[#1421] Ensure that check_access is called on activity_create

Otherwise when disabling the activity streams the action returned before calling the auth function, which made the auth audit fail
ckan · Jan 8, 2014 · 6eeb2b1 · 6eeb2b1
1 parent d696e97
commit 6eeb2b1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/ckan/logic/action/create.py b/ckan/logic/action/create.py
@@ -1011,6 +1011,8 @@ def activity_create(context, activity_dict, **kw):
 
     '''
 
+    _check_access('activity_create', context, activity_dict)
+
     # this action had a ignore_auth param which has been removed
     # removed in 2.2
     if 'ignore_auth' in kw:
@@ -1031,8 +1033,6 @@ def activity_create(context, activity_dict, **kw):
     else:
         activity_dict['revision_id'] = None
 
-    _check_access('activity_create', context, activity_dict)
-
     schema = context.get('schema') or ckan.logic.schema.default_create_activity_schema()
     data, errors = _validate(activity_dict, schema, context)
     if errors: