summaryrefslogtreecommitdiff
path: root/archaeological_finds/forms.py
diff options
context:
space:
mode:
authorÉtienne Loks <etienne.loks@iggdrasil.net>2024-10-16 17:57:13 +0200
committerÉtienne Loks <etienne.loks@iggdrasil.net>2025-02-19 14:43:48 +0100
commitc93dd3812c53d21ab8517dc7af72e1d4b70a1b04 (patch)
tree2153d8fd121f7ecd08a31e4867d58a2eb3c9aab7 /archaeological_finds/forms.py
parentb8eef9b6aaed7ee097f8ea86174067f9ca42abd8 (diff)
downloadIshtar-c93dd3812c53d21ab8517dc7af72e1d4b70a1b04.tar.bz2
Ishtar-c93dd3812c53d21ab8517dc7af72e1d4b70a1b04.zip
♻ permissions refactoring: refactor has_permission methods
Diffstat (limited to 'archaeological_finds/forms.py')
-rw-r--r--archaeological_finds/forms.py13
1 files changed, 8 insertions, 5 deletions
diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py
index 094e6be21..23531aeb0 100644
--- a/archaeological_finds/forms.py
+++ b/archaeological_finds/forms.py
@@ -2619,11 +2619,12 @@ class FindBasketAddItemForm(forms.Form):
basket_id = forms.IntegerField(required=True)
item_id = forms.IntegerField(required=True)
- def save(self, user):
+ def save(self, ishtaruser):
try:
basket = (
models.FindBasket.objects.filter(
- Q(user=user) | Q(shared_with=user) | Q(shared_write_with=user)
+ Q(user=ishtaruser) | Q(shared_with=ishtaruser) |
+ Q(shared_write_with=ishtaruser)
)
.distinct()
.get(pk=self.cleaned_data["basket_id"])
@@ -2634,9 +2635,11 @@ class FindBasketAddItemForm(forms.Form):
raise PermissionDenied
# check rights
if (
- not user.user_ptr.is_superuser
- and not user.has_right("view_find")
- and not (user.has_right("view_own_find") and item.is_own(user))
+ not ishtaruser.user_ptr.is_superuser
+ and not ishtaruser.has_permission("archaeological_finds.view_find")
+ and not ishtaruser.has_permission(
+ "archaeological_finds.view_own_find",
+ obj=item)
):
raise PermissionDenied
basket.items.add(item)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 13:58:39 +0000