diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-07-21 12:56:36 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-07-21 13:30:46 +0200 |
| commit | a6fecd9a9ea412b743aa689d4fa02c7f15fde322 (patch) | |
| tree | d587f8e86f59174f3a1ad71f44c4a7718f0fb68d /ishtar_common/models_imports.py | |
| parent | 592cb91a2b3f7aa6e8696af526a9d99d9bd01935 (diff) | |
| download | Ishtar-a6fecd9a9ea412b743aa689d4fa02c7f15fde322.tar.bz2 Ishtar-a6fecd9a9ea412b743aa689d4fa02c7f15fde322.zip | |
🐛 imports list: fix permissions check
Diffstat (limited to 'ishtar_common/models_imports.py')
| -rw-r--r-- | ishtar_common/models_imports.py | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/ishtar_common/models_imports.py b/ishtar_common/models_imports.py index e09ca2502..3e8914d8d 100644 --- a/ishtar_common/models_imports.py +++ b/ishtar_common/models_imports.py @@ -235,9 +235,10 @@ class ImporterType(models.Model): def __str__(self): return self.name - @classmethod - def is_own(cls, ishtar_user): - return bool(cls.objects.filter(users__pk=ishtar_user.pk).count()) + def is_own(self, ishtar_user): + return bool( + self.__class__.objects.filter(pk=self.pk, users__pk=ishtar_user.pk).count() + ) @property def type_label(self): @@ -1457,22 +1458,33 @@ class BaseImport(models.Model, OwnPerms, SheetItem): def get_permissions_for_actions(cls, user): if not hasattr(user, "ishtaruser") or not user.ishtaruser: return False, False, False, False - can_edit_all, can_delete_all = False, False - can_edit_own, can_delete_own = False, False + permissions = { + "can_view_own": False, + "can_edit_own": False, + "can_delete_own": False, + "can_edit_all": False, + "can_view_all": False, + "can_delete_all": False, + } ishtaruser = user.ishtaruser if ishtaruser.has_permission("ishtaradmin"): - can_edit_all = True - can_delete_all = True - else: - if ishtaruser.has_permission("ishtar_common.change_import"): - can_edit_all = True - elif ishtaruser.has_permission("ishtar_common.change_own_import"): - can_edit_own = True - if ishtaruser.has_permission("ishtar_common.delete_import"): - can_delete_all = True - elif ishtaruser.has_permission("ishtar_common.delete_own_import"): - can_delete_own = True - return can_edit_all, can_delete_all, can_edit_own, can_delete_own + permissions["can_view_all"] = True + permissions["can_edit_all"] = True + permissions["can_delete_all"] = True + return permissions + if ishtaruser.has_permission("ishtar_common.view_import"): + permissions["can_view_all"] = True + elif ishtaruser.has_permission("ishtar_common.view_own_import"): + permissions["can_view_own"] = True + if ishtaruser.has_permission("ishtar_common.change_import"): + permissions["can_edit_all"] = True + elif ishtaruser.has_permission("ishtar_common.change_own_import"): + permissions["can_edit_own"] = True + if ishtaruser.has_permission("ishtar_common.delete_import"): + permissions["can_delete_all"] = True + elif ishtaruser.has_permission("ishtar_common.delete_own_import"): + permissions["can_delete_own"] = True + return permissions @classmethod def query_can_access(cls, user, perm="ishtar_common.view_import"): |