mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-27 15:12:25 +00:00
Bug dans les checks d'acl : suppression de droits et gestion sur profil
This commit is contained in:
parent
dd4a695dcf
commit
836d68fb7e
2 changed files with 5 additions and 5 deletions
|
@ -78,8 +78,8 @@ def can_edit(model, *field_list):
|
||||||
kwargs={'userid':str(request.user.id)}
|
kwargs={'userid':str(request.user.id)}
|
||||||
))
|
))
|
||||||
for field in field_list:
|
for field in field_list:
|
||||||
can_create = getattr(model, 'can_change_' + field)
|
can_change = getattr(model, 'can_change_' + field)
|
||||||
can, msg = can_create(instance, request.user, *args, **kwargs)
|
can, msg = can_change(request.user, *args, **kwargs)
|
||||||
if not can:
|
if not can:
|
||||||
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
|
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
|
||||||
return redirect(reverse('users:profil',
|
return redirect(reverse('users:profil',
|
||||||
|
@ -97,8 +97,8 @@ def can_change(model, *field_list):
|
||||||
def decorator(view):
|
def decorator(view):
|
||||||
def wrapper(request, *args, **kwargs):
|
def wrapper(request, *args, **kwargs):
|
||||||
for field in field_list:
|
for field in field_list:
|
||||||
can_create = getattr(model, 'can_change_' + field)
|
can_change = getattr(model, 'can_change_' + field)
|
||||||
can, msg = can_create(request.user, *args, **kwargs)
|
can, msg = can_change(request.user, *args, **kwargs)
|
||||||
if not can:
|
if not can:
|
||||||
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
|
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
|
||||||
return redirect(reverse('users:profil',
|
return redirect(reverse('users:profil',
|
||||||
|
|
|
@ -274,7 +274,7 @@ def password(request, user, userid):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_edit(User)
|
@can_edit(User, 'groups')
|
||||||
def del_group(request, user, userid, listrightid):
|
def del_group(request, user, userid, listrightid):
|
||||||
with transaction.atomic(), reversion.create_revision():
|
with transaction.atomic(), reversion.create_revision():
|
||||||
user.groups.remove(ListRight.objects.get(id=listrightid))
|
user.groups.remove(ListRight.objects.get(id=listrightid))
|
||||||
|
|
Loading…
Reference in a new issue