An administrator can really see everythings!

author: Étienne Loks <etienne.loks@proxience.com> 2015-12-29 19:17:43 +0100
committer: Étienne Loks <etienne.loks@proxience.com> 2015-12-29 19:17:43 +0100
commit: bd14b56fea4482a15ea56174d88922aafa033cde (patch)
tree: da5ecdb6812dccd31a5d520e2f279a5033528f64 /ishtar_common/views.py
parent: 64da07dfc6489858c151766ac07f22aba4ceb59f (diff)
download: Ishtar-bd14b56fea4482a15ea56174d88922aafa033cde.tar.bz2
Ishtar-bd14b56fea4482a15ea56174d88922aafa033cde.zip
1 files changed, 18 insertions, 12 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index a18673b44..1320517ff 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -325,18 +325,24 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
         # check rights
         own = True  # more restrictive by default
         allowed = False
-        for perm, lbl in model._meta.permissions:
-            # if not specific any perm is relevant (read right)
-            if specific_perms and perm not in specific_perms:
-                continue
-            if request.user.has_perm(model._meta.app_label + '.' + perm) \
-                    or (request.user.is_authenticated()
-                        and request.user.ishtaruser.has_right(
-                            perm, session=request.session)):
-                allowed = True
-                if "_own_" not in perm:
-                    own = False
-                    break  # max right reach
+        if request.user.is_authenticated() and \
+                request.user.ishtaruser.has_right('administrator',
+                                                  session=request.session):
+            allowed = True
+            own = False
+        else:
+            for perm, lbl in model._meta.permissions:
+                # if not specific any perm is relevant (read right)
+                if specific_perms and perm not in specific_perms:
+                    continue
+                if request.user.has_perm(model._meta.app_label + '.' + perm) \
+                        or (request.user.is_authenticated()
+                            and request.user.ishtaruser.has_right(
+                                perm, session=request.session)):
+                    allowed = True
+                    if "_own_" not in perm:
+                        own = False
+                        break  # max right reach
         if force_own:
             own = True
         EMPTY = ''
author	Étienne Loks <etienne.loks@proxience.com>	2015-12-29 19:17:43 +0100
committer	Étienne Loks <etienne.loks@proxience.com>	2015-12-29 19:17:43 +0100
commit	bd14b56fea4482a15ea56174d88922aafa033cde (patch)
tree	da5ecdb6812dccd31a5d520e2f279a5033528f64 /ishtar_common/views.py
parent	64da07dfc6489858c151766ac07f22aba4ceb59f (diff)
download	Ishtar-bd14b56fea4482a15ea56174d88922aafa033cde.tar.bz2 Ishtar-bd14b56fea4482a15ea56174d88922aafa033cde.zip