forked from 0x2620/pandora
users can see private items if they own it. limit to max_level instead, a80af1 fixup
This commit is contained in:
parent
99a135c7d3
commit
623bbd472c
1 changed files with 2 additions and 3 deletions
|
@ -233,9 +233,8 @@ class Item(models.Model):
|
|||
def editable(self, user):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
level = user.profile.get_level()
|
||||
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
|
||||
if self.level > allowed_level:
|
||||
max_level = len(settings.CONFIG['rightsLevels'])
|
||||
if self.level > max_level:
|
||||
return False
|
||||
if user.profile.capability('canEditMetadata') or \
|
||||
user.is_staff or \
|
||||
|
|
Loading…
Reference in a new issue