🐛 imports list: fix permissions check

author: Étienne Loks <etienne.loks@iggdrasil.net> 2025-07-21 12:56:36 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2025-07-21 12:56:36 +0200
commit: 0427aa8882916d5b0ffbaca27404263ce69fc78f (patch)
tree: ae2374f7494ddc29cfb8b31c6e486caa36364bd6 /ishtar_common/models_imports.py
parent: f7e7951cba95f8a4e49477832c849c461c7f69fe (diff)
download: Ishtar-0427aa8882916d5b0ffbaca27404263ce69fc78f.tar.bz2
Ishtar-0427aa8882916d5b0ffbaca27404263ce69fc78f.zip
1 files changed, 25 insertions, 11 deletions
diff --git a/ishtar_common/models_imports.py b/ishtar_common/models_imports.py
index cae04298b..510a9ff7d 100644
--- a/ishtar_common/models_imports.py
+++ b/ishtar_common/models_imports.py
@@ -230,9 +230,10 @@ class ImporterType(models.Model):
     def __str__(self):
         return self.name
 
-    @classmethod
-    def is_own(cls, ishtar_user):
-        return bool(cls.objects.filter(users__pk=ishtar_user.pk).count())
+    def is_own(self, ishtar_user):
+        return bool(
+            self.__class__.objects.filter(pk=self.pk, users__pk=ishtar_user.pk).count()
+        )
 
     @property
     def type_label(self):
@@ -1450,19 +1451,32 @@ class BaseImport(models.Model, OwnPerms, SheetItem):
     def get_permissions_for_actions(cls, user, session):
         if not hasattr(user, "ishtaruser") or not user.ishtaruser:
             return False, False, False, False
-        can_edit_all, can_delete_all, can_edit_own, can_delete_own = False, False, False, False
+        permissions = {
+            "can_view_own": False,
+            "can_edit_own": False,
+            "can_delete_own": False,
+            "can_edit_all": False,
+            "can_view_all": False,
+            "can_delete_all": False,
+        }
         if user.is_superuser:
-            can_edit_all = True
-            can_delete_all = True
+            permissions["can_view_all"] = True
+            permissions["can_edit_all"] = True
+            permissions["can_delete_all"] = True
+            return permissions
+        if user.ishtaruser.has_right("view_import", session=session):
+            permissions["can_view_all"] = True
+        elif user.ishtaruser.has_right("view_own_import", session=session):
+            permissions["can_view_own"] = True
         if user.ishtaruser.has_right("change_import", session=session):
-            can_edit_all = True
+            permissions["can_edit_all"] = True
         elif user.ishtaruser.has_right("change_own_import", session=session):
-            can_edit_own = True
+            permissions["can_edit_own"] = True
         if user.ishtaruser.has_right("delete_import", session=session):
-            can_delete_all = True
+            permissions["can_delete_all"] = True
         elif user.ishtaruser.has_right("delete_own_import", session=session):
-            can_delete_own = True
-        return can_edit_all, can_delete_all, can_edit_own, can_delete_own
+            permissions["can_delete_own"] = True
+        return permissions
 
     @classmethod
     def query_can_access(cls, user, perm="view_import"):
author	Étienne Loks <etienne.loks@iggdrasil.net>	2025-07-21 12:56:36 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2025-07-21 12:56:36 +0200
commit	0427aa8882916d5b0ffbaca27404263ce69fc78f (patch)
tree	ae2374f7494ddc29cfb8b31c6e486caa36364bd6 /ishtar_common/models_imports.py
parent	f7e7951cba95f8a4e49477832c849c461c7f69fe (diff)
download	Ishtar-0427aa8882916d5b0ffbaca27404263ce69fc78f.tar.bz2 Ishtar-0427aa8882916d5b0ffbaca27404263ce69fc78f.zip