8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-01 17:12:26 +00:00

Bug dans les checks d'acl : suppression de droits et gestion sur profil

This commit is contained in:
Gabriel Detraz 2018-01-01 17:31:46 +01:00 committed by root
parent 54d69790b7
commit c62e3998a3
2 changed files with 5 additions and 5 deletions

View file

@ -78,8 +78,8 @@ def can_edit(model, *field_list):
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
)) ))
for field in field_list: for field in field_list:
can_create = getattr(model, 'can_change_' + field) can_change = getattr(model, 'can_change_' + field)
can, msg = can_create(instance, request.user, *args, **kwargs) can, msg = can_change(request.user, *args, **kwargs)
if not can: if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil', return redirect(reverse('users:profil',
@ -97,8 +97,8 @@ def can_change(model, *field_list):
def decorator(view): def decorator(view):
def wrapper(request, *args, **kwargs): def wrapper(request, *args, **kwargs):
for field in field_list: for field in field_list:
can_create = getattr(model, 'can_change_' + field) can_change = getattr(model, 'can_change_' + field)
can, msg = can_create(request.user, *args, **kwargs) can, msg = can_change(request.user, *args, **kwargs)
if not can: if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil', return redirect(reverse('users:profil',

View file

@ -274,7 +274,7 @@ def password(request, user, userid):
@login_required @login_required
@can_edit(User) @can_edit(User, 'groups')
def del_group(request, user, userid, listrightid): def del_group(request, user, userid, listrightid):
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
user.groups.remove(ListRight.objects.get(id=listrightid)) user.groups.remove(ListRight.objects.get(id=listrightid))