# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1253548828 -7200
# Node ID 10ad3869fc928269207d9f0778a31483df6866b2
# Parent  699949007fc229f5cb7405f2aaf5d386c34e9f17
[selector] check read perm if action is add/update/delete

diff -r 699949007fc2 -r 10ad3869fc92 selectors.py
--- a/selectors.py	Mon Sep 21 17:59:22 2009 +0200
+++ b/selectors.py	Mon Sep 21 18:00:28 2009 +0200
@@ -669,6 +669,10 @@
         if not (rschema.has_perm(req, self.action)
                 or rschema.has_local_role(self.action)):
             return 0
+        if self.action != 'read':
+            if not (rschema.has_perm(req, 'read')
+                    or rschema.has_local_role('read')):
+                return 0
         score = super(relation_possible, self).__call__(cls, req, *args, **kwargs)
         return score