forked from 0x2620/pandora
allow users to only edit there own groups
This commit is contained in:
parent
ef0aca6acb
commit
d599781d50
1 changed files with 7 additions and 0 deletions
|
@ -559,6 +559,13 @@ def edit(request, data):
|
||||||
item.user = new_user
|
item.user = new_user
|
||||||
update_clips = True
|
update_clips = True
|
||||||
del data['user']
|
del data['user']
|
||||||
|
if 'groups' in data:
|
||||||
|
if not request.user.get_profile().capability('canManageUsers'):
|
||||||
|
# Users wihtout canManageUsers can only add/remove groups they are not in
|
||||||
|
groups = set([g.name for g in item.groups.all()])
|
||||||
|
user_groups = set([g.name for g in request.user.groups.all()])
|
||||||
|
other_groups = list(groups - user_groups)
|
||||||
|
data['groups'] = [g for g in data['groups'] if g in user_groups] + other_groups
|
||||||
r = item.edit(data)
|
r = item.edit(data)
|
||||||
if r:
|
if r:
|
||||||
r.wait()
|
r.wait()
|
||||||
|
|
Loading…
Reference in a new issue