[FIX]Radicale Odoo Right : we must take care of authenticated users alongside paths

This commit is contained in:
Fabien BOURGEOIS 2018-05-16 09:43:14 +02:00
rodzic 258ccac379
commit 274bc29313
1 zmienionych plików z 8 dodań i 3 usunięć

Wyświetl plik

@ -25,7 +25,12 @@ class Rights(BaseRights):
""" BaseRights implementation for Odoo Radicale """
def authorized(self, user, path, permission):
return permission == 'r'
def authorized_item(self, user, path, permission):
""" Authorized only readonly for authenticated users on their path """
if not user:
return False
if path == '/':
return True
path = path.strip('/').split('/')
if user != path[0]:
return False
return permission == 'r'