diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-03-29 19:42:02 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-03-29 19:42:02 +0200 |
| commit | 88359ac26f56f3c6dae232bb9af529b9a35c758e (patch) | |
| tree | d509f42b35d7a51c7c01cae9d3d89b425c3e7a26 | |
| parent | 8ff14b5402eb5af8685d2c3783b3bd5bdb2ec9a2 (diff) | |
| download | Ishtar-88359ac26f56f3c6dae232bb9af529b9a35c758e.tar.bz2 Ishtar-88359ac26f56f3c6dae232bb9af529b9a35c758e.zip | |
Access control: collaborators are included in get_own_query for operations, context records and finds (refs #3196)
| -rw-r--r-- | archaeological_context_records/models.py | 1 | ||||
| -rw-r--r-- | archaeological_finds/models_finds.py | 2 | ||||
| -rw-r--r-- | archaeological_operations/models.py | 6 |
3 files changed, 7 insertions, 2 deletions
diff --git a/archaeological_context_records/models.py b/archaeological_context_records/models.py index a16b4cae7..bba9c643b 100644 --- a/archaeological_context_records/models.py +++ b/archaeological_context_records/models.py @@ -367,6 +367,7 @@ class ContextRecord(BaseHistorizedItem, ImageModel, OwnPerms, def get_query_owns(cls, user): return (Q(operation__scientist=user.ishtaruser.person) | Q(operation__in_charge=user.ishtaruser.person) | + Q(operation__collaborators__pk=user.ishtaruser.person.pk) | Q(history_creator=user)) \ & Q(operation__end_date__isnull=True) diff --git a/archaeological_finds/models_finds.py b/archaeological_finds/models_finds.py index cbd13e925..735bc01a8 100644 --- a/archaeological_finds/models_finds.py +++ b/archaeological_finds/models_finds.py @@ -872,6 +872,8 @@ class Find(BaseHistorizedItem, ImageModel, OwnPerms, ShortMenuItem): ishtaruser.person) | Q(base_finds__context_record__operation__in_charge=user. ishtaruser.person) | + Q(base_finds__context_record__operation__collaborators__pk=user. + ishtaruser.person.pk) | Q(history_creator=user)) \ & Q(base_finds__context_record__operation__end_date__isnull=True) diff --git a/archaeological_operations/models.py b/archaeological_operations/models.py index 782f9cf35..13997a632 100644 --- a/archaeological_operations/models.py +++ b/archaeological_operations/models.py @@ -572,8 +572,10 @@ class Operation(ClosedItem, BaseHistorizedItem, ImageModel, OwnPerms, @classmethod def get_query_owns(cls, user): - return (Q(in_charge=user.ishtaruser.person) |\ - Q(scientist=user.ishtaruser.person) |\ + return ( + Q(in_charge=user.ishtaruser.person) | + Q(scientist=user.ishtaruser.person) | + Q(collaborators__pk=user.ishtaruser.person.pk) | Q(history_creator=user)) & Q(end_date__isnull=True) def is_active(self): |