From 60a55ea1e068818a75712a0c2510f7ffe4a1c2b1 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Thu, 23 Apr 2020 12:59:38 +0200 Subject: [PATCH] Fix permission check --- users/migrations/0091_auto_20200423_1256.py | 19 +++++++++++++++++++ users/models.py | 7 ++++--- 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 users/migrations/0091_auto_20200423_1256.py diff --git a/users/migrations/0091_auto_20200423_1256.py b/users/migrations/0091_auto_20200423_1256.py new file mode 100644 index 00000000..b2ffca92 --- /dev/null +++ b/users/migrations/0091_auto_20200423_1256.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.11.28 on 2020-04-23 10:56 +from __future__ import unicode_literals + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0090_auto_20200421_1825'), + ] + + operations = [ + migrations.AlterModelOptions( + name='user', + options={'permissions': (('change_user_password', 'Can change the password of a user'), ('change_user_state', 'Can edit the state of a user'), ('change_user_force', 'Can force the move'), ('change_user_shell', 'Can edit the shell of a user'), ('change_user_pseudo', 'Can edit the pseudo of a user'), ('change_user_groups', 'Can edit the groups of rights of a user (critical permission)'), ('change_all_users', 'Can edit all users, including those with rights'), ('view_user', 'Can view a user object')), 'verbose_name': 'user (member or club)', 'verbose_name_plural': 'users (members or clubs)'}, + ), + ] diff --git a/users/models.py b/users/models.py index 4a3f7fb4..9912893e 100755 --- a/users/models.py +++ b/users/models.py @@ -252,6 +252,7 @@ class User( ("change_user_state", _("Can edit the state of a user")), ("change_user_force", _("Can force the move")), ("change_user_shell", _("Can edit the shell of a user")), + ("change_user_pseudo", _("Can edit the pseudo of a user")), ( "change_user_groups", _("Can edit the groups of rights of a user (critical permission)"), @@ -1180,12 +1181,12 @@ class User( self.pk == user_request.pk and OptionalUser.get_cached_value("self_change_pseudo") ) - or user_request.has_perm("users.change_user_shell") + or user_request.has_perm("users.change_user_pseudo") ): return ( False, - _("You don't have the right to change the shell."), - ("users.change_user_shell",), + _("You don't have the right to change the pseudo."), + ("users.change_user_pseudo",), ) else: return True, None, None