mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-22 11:23:10 +00:00
Fix history acl
This commit is contained in:
parent
360458541a
commit
f4c5101b35
1 changed files with 3 additions and 1 deletions
|
@ -536,6 +536,8 @@ def get_history_object(request, model, object_name, object_id):
|
||||||
instance = None
|
instance = None
|
||||||
|
|
||||||
if instance is None:
|
if instance is None:
|
||||||
|
# TODO : THIS IS A DECORATOR, YOU CANNOT USE IT LIKE THIS. AS IT, IT
|
||||||
|
# WILL ALLOW ANYONE TO SEE THE HISTORY OF A DELETED OBJECT.
|
||||||
authorized = can_view_app("logs")
|
authorized = can_view_app("logs")
|
||||||
msg = None
|
msg = None
|
||||||
else:
|
else:
|
||||||
|
@ -581,7 +583,7 @@ def history(request, application, object_name, object_id):
|
||||||
raise Http404(_("No model found."))
|
raise Http404(_("No model found."))
|
||||||
|
|
||||||
authorized, instance = get_history_object(request, model, object_name, object_id)
|
authorized, instance = get_history_object(request, model, object_name, object_id)
|
||||||
if not can_view:
|
if not authorized:
|
||||||
return instance
|
return instance
|
||||||
|
|
||||||
history = get_history_class(model)
|
history = get_history_class(model)
|
||||||
|
|
Loading…
Reference in a new issue