Skip to content

Commit 28c56dc

Browse files
authored
Merge pull request #863 from MerginMaps/auth_db_check_role
Check role first
2 parents f8193e8 + 0161275 commit 28c56dc

1 file changed

Lines changed: 6 additions & 5 deletions

File tree

Mergin/utils_auth.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -620,18 +620,19 @@ def get_auth_config_hash(self, auth_ids: typing.List[str]) -> str:
620620
def export_auth(self, client) -> None:
621621
"""Export auth DB credentials for protected layers if they have changed"""
622622

623+
# permission check - auth config .xml file can be modified from the writer role above
624+
project_info = client.project_info(self.mp.project_full_name())
625+
role = project_info.get("role")
626+
if not (role and role in ("writer", "owner")):
627+
return
628+
623629
referenced_ids = self.get_layers_auth_ids()
624630
available_ids = self.auth_mngr.configIds()
625631
auth_ids = [aid for aid in referenced_ids if aid in available_ids]
626-
627632
if not auth_ids:
628633
if os.path.exists(self.auth_file):
629634
os.remove(self.auth_file)
630635
return
631-
project_info = client.project_info(self.mp.project_full_name())
632-
role = project_info.get("role")
633-
if not (role and role in ("writer", "owner")):
634-
return
635636

636637
if not self.auth_mngr.masterPasswordIsSet():
637638
self.mp.log.warning("Master Password not set. Cannot export auth configs.")

0 commit comments

Comments
 (0)