8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-26 00:43:46 +00:00

Bug dans les checks d'acl : suppression de droits et gestion sur profil

This commit is contained in:
Gabriel Detraz 2018-01-01 17:31:46 +01:00 committed by root
parent 54d69790b7
commit c62e3998a3
2 changed files with 5 additions and 5 deletions

View file

@ -78,8 +78,8 @@ def can_edit(model, *field_list):
kwargs={'userid':str(request.user.id)}
))
for field in field_list:
can_create = getattr(model, 'can_change_' + field)
can, msg = can_create(instance, request.user, *args, **kwargs)
can_change = getattr(model, 'can_change_' + field)
can, msg = can_change(request.user, *args, **kwargs)
if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil',
@ -97,8 +97,8 @@ def can_change(model, *field_list):
def decorator(view):
def wrapper(request, *args, **kwargs):
for field in field_list:
can_create = getattr(model, 'can_change_' + field)
can, msg = can_create(request.user, *args, **kwargs)
can_change = getattr(model, 'can_change_' + field)
can, msg = can_change(request.user, *args, **kwargs)
if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil',

View file

@ -274,7 +274,7 @@ def password(request, user, userid):
@login_required
@can_edit(User)
@can_edit(User, 'groups')
def del_group(request, user, userid, listrightid):
with transaction.atomic(), reversion.create_revision():
user.groups.remove(ListRight.objects.get(id=listrightid))