +6 @@
 import bcrypt
 from repoze.folder import Folder
-from pyramid.security import Allow
+from pyramid.security import Allow, Deny, Everyone, ALL_PERMISSIONS
 
 from ow.catalog import get_catalog, reindex_object
@@ -18 +18 @@
     def __acl__(self):
         permissions = [
+            (Allow, str(self.uid), 'view'),
             (Allow, str(self.uid), 'edit'),
-            (Allow, str(self.uid), 'view'),
+            (Deny, Everyone, ALL_PERMISSIONS),
         ]
         return permissions