8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-25 22:22:26 +00:00

Fix history acl

This commit is contained in:
Hugo Levy-Falk 2020-08-28 20:16:44 +01:00 committed by Gabriel Detraz
parent 360458541a
commit f4c5101b35

View file

@ -536,6 +536,8 @@ def get_history_object(request, model, object_name, object_id):
instance = None instance = None
if instance is None: if instance is None:
# TODO : THIS IS A DECORATOR, YOU CANNOT USE IT LIKE THIS. AS IT, IT
# WILL ALLOW ANYONE TO SEE THE HISTORY OF A DELETED OBJECT.
authorized = can_view_app("logs") authorized = can_view_app("logs")
msg = None msg = None
else: else:
@ -581,7 +583,7 @@ def history(request, application, object_name, object_id):
raise Http404(_("No model found.")) raise Http404(_("No model found."))
authorized, instance = get_history_object(request, model, object_name, object_id) authorized, instance = get_history_object(request, model, object_name, object_id)
if not can_view: if not authorized:
return instance return instance
history = get_history_class(model) history = get_history_class(model)