diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-03-28 13:17:29 +0200 | 
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-03-29 18:25:09 +0200 | 
| commit | 964ce0244baf55cc1af1029b67f991a0865f1f3c (patch) | |
| tree | 72aaceee89f2fe1e30602314d2871bb433fd5a15 | |
| parent | 9356c39d093063a7127ad4634492a3450aa698fe (diff) | |
| download | Ishtar-964ce0244baf55cc1af1029b67f991a0865f1f3c.tar.bz2 Ishtar-964ce0244baf55cc1af1029b67f991a0865f1f3c.zip | |
Access control: fix get owns query for UEs, finds, warehouses and containers
| -rw-r--r-- | archaeological_context_records/models.py | 7 | ||||
| -rw-r--r-- | archaeological_files/models.py | 2 | ||||
| -rw-r--r-- | archaeological_finds/models_finds.py | 11 | ||||
| -rw-r--r-- | archaeological_warehouse/models.py | 11 | 
4 files changed, 22 insertions, 9 deletions
| diff --git a/archaeological_context_records/models.py b/archaeological_context_records/models.py index 4df56c49f..a16b4cae7 100644 --- a/archaeological_context_records/models.py +++ b/archaeological_context_records/models.py @@ -365,9 +365,10 @@ class ContextRecord(BaseHistorizedItem, ImageModel, OwnPerms,      @classmethod      def get_query_owns(cls, user): -        return Q(operation__scientist=user.ishtaruser.person) |\ -            Q(operation__in_charge=user.ishtaruser.person) |\ -            Q(history_creator=user) +        return (Q(operation__scientist=user.ishtaruser.person) | +                Q(operation__in_charge=user.ishtaruser.person) | +                Q(history_creator=user)) \ +            & Q(operation__end_date__isnull=True)      @classmethod      def get_owns(cls, user, menu_filtr=None, limit=None, diff --git a/archaeological_files/models.py b/archaeological_files/models.py index 7f37a298f..52f628817 100644 --- a/archaeological_files/models.py +++ b/archaeological_files/models.py @@ -1,6 +1,6 @@  #!/usr/bin/env python  # -*- coding: utf-8 -*- -# Copyright (C) 2012-2016 Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet> +# Copyright (C) 2012-2017 Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>  # This program is free software: you can redistribute it and/or modify  # it under the terms of the GNU Affero General Public License as diff --git a/archaeological_finds/models_finds.py b/archaeological_finds/models_finds.py index c54fd1ed9..cbd13e925 100644 --- a/archaeological_finds/models_finds.py +++ b/archaeological_finds/models_finds.py @@ -868,11 +868,12 @@ class Find(BaseHistorizedItem, ImageModel, OwnPerms, ShortMenuItem):      @classmethod      def get_query_owns(cls, user): -        return Q(base_finds__context_record__operation__scientist=user. -                 ishtaruser.person) | \ -            Q(base_finds__context_record__operation__in_charge=user. -              ishtaruser.person) | \ -            Q(history_creator=user) +        return (Q(base_finds__context_record__operation__scientist=user. +                 ishtaruser.person) | +                Q(base_finds__context_record__operation__in_charge=user. +                  ishtaruser.person) | +                Q(history_creator=user)) \ +           & Q(base_finds__context_record__operation__end_date__isnull=True)      @classmethod      def get_owns(cls, user, menu_filtr=None, limit=None, diff --git a/archaeological_warehouse/models.py b/archaeological_warehouse/models.py index d1918f46a..fe054a37b 100644 --- a/archaeological_warehouse/models.py +++ b/archaeological_warehouse/models.py @@ -21,6 +21,7 @@ import datetime  from django.conf import settings  from django.contrib.gis.db import models +from django.db.models import Q  from django.db.models.signals import post_save, post_delete  from django.template.defaultfilters import slugify  from django.utils.translation import ugettext_lazy as _, ugettext @@ -78,6 +79,10 @@ class Warehouse(Address, OwnPerms):          return datetime.date.today().strftime('%Y-%m-%d') + '-' + \                 slugify(unicode(self)) +    @classmethod +    def get_query_owns(cls, user): +        return Q(person_in_charge__ishtaruser=user.ishtaruser) +      def save(self, *args, **kwargs):          super(Warehouse, self).save(*args, **kwargs)          for container in self.containers.all(): @@ -208,6 +213,12 @@ class Container(LightHistorizedItem, ImageModel):          cached_label = u" - ".join(items)          return cached_label +    @classmethod +    def get_query_owns(cls, user): +        return Q(history_creator=user) | \ +            Q(location__person_in_charge__ishtaruser=user.ishtaruser) | \ +            Q(responsible__person_in_charge__ishtaruser=user.ishtaruser) +      @property      def associated_filename(self):          filename = datetime.date.today().strftime('%Y-%m-%d') | 
