summaryrefslogtreecommitdiff
path: root/ishtar_common
diff options
context:
space:
mode:
authorÉtienne Loks <etienne.loks@iggdrasil.net>2017-03-29 18:34:24 +0200
committerÉtienne Loks <etienne.loks@iggdrasil.net>2017-03-29 18:35:01 +0200
commitb97f9e46a2faaa26484ddb1ef76b01602f2f143d (patch)
treeae4875254bcc4f56ef8432b207ee127f0979c3ef /ishtar_common
parent3652a2da37df6f107e235ba554e6f5bd02e1a70f (diff)
downloadIshtar-b97f9e46a2faaa26484ddb1ef76b01602f2f143d.tar.bz2
Ishtar-b97f9e46a2faaa26484ddb1ef76b01602f2f143d.zip
Access control: put back the specific Django user permission check
Diffstat (limited to 'ishtar_common')
-rw-r--r--ishtar_common/views.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index d3c9e0897..e483c9476 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -608,8 +608,11 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
for perm, lbl in model._meta.permissions:
if perm not in available_perms:
continue
- if request.user.ishtaruser.has_right(
- perm, session=request.session):
+ cperm = model._meta.app_label + '.' + perm
+ if request.user.has_perm(cperm) \
+ or cperm in request.user.get_all_permissions() \
+ or request.user.ishtaruser.has_right(
+ perm, session=request.session):
allowed = True
if "_own_" not in perm:
own = False