diff options
author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-01-24 15:23:23 +0100 |
---|---|---|
committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:45:56 +0100 |
commit | 95d1ac5cc9346c81d8dee6a684fd4c6d79fcdd3f (patch) | |
tree | 194ae92ef78c6ae3ddaf0b46695a94dc7b8234b4 /ishtar_common | |
parent | 60f04b63c44a8f9daebef713321decaf90944db3 (diff) | |
download | Ishtar-95d1ac5cc9346c81d8dee6a684fd4c6d79fcdd3f.tar.bz2 Ishtar-95d1ac5cc9346c81d8dee6a684fd4c6d79fcdd3f.zip |
🐛 fix own permission check (refs #6126)
Diffstat (limited to 'ishtar_common')
-rw-r--r-- | ishtar_common/views_item.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py index ae8c1cd47..89caaef77 100644 --- a/ishtar_common/views_item.py +++ b/ishtar_common/views_item.py @@ -222,12 +222,15 @@ def check_permission(request, action_slug, obj=None): main_menu.init() if action_slug not in main_menu.items: # not an action -> a classic permission + if "." not in action_slug: + return False if request.user.ishtaruser.has_permission(action_slug): return True if not obj: return False - parts = action_slug.split("_") - action_slug = f"{parts[0]}_own_{'_'.join(parts[1:])}" + app, model_name = action_slug.split(".") + parts = model_name.split("_") + action_slug = f"{app}.{parts[0]}_own_{'_'.join(parts[1:])}" return request.user.ishtaruser.has_permission(action_slug, obj) if obj: return main_menu.items[action_slug].is_available( |