Skip to content

Commit

Permalink
Bypass permissions check as command does not have a user
Browse files Browse the repository at this point in the history
  • Loading branch information
@eos87
eos87 committed May 7, 2024
1 parent 7756ce7 commit 38e904c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion server/liveblog/instance_settings/instance_settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,8 @@ def is_user_authorized(self):
return flask.g.user.get("is_support", False)

def create(self, docs, **kwargs):
if not self.is_user_authorized():
# skip permissions if it's comming from initialize_data command
if not app.is_initialize_data and not self.is_user_authorized():
raise SuperdeskApiError.forbiddenError(
message="You do not have permissions to execute this action."
)
Expand Down
3 changes: 2 additions & 1 deletion server/liveblog/prepopulate/app_initialize.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
__entities__ = OrderedDict(
[
("global_preferences", ("global_preferences.json", ["key"], False)),
("instance_settings", ("instance_settings.json", ["settings"], False)),
("instance_settings", ("instance_settings.json", ["settings"], True)),
("roles", ("roles.json", ["name"], True)),
("users", ("users.json", [], False)),
("stages", ("stages.json", ["desk"], False)),
Expand Down Expand Up @@ -293,6 +293,7 @@ def run(

# create indexes in mongo
app.init_indexes()
app.is_initialize_data = True

if init_index_only:
logger.info("Only indexes initialized.")
Expand Down

0 comments on commit 38e904c

Please sign in to comment.