Fix bug in API now allowing delete or edit of pins

2025-11-14 09:05:41 +01:00 · 2016-02-04 01:34:19 +00:00
parent 51c6e58fc5
commit 5802167b72
1 changed files with 3 additions and 2 deletions
--- a/pinry/core/api.py
+++ b/pinry/core/api.py
@@ -20,7 +20,7 @@ class PinryAuthorization(DjangoAuthorization):
        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

-        permission = '%s.change_%s' % (klass._meta.app_label, klass._meta.module_name)
+        permission = '%s.change_%s' % (klass._meta.app_label, klass._meta.model_name)

        if not bundle.request.user.has_perm(permission, bundle.obj):
            raise Unauthorized("You are not allowed to access that resource.")
@@ -33,7 +33,8 @@ class PinryAuthorization(DjangoAuthorization):
        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

-        permission = '%s.delete_%s' % (klass._meta.app_label, klass._meta.module_name)
+        print dir(klass._meta)
+        permission = '%s.delete_%s' % (klass._meta.app_label, klass._meta.model_name)

        if not bundle.request.user.has_perm(permission, bundle.obj):
            raise Unauthorized("You are not allowed to access that resource.")