This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

check role before deleting by digest

  • Loading branch information...
ewdurbin committed Oct 12, 2017
1 parent 5278462 commit 18200fa6731faeeda2433dd1c61d04373ad8a653
Showing with 8 additions and 1 deletion.
  1. +8 −1 webui.py
@@ -2449,8 +2449,15 @@ def files(self):
fids = [fids]

for digest in fids:
file_info = self.store.get_file_info(digest)
try:
self.store.remove_file(digest)
if self.store.has_role('Maintainer', file_info['name']) or \
self.store.has_role('Admin', file_info['name']) or \
self.store.has_role('Owner', file_info['name']):

This comment has been minimized.

@warvariuc

warvariuc Aug 30, 2018

Why not allowing passing multiple roles to has_role? Then the code would look like:

if self.store.has_role(['Maintainer', 'Admin', 'Owner'], file_info['name']):

This comment has been minimized.

@jamadden

jamadden Aug 30, 2018

Member

Thanks for your comment! This code is no longer developed. It has been replaced by https://github.com/pypa/warehouse

self.store.remove_file(digest)
else:
raise Forbidden, \
"You are not allowed to edit '%s' package information"%file_info['name']
except KeyError:
return self.fail('No such files to remove', code=200)
else:

0 comments on commit 18200fa

Please sign in to comment.