10 years ago · 6e5cf574cb
--- a/pboard/pboard/controllers/root.py
+++ b/pboard/pboard/controllers/root.py
@@ -116,13 +116,13 @@ class RootController(BaseController):
 
				     @expose('pboard.templates.document')
			
 
				     #@require(predicates.in_group('user', msg=l_('Please login to access this page')))
			
 
				     @require(can_read())
			
 
				-    def document(self, node=0, version=0, came_from=lurl('/'), highlight=''):
			
 
				+    def document(self, node_id=0, version=0, came_from=lurl('/'), highlight=''):
			
 
				         """show the user dashboard"""
			
 
				         loCurrentUser   = pld.PODStaticController.getCurrentUser()
			
 
				         loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
			
 
				 
			
 
				         loRootNodeList = loApiController.buildTreeListForMenu(pbmd.PBNodeStatus.getVisibleIdsList())
			
 
				-        liNodeId         = int(node)
			
 
				+        liNodeId         = int(node_id)
			
 
				         liVersionId      = int(version)
			
 
				 
			
 
				         loCurrentNode    = None
			
--- a/pboard/pboard/lib/auth.py
+++ b/pboard/pboard/lib/auth.py
@@ -11,8 +11,8 @@ class can_read(Predicate):
 
				         pass
			
 
				 
			
 
				     def evaluate(self, environ, credentials):
			
 
				-        if 'node' in environ['webob.adhoc_attrs']['validation']['values']:
			
 
				-            node_id = environ['webob.adhoc_attrs']['validation']['values']['node']
			
 
				+        if 'node_id' in environ['webob.adhoc_attrs']['validation']['values']:
			
 
				+            node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']
			
 
				             if node_id!=0:
			
 
				                 has_right = session.execute("""
			
 
				                         select *
			
@@ -32,15 +32,17 @@ class can_write(Predicate):
 
				         pass
			
 
				 
			
 
				     def evaluate(self, environ, credentials):
			
 
				-        node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']
			
 
				-        has_right = session.execute("""
			
 
				-                select *
			
 
				-                from pod_group_node pgn
			
 
				-                join pod_user_group pug on pug.group_id = pgn.group_id
			
 
				-                join pod_user pu on pug.user_id = pu.user_id
			
 
				-                where rights > 1
			
 
				-                and email_address = :mail
			
 
				-                and node_id = :node""", {"mail":credentials["repoze.who.userid"], "node":node_id})
			
 
				-        if has_right.rowcount == 0 :
			
 
				-            self.unmet()
			
 
				+        if 'node_id' in environ['webob.adhoc_attrs']['validation']['values']:
			
 
				+            node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']
			
 
				+            if node_id!=0:
			
 
				+                has_right = session.execute("""
			
 
				+                        select *
			
 
				+                        from pod_group_node pgn
			
 
				+                        join pod_user_group pug on pug.group_id = pgn.group_id
			
 
				+                        join pod_user pu on pug.user_id = pu.user_id
			
 
				+                        where rights > 1
			
 
				+                        and email_address = :mail
			
 
				+                        and node_id = :node""", {"mail":credentials["repoze.who.userid"], "node":node_id})
			
 
				+                if has_right.rowcount == 0 :
			
 
				+                    self.unmet()