From cef27ef0fb1fd5da53955882d74d5bc162231b3e Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Thu, 21 Apr 2016 10:17:29 +0200 Subject: Temporary fix for rights management --- ishtar_common/menu_base.py | 8 ++++---- ishtar_common/views.py | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ishtar_common/menu_base.py b/ishtar_common/menu_base.py index d8ee0775c..7c309d376 100644 --- a/ishtar_common/menu_base.py +++ b/ishtar_common/menu_base.py @@ -89,9 +89,9 @@ class MenuItem: for access_control in self.access_controls: access_control = prefix + access_control if hasattr(user, 'ishtaruser') and \ - user.ishtaruser.has_perm(access_control, self.model, - session=session) or \ + user.ishtaruser.has_perm(access_control, self.model) or\ access_control in user.get_group_permissions(): + # session=session) or \ return True # manage by person type if hasattr(user, 'ishtaruser'): @@ -107,8 +107,8 @@ class MenuItem: prefix = (self.model._meta.app_label + '.') if self.model else '' for access_control in self.access_controls: access_control = prefix + access_control - if user.has_perm(access_control, self.model, obj=obj, - session=session): + if user.has_perm(access_control, self.model, obj=obj): + # session=session): return True # manage by person type if hasattr(user, 'ishtaruser'): diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 296d56648..86664d4e7 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -349,7 +349,9 @@ def get_item(model, func_name, default_name, extra_request_keys=[], # if not specific any perm is relevant (read right) if specific_perms and perm not in specific_perms: continue - if request.user.has_perm(model._meta.app_label + '.' + perm) \ + cperm = model._meta.app_label + '.' + perm + if request.user.has_perm(cperm)\ + or cperm in request.user.get_all_permissions() \ or (request.user.is_authenticated() and request.user.ishtaruser.has_right( perm, session=request.session)): -- cgit v1.2.3