summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorÉtienne Loks <etienne.loks@peacefrogs.net>2014-02-12 15:55:04 +0100
committerÉtienne Loks <etienne.loks@peacefrogs.net>2014-02-12 15:55:04 +0100
commitf382763bfe106abca8bad5a986afd15703f84d19 (patch)
tree2fbd1da0e461780f06efb0941885be1d09a79cb2
parent5c2c0b08b7dc92a65514e12f03edb4eabb2aa1ba (diff)
parent8de9d4ee352f02c46c41c13d70b7a80fed80b27e (diff)
downloadIshtar-f382763bfe106abca8bad5a986afd15703f84d19.tar.bz2
Ishtar-f382763bfe106abca8bad5a986afd15703f84d19.zip
Merge branch 'newrights'
-rw-r--r--ishtar_common/views.py18
1 files changed, 17 insertions, 1 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index ba5f30918..5fc717c9f 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -188,11 +188,25 @@ HIERARCHIC_FIELDS = ['periods', 'period', 'unit', 'material_type',
PRIVATE_FIELDS = ('id', 'history_modifier', 'order')
def get_item(model, func_name, default_name, extra_request_keys=[],
base_request={}, bool_fields=[], reversed_bool_fields=[],
- dated_fields=[], associated_models=[], relative_session_names={}):
+ dated_fields=[], associated_models=[], relative_session_names={},
+ specific_perms=[]):
"""
Generic treatment of tables
"""
def func(request, data_type='json', full=False, **dct):
+ # check rights
+ own = True # more restrictive by default
+ allowed = False
+ for perm, lbl in model._meta.permissions:
+ # if not specific any perm is relevant (read right)
+ if specific_perms and perm not in specific_perms:
+ continue
+ if request.user.has_perm(perm):
+ allowed = True
+ if "_own_" not in perm:
+ own = False
+ if not allowed:
+ return HttpResponse(None, mimetype='text/plain')
if 'type' in dct:
data_type = dct.pop('type')
if not data_type:
@@ -288,6 +302,8 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
and_reqs.append(reqs)
break
query = Q(**dct)
+ if own:
+ query = query & model.get_query_own(request.user)
for k, or_req in or_reqs:
alt_dct = dct.copy()
alt_dct.pop(k)