forked from Github-Mirrors/canaille
6a6350e368
The `match_filter` method evaluate filters, and queries objects from their ids. The value was stored in the `filter` arg, but being a dict it was re-used during the following calls of `match_filter`. After editing the `admin` group (by adding or removing an user), a new page is displayed, and as always it checks the user permissions. The user permission check would call `match_filter` then compare an updated version of the admin group (with one less or one new user) with an unfortunate *cached* version in the `match_filter` `filter` arg. With the SQL or the memory backend the comparision would be successful, but it is not with the LDAP backend. This resulted in permission loss for users after editing the `admin` group. Being a method default value edited, it would remain until the Canaille service was reloaded. Related to https://stackoverflow.com/questions/1132941/least-astonishment-and-the-mutable-default-argument |
||
|---|---|---|
| .. | ||
| ldap | ||
| memory | ||
| sql | ||
| __init__.py | ||
| commands.py | ||
| models.py | ||