Opened 8 years ago
Last modified 7 years ago
#12597 closed enhancement
Prevent recursion in PermissionSystem.check_permission — at Initial Version
Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
---|---|---|---|
Priority: | normal | Milestone: | 1.2.1 |
Component: | general | Version: | |
Severity: | normal | Keywords: | permissions |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Discussed in gdiscussion:trac-users:MNvfBPbiAS0 and other threads, there is a high likelihood of recursion when a permission policy calls Permission.has_permission
(usually via ACTION in perm
) within its policy.check_permission
method. One possible way to avoid this, which I'd like to explore, would be to skip calling policy.check_permission on the policy that invoked PermissionCache.has_permission
.
Using CookBook/Configuration/SignedTickets as an example, the policy would be changed:
- any(a in perm for a in self.admin_actions): + any(a in perm(resource, policy=self) + for a in self.admin_actions):