Commit 8af4bfe1 authored by Mikaël Salson's avatar Mikaël Salson

VidjilAuth.py: Prevent a call to the DB if we have permissions

This prevents from accessing db.sample_set when we know we have access to the sample set.
May this be a problem if the sample set doesn't exist anymore?
parent a4a1a5ba
......@@ -446,14 +446,17 @@ class VidjilAuth(Auth):
or self.is_admin(user))
def can_view_sample_set(self, sample_set_id, user = None) :
perm = self.get_permission(PermissionEnum.read.value, 'sample_set', sample_set_id, user)\
or self.is_admin(user)
if perm:
return perm
sample_set = db.sample_set[sample_set_id]
sample_type = sample_set.sample_type
if sample_set is None:
return False
perm = self.get_permission(PermissionEnum.read.value, 'sample_set', sample_set_id, user)\
or self.is_admin(user)
for row in db( db[sample_type].sample_set_id == sample_set_id ).select() :
if self.can_view(sample_type, row.id, user):
perm = True;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment