Access control: put back the specific Django user permission check

author: Étienne Loks <etienne.loks@iggdrasil.net> 2017-03-29 18:34:24 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2017-03-29 18:35:01 +0200
commit: 0d564dd48cca808bd86f6cfd121f61dac6715e3d (patch)
tree: ae4875254bcc4f56ef8432b207ee127f0979c3ef /ishtar_common/views.py
parent: 40831b3de94aef231530c14f22030b22b6d88c72 (diff)
download: Ishtar-0d564dd48cca808bd86f6cfd121f61dac6715e3d.tar.bz2
Ishtar-0d564dd48cca808bd86f6cfd121f61dac6715e3d.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index d3c9e0897..e483c9476 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -608,8 +608,11 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
             for perm, lbl in model._meta.permissions:
                 if perm not in available_perms:
                     continue
-                if request.user.ishtaruser.has_right(
-                        perm, session=request.session):
+                cperm = model._meta.app_label + '.' + perm
+                if request.user.has_perm(cperm) \
+                        or cperm in request.user.get_all_permissions() \
+                        or request.user.ishtaruser.has_right(
+                            perm, session=request.session):
                     allowed = True
                     if "_own_" not in perm:
                         own = False
author	Étienne Loks <etienne.loks@iggdrasil.net>	2017-03-29 18:34:24 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2017-03-29 18:35:01 +0200
commit	0d564dd48cca808bd86f6cfd121f61dac6715e3d (patch)
tree	ae4875254bcc4f56ef8432b207ee127f0979c3ef /ishtar_common/views.py
parent	40831b3de94aef231530c14f22030b22b6d88c72 (diff)
download	Ishtar-0d564dd48cca808bd86f6cfd121f61dac6715e3d.tar.bz2 Ishtar-0d564dd48cca808bd86f6cfd121f61dac6715e3d.zip