equal
deleted
inserted
replaced
287 result = (not allow_read) or (allow_read == ['*']) or (user in allow_read) |
287 result = (not allow_read) or (allow_read == ['*']) or (user in allow_read) |
288 if not result: |
288 if not result: |
289 raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') |
289 raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') |
290 |
290 |
291 if op == 'pull' and not self.allowpull: |
291 if op == 'pull' and not self.allowpull: |
292 raise ErrorResponse(HTTP_OK, '') |
292 raise ErrorResponse(HTTP_UNAUTHORIZED, 'pull not authorized') |
293 # op is None when checking allow/deny_read permissions for a web-browser request |
293 # op is None when checking allow/deny_read permissions for a web-browser request |
294 elif op == 'pull' or op is None: |
294 elif op == 'pull' or op is None: |
295 return |
295 return |
296 |
296 |
297 # enforce that you can only push using POST requests |
297 # enforce that you can only push using POST requests |