diff --git a/tracopt/perm/authz_policy.py b/tracopt/perm/authz_policy.py
|
a
|
b
|
|
| 184 | 184 | |
| 185 | 185 | def normalise_resource(self, resource): |
| 186 | 186 | def flatten(resource): |
| 187 | | if not resource or not (resource.realm or resource.id): |
| 188 | | return [] |
| | 187 | if not resource: |
| | 188 | return ['*:*@*'] |
| | 189 | if not (resource.realm or resource.id): |
| | 190 | return ['%s:%s@%s' % (resource.realm or '*', |
| | 191 | resource.id or '*', |
| | 192 | resource.version or '*')] |
| 189 | 193 | # XXX Due to the mixed functionality in resource we can end up with |
| 190 | 194 | # ticket, ticket:1, ticket:1@10. This code naively collapses all |
| 191 | 195 | # subsets of the parent resource into one. eg. ticket:1@10 |
| … |
… |
|
| 205 | 209 | def authz_permissions(self, resource_key, username): |
| 206 | 210 | # TODO: Handle permission negation in sections. eg. "if in this |
| 207 | 211 | # ticket, remove TICKET_MODIFY" |
| 208 | | valid_users = ['*', 'anonymous'] |
| 209 | 212 | if username and username != 'anonymous': |
| 210 | 213 | valid_users = ['*', 'authenticated', username] |
| | 214 | else: |
| | 215 | valid_users = ['*', 'anonymous'] |
| 211 | 216 | for resource_section in [a for a in self.authz.sections |
| 212 | 217 | if a != 'groups']: |
| 213 | 218 | resource_glob = resource_section |
