users can see private items if they own it. limit to max_level instead, a80af1 fixup
This commit is contained in:
parent
99a135c7d3
commit
623bbd472c
1 changed files with 2 additions and 3 deletions
|
@ -233,9 +233,8 @@ class Item(models.Model):
|
||||||
def editable(self, user):
|
def editable(self, user):
|
||||||
if user.is_anonymous:
|
if user.is_anonymous:
|
||||||
return False
|
return False
|
||||||
level = user.profile.get_level()
|
max_level = len(settings.CONFIG['rightsLevels'])
|
||||||
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
|
if self.level > max_level:
|
||||||
if self.level > allowed_level:
|
|
||||||
return False
|
return False
|
||||||
if user.profile.capability('canEditMetadata') or \
|
if user.profile.capability('canEditMetadata') or \
|
||||||
user.is_staff or \
|
user.is_staff or \
|
||||||
|
|
Loading…
Reference in a new issue