decentral1se/pandora
1
0
Fork 0
forked from 0x2620/pandora
Code Issues Pull requests Projects Releases Wiki Activity

not editable if rightslevel is > allowed level

Browse source
This commit is contained in:
j 2022-12-08 12:26:17 +01:00
parent ffc2504c0f
commit a80af18400
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pandora/item/models.py
View file

@ -233,6 +233,10 @@ class Item(models.Model):
def editable(self, user): def editable(self, user):
if user.is_anonymous: if user.is_anonymous:
return False return False
level = user.profile.get_level()
allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
if self.level > allowed_level:
return False
if user.profile.capability('canEditMetadata') or \ if user.profile.capability('canEditMetadata') or \
user.is_staff or \ user.is_staff or \
self.user == user or \ self.user == user or \