diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-10-09 19:36:23 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-10-09 19:36:23 +0200 |
| commit | 810a87e4b7e15d6ffe4b7b04538db264fb755318 (patch) | |
| tree | 1033ed63c29b1b3209b7d4a36d8c5c85b4414926 | |
| parent | 3f9cd81a27874c39f5b96e2038daaedd02dbe4ec (diff) | |
| download | Ishtar-810a87e4b7e15d6ffe4b7b04538db264fb755318.tar.bz2 Ishtar-810a87e4b7e15d6ffe4b7b04538db264fb755318.zip | |
Fix permission check on IshtarUser instead of User
| -rw-r--r-- | ishtar_common/models.py | 32 | ||||
| -rw-r--r-- | ishtar_common/views.py | 12 |
2 files changed, 32 insertions, 12 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py index a99921740..0eade6891 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -238,9 +238,13 @@ class OwnPerms(object): """ Check if the current object is owned by the user """ - if not hasattr(user, 'ishtaruser'): + if isinstance(user, IshtarUser): + ishtaruser = user + elif hasattr(user, 'ishtaruser'): + ishtaruser = user.ishtaruser + else: return False - query = self.get_query_owns(user.ishtaruser) + query = self.get_query_owns(ishtaruser) if not query: return False query &= Q(pk=self.pk) @@ -251,9 +255,13 @@ class OwnPerms(object): """ Check if the user own some items """ - if not hasattr(user, 'ishtaruser'): + if isinstance(user, IshtarUser): + ishtaruser = user + elif hasattr(user, 'ishtaruser'): + ishtaruser = user.ishtaruser + else: return False - query = cls.get_query_owns(user.ishtaruser) + query = cls.get_query_owns(ishtaruser) if not query: return False return cls.objects.filter(query).count() @@ -261,6 +269,8 @@ class OwnPerms(object): @classmethod def _return_get_owns(cls, owns, values, get_short_menu_class, label_key='cached_label'): + if not owns: + return [] sorted_values = [] if hasattr(cls, 'BASKET_MODEL'): owns_len = len(owns) @@ -296,18 +306,22 @@ class OwnPerms(object): return returned if isinstance(user, User): try: - user = IshtarUser.objects.get(user_ptr=user) + ishtaruser = IshtarUser.objects.get(user_ptr=user) except IshtarUser.DoesNotExist: returned = cls.objects.filter(pk__isnull=True) if values: returned = [] return returned + elif isinstance(user, IshtarUser): + ishtaruser = user + else: + if values: + return [] + return cls.objects.filter(pk__isnull=True) items = [] if hasattr(cls, 'BASKET_MODEL'): - items = list(cls.BASKET_MODEL.objects.filter(user=user).all()) - if not hasattr(user, 'ishtaruser'): - return False - query = cls.get_query_owns(user.ishtaruser) + items = list(cls.BASKET_MODEL.objects.filter(user=ishtaruser).all()) + query = cls.get_query_owns(ishtaruser) if not query and not replace_query: returned = cls.objects.filter(pk__isnull=True) if values: diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 00e5df7e1..8b3e3c488 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -306,9 +306,15 @@ def shortcut_menu(request): items = [] current_items = [] labels[model_name] = {} - for item, shortmenu_class in model.get_owns( - request.user, menu_filtr=current_selected_item, limit=100, - values=['id', 'cached_label'], get_short_menu_class=True): + lbl_key = "cached_label" + if model.SLUG == "warehouse": + lbl_key = "name" + values = ['id', lbl_key] + + owns = model.get_owns( + request.user, menu_filtr=current_selected_item, + limit=100, values=values, get_short_menu_class=True) or [] + for item, shortmenu_class in owns: pk = unicode(item['id']) if shortmenu_class == 'basket': pk = "basket-" + pk |