Access control: put back the specific Django user permission check

author: Étienne Loks <etienne.loks@iggdrasil.net> 2017-03-29 18:34:24 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2017-03-29 18:35:01 +0200
commit: b97f9e46a2faaa26484ddb1ef76b01602f2f143d (patch)
tree: ae4875254bcc4f56ef8432b207ee127f0979c3ef /ishtar_common/views.py
parent: 3652a2da37df6f107e235ba554e6f5bd02e1a70f (diff)
download: Ishtar-b97f9e46a2faaa26484ddb1ef76b01602f2f143d.tar.bz2
Ishtar-b97f9e46a2faaa26484ddb1ef76b01602f2f143d.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index d3c9e0897..e483c9476 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -608,8 +608,11 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
             for perm, lbl in model._meta.permissions:
                 if perm not in available_perms:
                     continue
-                if request.user.ishtaruser.has_right(
-                        perm, session=request.session):
+                cperm = model._meta.app_label + '.' + perm
+                if request.user.has_perm(cperm) \
+                        or cperm in request.user.get_all_permissions() \
+                        or request.user.ishtaruser.has_right(
+                            perm, session=request.session):
                     allowed = True
                     if "_own_" not in perm:
                         own = False
author	Étienne Loks <etienne.loks@iggdrasil.net>	2017-03-29 18:34:24 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2017-03-29 18:35:01 +0200
commit	b97f9e46a2faaa26484ddb1ef76b01602f2f143d (patch)
tree	ae4875254bcc4f56ef8432b207ee127f0979c3ef /ishtar_common/views.py
parent	3652a2da37df6f107e235ba554e6f5bd02e1a70f (diff)
download	Ishtar-b97f9e46a2faaa26484ddb1ef76b01602f2f143d.tar.bz2 Ishtar-b97f9e46a2faaa26484ddb1ef76b01602f2f143d.zip