Mercurial > kallithea
changeset 5328:b580691553f5
auth: turn dead AuthUser code into assertion
The result of db.User.get_dict never contains the keys 'api_keys' or
'permissions'. The keys returned by get_dict are 1) all the User table
columns, 2) the keys explicitly defined in User.__json__, and 3) the
keys defined in User.get_api_data, none of which include the two
blacklisted keys.
'api_keys' would be returned if __json__ called get_api_data with
argument details=True; but currently that is not the case.
In case there's a reason why these two keys must never appear in an
AuthUser object, the check has not been removed entirely; instead, it's
been turned into an assertion. This way, it will be noticed if __json__
is later modified to request detailed API data, for instance.
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Sun, 26 Jul 2015 14:10:44 +0200 |
parents | fd80edc4aa20 |
children | cd64e53de17b |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Sun Jul 26 14:10:42 2015 +0200 +++ b/kallithea/lib/auth.py Sun Jul 26 14:10:44 2015 +0200 @@ -529,8 +529,8 @@ if dbuser is not None and dbuser.active: log.debug('filling %s data', dbuser) for k, v in dbuser.get_dict().iteritems(): - if k not in ['api_keys', 'permissions']: - setattr(self, k, v) + assert k not in ['api_keys', 'permissions'] + setattr(self, k, v) return True return False