darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-04-27 12:40:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix permissions check when service ID is a UUID

Browse Source 
If you define a route with the service ID as a typed parameter, ie
```
@main.route('/services/<uuid:service_id>/agreement')
```

then `type(service_id)` returns `<class 'uuid.UUID'>`.

This is a problem when the permissions dictionary stores service IDs as
strings, because trying to look up a user’s permissions with the UUID
fails silently (that key isn’t in the dictionary).

This commit makes sure we always cast the service ID to a string before
using it to check permissions.
This commit is contained in:
Chris Hill-Scott
2019-05-03 09:59:02 +01:00
parent f33bd6a67e
commit b7e9c320f8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/user.py
View File

@@ -35,11 +35,11 @@ permissions = (
def _get_service_id_from_view_args():
return request.view_args.get('service_id', None)
return str(request.view_args.get('service_id', '')) or None
def _get_org_id_from_view_args():
return request.view_args.get('org_id', None)
return str(request.view_args.get('org_id', '')) or None
def translate_permissions_from_db_to_admin_roles(permissions):