8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-25 08:23:46 +00:00

fix de @can_edit

This commit is contained in:
Hugo LEVY-FALK 2017-11-30 00:46:23 +01:00
parent 67b519d2fb
commit d9c172ea13
2 changed files with 5 additions and 4 deletions

View file

@ -79,12 +79,12 @@ def can_edit(model, *instance_id):
instances = {} instances = {}
for i in instance_id: for i in instance_id:
try: try:
instances[i] = model.objects.get(pk=i) instances[i] = model.objects.get(pk=kwargs[i])
except model.DoesNotExist: except model.DoesNotExist:
messages.error(request, u"Entrée inexistante") messages.error(request, u"Entrée inexistante")
return redirect(reverse('users:index')) return redirect(reverse('users:index'))
kwargs['instances'] = instances kwargs['instances'] = instances
can = all(model.can_edit(request, instances[i]) for i in instances) can = all(model.can_edit(instances[i], request.user) for i in instances)
if not can: if not can:
messages.error(request, "Vous ne pouvez pas accéder à ce menu") messages.error(request, "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil', return redirect(reverse('users:profil',

View file

@ -92,7 +92,7 @@ from machines.models import Machine
from preferences.models import OptionalUser, GeneralOption from preferences.models import OptionalUser, GeneralOption
from re2o.views import form from re2o.views import form
from re2o.utils import all_has_access, SortTable, can_create from re2o.utils import all_has_access, SortTable, can_create, can_edit
def password_change_action(u_form, user, request, req=False): def password_change_action(u_form, user, request, req=False):
""" Fonction qui effectue le changeemnt de mdp bdd""" """ Fonction qui effectue le changeemnt de mdp bdd"""
@ -203,7 +203,8 @@ def select_user_edit_form(request, user):
@login_required @login_required
def edit_info(request, userid): @can_edit(User, 'userid')
def edit_info(request, userid, **kwargs):
""" Edite un utilisateur à partir de son id, """ Edite un utilisateur à partir de son id,
si l'id est différent de request.user, vérifie la si l'id est différent de request.user, vérifie la
possession du droit cableur """ possession du droit cableur """