diff --git a/pandora/archive/models.py b/pandora/archive/models.py index 98f18bb25..06f88ef78 100644 --- a/pandora/archive/models.py +++ b/pandora/archive/models.py @@ -434,6 +434,17 @@ class File(models.Model): for k in list(data): if k not in keys: del data[k] + can_see_media = False + if not user.is_anonymous(): + can_see_media = user.profile.capability('canSeeMedia') or \ + user.is_staff or \ + self.item.user == user or \ + self.item.groups.filter(id__in=user.groups.all()).count() > 0 + if not can_see_media: + if 'instances' in data: + data['instances'] = [] + if 'path' in data: + data['path'] = os.path.basename(data['path']) return data def all_paths(self): diff --git a/pandora/archive/views.py b/pandora/archive/views.py index 48ee39827..9cdde30bf 100644 --- a/pandora/archive/views.py +++ b/pandora/archive/views.py @@ -641,7 +641,7 @@ def findMedia(request, data): qs = qs.select_related() keys = query['keys'] qs = qs[query['range'][0]:query['range'][1]] - response['data']['items'] = [f.json(keys) for f in qs] + response['data']['items'] = [f.json(keys, user=request.user) for f in qs] else: # otherwise stats files = query['qs'] response['data']['items'] = files.count()