Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
path: root/sugar_network/node/commands.py
diff options
context:
space:
mode:
Diffstat (limited to 'sugar_network/node/commands.py')
-rw-r--r--sugar_network/node/commands.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/sugar_network/node/commands.py b/sugar_network/node/commands.py
index 47d4c82..ae63305 100644
--- a/sugar_network/node/commands.py
+++ b/sugar_network/node/commands.py
@@ -95,10 +95,13 @@ class NodeCommands(VolumeCommands, Commands):
'User is not authenticated')
if cmd.permissions & ad.ACCESS_AUTHOR and 'guid' in request:
- doc = self.volume[request['document']].get(request['guid'])
- enforce(request.principal in doc['user'] or
- auth.try_validate(request, 'root'), ad.Forbidden,
- 'Operation is permitted only for authors')
+ if request['document'] == 'user':
+ allowed = (request.principal == request['guid'])
+ else:
+ doc = self.volume[request['document']].get(request['guid'])
+ allowed = (request.principal in doc['user'])
+ enforce(allowed or auth.try_validate(request, 'root'),
+ ad.Forbidden, 'Operation is permitted only for authors')
return cmd