changeset 4761:83390406fc5c

Fix isSuperUser(). See below for details. Querying request.user was wrong due to 2 reasons: * it does not check if THIS user (== self) is super user (but request.user) * request.user is not assigned yet when userobj.isSuperUser() is called early in the request processing. Simplified the code a bit by first checking self.valid.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 20 Jul 2009 01:19:31 +0200
parents 14be105b1c32
children 08dfaece84ad
files MoinMoin/user.py
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/user.py	Sat Jul 18 23:31:48 2009 +0200
+++ b/MoinMoin/user.py	Mon Jul 20 01:19:31 2009 +0200
@@ -925,13 +925,15 @@
 
     def isSuperUser(self):
         """ Check if this user is superuser """
+        if not self.valid:
+            return False
         request = self._request
-        if request.cfg.DesktopEdition and request.remote_addr == '127.0.0.1' and request.user and request.user.valid:
+        if request.cfg.DesktopEdition and request.remote_addr == '127.0.0.1':
             # the DesktopEdition gives any local user superuser powers
             return True
         superusers = request.cfg.superuser
         assert isinstance(superusers, (list, tuple))
-        return self.valid and self.name and self.name in superusers
+        return self.name and self.name in superusers
 
     def host(self):
         """ Return user host """