diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-01-09 17:21:58 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:45:56 +0100 |
| commit | 26e3b520a236c6afdf3282b71a4f959b328de551 (patch) | |
| tree | dcc44f34176459360161cde7e27b41d8c736c3eb /ishtar_common/wizards.py | |
| parent | 13f9202121e5470827174079da7fc699a8227295 (diff) | |
| download | Ishtar-26e3b520a236c6afdf3282b71a4f959b328de551.tar.bz2 Ishtar-26e3b520a236c6afdf3282b71a4f959b328de551.zip | |
🐛 add permission for created object to the current user (fix #6118)
Diffstat (limited to 'ishtar_common/wizards.py')
| -rw-r--r-- | ishtar_common/wizards.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py index e5da4c8f6..f7305a573 100644 --- a/ishtar_common/wizards.py +++ b/ishtar_common/wizards.py @@ -32,6 +32,7 @@ from formtools.wizard.views import ( StepsHelper, ) +from django.contrib.contenttypes.models import ContentType from django.contrib.sites.models import Site from django.core.exceptions import ObjectDoesNotExist from django.core.files.images import ImageFile @@ -50,8 +51,8 @@ from django.utils.safestring import mark_safe from ishtar_common import models, models_rest from ishtar_common.forms import CustomForm, reverse_lazy -from ishtar_common.utils import get_all_field_names, get_person_gdpr_log, MultiValueDict,\ - put_session_message +from ishtar_common.utils import get_all_field_names, \ + get_person_gdpr_log, MultiValueDict, put_session_message logger = logging.getLogger(__name__) @@ -1101,6 +1102,7 @@ class Wizard(IshtarWizard): if not lbl and hasattr(obj, "_generate_cached_label"): lbl = obj._generate_cached_label() msg += str(_("{} created.")).format(lbl) + messages.add_message(self.request, messages.INFO, msg) if self.redirect_url: url = reverse(self.redirect_url) @@ -1118,7 +1120,16 @@ class Wizard(IshtarWizard): return return_object and (obj, res) or res def post_save(self): - return + # add permission for the created object to the current user + if self.modification or self.deletion or not self.request.user.ishtaruser: + return + ct = ContentType.objects.get_for_model(self.current_object) + for profile in self.request.user.ishtaruser.person.profiles.all(): + for permission_type in ("view", "change", "delete"): + profile.generate_permission( + ct, permission_type, + obj_id=self.current_object.pk + ) def get_deleted(self, keys): """ |