not editable if rightslevel is > allowed level

2022-12-08 12:26:17 +01:00 · 2022-12-08 12:26:17 +01:00 · a80af18400
commit a80af18400
parent ffc2504c0f
1 changed files with 4 additions and 0 deletions
--- a/pandora/item/models.py
+++ b/pandora/item/models.py
@ -233,6 +233,10 @@ class Item(models.Model):
    def editable(self, user):
        if user.is_anonymous:
            return False
+        level = user.profile.get_level()
+        allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
+        if self.level > allowed_level:
+            return False
        if user.profile.capability('canEditMetadata') or \
           user.is_staff or \
           self.user == user or \