diff options
| -rw-r--r-- | archaeological_operations/views.py | 2 | ||||
| -rw-r--r-- | ishtar_common/views.py | 40 | 
2 files changed, 22 insertions, 20 deletions
| diff --git a/archaeological_operations/views.py b/archaeological_operations/views.py index c886d9095..9b420f594 100644 --- a/archaeological_operations/views.py +++ b/archaeological_operations/views.py @@ -1,6 +1,6 @@  #!/usr/bin/env python  # -*- coding: utf-8 -*- -# Copyright (C) 2010-2016  Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet> +# Copyright (C) 2010-2017  Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>  # This program is free software: you can redistribute it and/or modify  # it under the terms of the GNU Affero General Public License as diff --git a/ishtar_common/views.py b/ishtar_common/views.py index c99e78b9c..d3c9e0897 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -586,22 +586,30 @@ def get_item(model, func_name, default_name, extra_request_keys=[],          # check rights          own = True  # more restrictive by default          allowed = False -        if request.user.is_authenticated() and \ -                request.user.ishtaruser.has_right('administrator', -                                                  session=request.session): +        if specific_perms: +            available_perms = specific_perms[:] +        else: +            available_perms = ['view_' + model.__name__.lower(), +                               'view_own_' + model.__name__.lower()] +        EMPTY = '' +        if 'type' in dct: +            data_type = dct.pop('type') +        if not data_type: +            EMPTY = '[]' +            data_type = 'json' +        if not request.user.is_authenticated(): +            return HttpResponse(EMPTY, mimetype='text/plain') + +        if request.user.ishtaruser.has_right('administrator', +                                             session=request.session):              allowed = True              own = False          else:              for perm, lbl in model._meta.permissions: -                # if not specific any perm is relevant (read right) -                if specific_perms and perm not in specific_perms: +                if perm not in available_perms:                      continue -                cperm = model._meta.app_label + '.' + perm -                if request.user.has_perm(cperm)\ -                        or cperm in request.user.get_all_permissions() \ -                        or (request.user.is_authenticated() -                            and request.user.ishtaruser.has_right( -                                perm, session=request.session)): +                if request.user.ishtaruser.has_right( +                        perm, session=request.session):                      allowed = True                      if "_own_" not in perm:                          own = False @@ -611,12 +619,6 @@ def get_item(model, func_name, default_name, extra_request_keys=[],          if full == 'shortcut' and 'SHORTCUT_SEARCH' in request.session and \                  request.session['SHORTCUT_SEARCH'] == 'own':              own = True -        EMPTY = '' -        if 'type' in dct: -            data_type = dct.pop('type') -        if not data_type: -            EMPTY = '[]' -            data_type = 'json'          if not allowed:              return HttpResponse(EMPTY, mimetype='text/plain') @@ -898,7 +900,6 @@ def get_item(model, func_name, default_name, extra_request_keys=[],                      table_cols += model.EXTRA_FULL_FIELDS              else:                  table_cols = model.TABLE_COLS -          query_table_cols = []          for cols in table_cols:              if type(cols) not in (list, tuple): @@ -916,6 +917,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[],                          model.CONTEXTUAL_TABLE_COLS[contxt][col]          if full == 'shortcut':              query_table_cols = ['cached_label'] +            table_cols = ['cached_label']          # manage sort tables          manual_sort_key = None @@ -1103,7 +1105,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[],                          if hasattr(model, 'COL_LINK') and k in model.COL_LINK:                              value = link_ext_template.format(value, value)                          res[k] = value -                if full == 'shortcut': +                if full == 'shortcut' and 'cached_label' in res:                      res['value'] = res.pop('cached_label')                  rows.append(res)              if full == 'shortcut': | 
