fix group access to info page
This commit is contained in:
parent
73ee17d1e5
commit
41b979b061
2 changed files with 3 additions and 7 deletions
|
@ -197,11 +197,7 @@ class Item(models.Model):
|
||||||
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
|
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
|
||||||
if self.level <= allowed_level:
|
if self.level <= allowed_level:
|
||||||
return True
|
return True
|
||||||
elif user.is_authenticated() and \
|
return self.editable(user)
|
||||||
(self.user == user or \
|
|
||||||
self.groups.filter(id__in=user.groups.all()).count() > 0):
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
def editable(self, user):
|
def editable(self, user):
|
||||||
if user.is_anonymous():
|
if user.is_anonymous():
|
||||||
|
|
|
@ -474,11 +474,11 @@ def get(request):
|
||||||
if data['keys'] and 'files' in data['keys']:
|
if data['keys'] and 'files' in data['keys']:
|
||||||
info['files'] = item.get_files(request.user)
|
info['files'] = item.get_files(request.user)
|
||||||
if not data['keys'] or 'groups' in data['keys'] \
|
if not data['keys'] or 'groups' in data['keys'] \
|
||||||
and request.user.get_profile().capability('canEditMetadata'):
|
and item.editable(request.user):
|
||||||
info['groups'] = [g.name for g in item.groups.all()]
|
info['groups'] = [g.name for g in item.groups.all()]
|
||||||
for k in settings.CONFIG['itemKeys']:
|
for k in settings.CONFIG['itemKeys']:
|
||||||
if 'capability' in k \
|
if 'capability' in k \
|
||||||
and not (request.user == item.user or has_capability(request.user, k['capability'])) \
|
and not (item.editable(request.user) or has_capability(request.user, k['capability'])) \
|
||||||
and k['id'] in info \
|
and k['id'] in info \
|
||||||
and k['id'] not in ('parts', 'durations', 'duration'):
|
and k['id'] not in ('parts', 'durations', 'duration'):
|
||||||
del info[k['id']]
|
del info[k['id']]
|
||||||
|
|
Loading…
Reference in a new issue