@@ -123,8 +123,12 @@ def __get_product(self, session, product):
123123
124124 args = {'config_db_session' : session ,
125125 'productID' : product .id }
126- product_access = permissions .require_permission (
126+
127+ has_product_permission = permissions .require_permission (
127128 permissions .PRODUCT_VIEW , args , self .__auth_session )
129+ has_global_permission = permissions .require_permission (
130+ permissions .PERMISSION_VIEW , args , self .__auth_session )
131+ has_access_permission = has_product_permission or has_global_permission
128132
129133 admin_perm_name = permissions .PRODUCT_ADMIN .name
130134 admins = session .query (ProductPermission ). \
@@ -154,7 +158,7 @@ def __get_product(self, session, product):
154158 runCount = product .num_of_runs ,
155159 latestStoreToProduct = latest_storage_date ,
156160 connected = connected ,
157- accessible = product_access ,
161+ accessible = has_access_permission ,
158162 administrating = self .__administrating (args ),
159163 databaseStatus = server_product .db_status ,
160164 admins = [admin .name for admin in admins ],
@@ -260,9 +264,10 @@ def getProductConfiguration(self, product_id):
260264 Get the product configuration --- WITHOUT THE DB PASSWORD --- of the
261265 given product.
262266 """
263- self .__require_permission ([permissions .PRODUCT_VIEW ], {
264- 'productID' : product_id
265- })
267+ self .__require_permission ([
268+ permissions .PRODUCT_VIEW ,
269+ permissions .PERMISSION_VIEW
270+ ], {'productID' : product_id })
266271
267272 with DBSession (self .__session ) as session :
268273 product = session .query (Product ).get (product_id )
0 commit comments