forked from Github-Mirrors/canaille
fix: with LDAP backend, edition the admin group would fail
The `match_filter` method evaluate filters, and queries objects from their ids. The value was stored in the `filter` arg, but being a dict it was re-used during the following calls of `match_filter`. After editing the `admin` group (by adding or removing an user), a new page is displayed, and as always it checks the user permissions. The user permission check would call `match_filter` then compare an updated version of the admin group (with one less or one new user) with an unfortunate *cached* version in the `match_filter` `filter` arg. With the SQL or the memory backend the comparision would be successful, but it is not with the LDAP backend. This resulted in permission loss for users after editing the `admin` group. Being a method default value edited, it would remain until the Canaille service was reloaded. Related to https://stackoverflow.com/questions/1132941/least-astonishment-and-the-mutable-default-argument
This commit is contained in:
Éloi Rivard
parent
fe8e1160ab
commit
6a6350e368
1 changed files with 1 additions and 0 deletions
|
|
@ -123,6 +123,7 @@ class BackendModel:
|
|||
return any(self.match_filter(subfilter) for subfilter in filter)
|
||||
|
||||
# If attribute are models, resolve the instance
|
||||
filter = filter.copy()
|
||||
for attribute, value in filter.items():
|
||||
model, _ = self.get_model_annotations(attribute)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue