[#6712] Don't balloon ProjectRoles when checking for blocked users Signed-off-by: Cory Johns <cjohns@slashdotmedia.com>

commit: 9012935a33b62cddcf8a75ce4a651118b128afda [log] [tgz]
author: Cory Johns <cjohns@slashdotmedia.com> Thu Sep 26 19:03:30 2013 +0000
committer: Cory Johns <cjohns@slashdotmedia.com> Thu Sep 26 19:03:30 2013 +0000
tree: 98ef208d3f0d6211c5f2520c0a86043b91e860cb
parent: 46fffb6ff874db9bb3b8d276aec92a712d1a2725 [diff]
diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index a211ae2..4e917b6 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py

@@ -299,10 +299,11 @@
                     project = project.root_project
             roles = cred.user_roles(user_id=user._id, project_id=project._id).reaching_ids
         if user != M.User.anonymous():
-            user_role = user.project_role(project=project)
-            deny_user = M.ACE.deny(user_role._id, permission)
-            if M.ACL.contains(deny_user, obj.acl):
-                return False
+            user_role = M.ProjectRole.by_user(user, project)
+            if user_role:
+                deny_user = M.ACE.deny(user_role._id, permission)
+                if M.ACL.contains(deny_user, obj.acl):
+                    return False
         chainable_roles = []
         for rid in roles:
             for ace in obj.acl:
commit	9012935a33b62cddcf8a75ce4a651118b128afda	[log] [tgz]
author	Cory Johns <cjohns@slashdotmedia.com>	Thu Sep 26 19:03:30 2013 +0000
committer	Cory Johns <cjohns@slashdotmedia.com>	Thu Sep 26 19:03:30 2013 +0000
tree	98ef208d3f0d6211c5f2520c0a86043b91e860cb
parent	46fffb6ff874db9bb3b8d276aec92a712d1a2725 [diff]