1 files changed, 18 insertions, 4 deletions

diff --git a/ishtar/furnitures/views.py b/ishtar/furnitures/views.py
index ec61ad339..5848eea64 100644
--- a/ishtar/furnitures/views.py
+++ b/ishtar/furnitures/views.py
@@ -61,7 +61,8 @@ def check_permission(request, action_slug, obj_id=None):
     return menu.items[action_slug].can_be_available(request.user)
 
 def autocomplete_person(request, person_type=None):
-    if not request.user.has_perm('furnitures.view_person'):
+    if not request.user.has_perm('furnitures.view_person', models.Person) and \
+       not request.user.has_perm('furnitures.view_own_person', models.Person) :
         return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
@@ -106,6 +107,9 @@ def autocomplete_town(request):
     return HttpResponse(data, mimetype='text/plain')
 
 def autocomplete_file(request):
+    if not request.user.has_perm('furnitures.view_file', models.File) and \
+       not request.user.has_perm('furnitures.view_own_file', models.File) :
+        return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')
@@ -133,7 +137,7 @@ def get_item(model, func_name, default_name):
         if not type:
             type = 'json'
         request_keys = dict([(field.name,
-                              field.name + (hasattr(field, 'rel') and '__pk' or ''))
+                          field.name + (hasattr(field, 'rel') and '__pk' or ''))
                                     for field in model._meta.fields])
         dct = {}
         for k in request_keys:
@@ -185,8 +189,9 @@ def get_item(model, func_name, default_name):
         elif type == "csv":
             response = HttpResponse(mimetype='text/csv')
             n = datetime.datetime.now()
-            filename = u'%s_%s.csv' % (default_name, n.strftime('%Y%m%d-%H%M%S'))
-            response['Content-Disposition'] = 'attachment; filename=%s' % filename
+            filename = u'%s_%s.csv' % (default_name,
+                                       n.strftime('%Y%m%d-%H%M%S'))
+            response['Content-Disposition'] = 'attachment; filename=%s'%filename
             writer = csv.writer(response, **CSV_OPTIONS)
             col_names = []
             for field_name in model.TABLE_COLS:
@@ -207,6 +212,10 @@ def get_item(model, func_name, default_name):
 get_file = get_item(models.File, 'get_file', 'file')
 
 def autocomplete_operation(request, non_closed=True):
+    if not request.user.has_perm('furnitures.view_operation', models.Operation)\
+       and not request.user.has_perm('furnitures.view_own_operation',
+                                                              models.Operation):
+        return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')
@@ -230,6 +239,11 @@ def autocomplete_operation(request, non_closed=True):
 get_operation = get_item(models.Operation, 'get_operation', 'operation')
 
 def autocomplete_organization(request, orga_type=None):
+    if not request.user.has_perm('furnitures.view_organization',
+                                 models.Organization) and \
+       not request.user.has_perm('furnitures.view_own_organization',
+                                 models.Organization):
+        return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')