diff options
| author | Étienne Loks <etienne.loks@proxience.com> | 2015-12-29 19:17:43 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@proxience.com> | 2015-12-29 19:17:43 +0100 |
| commit | bd14b56fea4482a15ea56174d88922aafa033cde (patch) | |
| tree | da5ecdb6812dccd31a5d520e2f279a5033528f64 | |
| parent | 64da07dfc6489858c151766ac07f22aba4ceb59f (diff) | |
| download | Ishtar-bd14b56fea4482a15ea56174d88922aafa033cde.tar.bz2 Ishtar-bd14b56fea4482a15ea56174d88922aafa033cde.zip | |
An administrator can really see everythings!
| -rw-r--r-- | ishtar_common/views.py | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py index a18673b44..1320517ff 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -325,18 +325,24 @@ def get_item(model, func_name, default_name, extra_request_keys=[], # check rights own = True # more restrictive by default allowed = False - for perm, lbl in model._meta.permissions: - # if not specific any perm is relevant (read right) - if specific_perms and perm not in specific_perms: - continue - if request.user.has_perm(model._meta.app_label + '.' + perm) \ - or (request.user.is_authenticated() - and request.user.ishtaruser.has_right( - perm, session=request.session)): - allowed = True - if "_own_" not in perm: - own = False - break # max right reach + if request.user.is_authenticated() and \ + request.user.ishtaruser.has_right('administrator', + session=request.session): + allowed = True + own = False + else: + for perm, lbl in model._meta.permissions: + # if not specific any perm is relevant (read right) + if specific_perms and perm not in specific_perms: + continue + if request.user.has_perm(model._meta.app_label + '.' + perm) \ + or (request.user.is_authenticated() + and request.user.ishtaruser.has_right( + perm, session=request.session)): + allowed = True + if "_own_" not in perm: + own = False + break # max right reach if force_own: own = True EMPTY = '' |