rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-05 01:16:27 +00:00
Code Issues Releases Wiki Activity

Fix history acl

Browse source
This commit is contained in:
Hugo Levy-Falk 2020-08-28 20:16:44 +01:00 committed by klafyvel
parent 73a4d2fa27
commit b4ca715695
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
logs/views.py
View file

@ -536,6 +536,8 @@ def get_history_object(request, model, object_name, object_id):
instance = None
if instance is None:
# TODO : THIS IS A DECORATOR, YOU CANNOT USE IT LIKE THIS. AS IT, IT
# WILL ALLOW ANYONE TO SEE THE HISTORY OF A DELETED OBJECT.
authorized = can_view_app("logs")
msg = None
else:
@ -581,7 +583,7 @@ def history(request, application, object_name, object_id):
raise Http404(_("No model found."))
authorized, instance = get_history_object(request, model, object_name, object_id)
if not can_view:
if not authorized:
return instance
history = get_history_class(model)