diff options
Diffstat (limited to 'ishtar_common')
| -rw-r--r-- | ishtar_common/views_item.py | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py index 008dbd0eb..9ee5b9040 100644 --- a/ishtar_common/views_item.py +++ b/ishtar_common/views_item.py @@ -507,17 +507,6 @@ def show_item(model, name, extra_dct=None, model_for_perms=None, callback=None): if not allowed: raise PermissionDenied() q = model.objects - if own: - meta = model._meta - if not request.user.has_perm( - f"{meta.app_label}.view_own_{meta.model_name}"): - raise PermissionDenied() - """ - TODO: remove - query_own = model.get_query_owns(request.user.ishtaruser) - if query_own: - q = q.filter(query_own).distinct() - """ doc_type = "type" in dct and dct.pop("type") try: url = reverse("show-" + name, args=["0", ""]) @@ -552,13 +541,19 @@ def show_item(model, name, extra_dct=None, model_for_perms=None, callback=None): return show_source_item(request, pk, model, name, dct, extra_dct) q = q.filter(pk=pk) if not q.count(): - return HttpResponse("") + raise PermissionDenied() + + item = q.all()[0] + + if own: + meta = model._meta + if not request.user.has_perm( + f"{meta.app_label}.view_own_{meta.model_name}", item): + raise PermissionDenied() if callback: callback("show_item", request, doc_type, q) - item = q.all()[0] - # list current perms for perm in Permission.objects.filter( codename__startswith='view_').values_list("codename", flat=True).all(): |