nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

fix(access): Ensure that if method not allowed, exception is thrown first before perms check

Browse Source 
ref: #833
This commit is contained in:
Jon Lockwood
2025-06-16 16:22:47 +09:30
parent 0b8b0bc850
commit ef6ebcdcf4
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/access/mixins/permissions.py
View File

@ -110,6 +110,12 @@ class OrganizationPermissionMixin(
raise centurion_exceptions.NotAuthenticated() raise centurion_exceptions.NotAuthenticated()
if request.method not in view.allowed_methods:
raise centurion_exceptions.MethodNotAllowed(method = request.method)
try: try:
if ( if (
@ -153,12 +159,7 @@ class OrganizationPermissionMixin(
has_permission_required: bool = permission_required in user_permissions has_permission_required: bool = permission_required in user_permissions
if request.method not in view.allowed_methods: if not has_permission_required and not request.user.is_superuser:
raise centurion_exceptions.MethodNotAllowed(method = request.method)
elif not has_permission_required and not request.user.is_superuser:
raise centurion_exceptions.PermissionDenied() raise centurion_exceptions.PermissionDenied()